'Gozi' Virus Creators Charged By FBI With Stealing Millions From Online Bank Customers

A crest of the Federal Bureau of Investigation is seen 03 August 2007 inside the J. Edgar Hoover FBI Building in Washington,
A crest of the Federal Bureau of Investigation is seen 03 August 2007 inside the J. Edgar Hoover FBI Building in Washington, DC. AFP PHOTO/Mandel NGAN (Photo credit should read MANDEL NGAN/AFP/Getty Images)

Federal authorities announced Wednesday they had disrupted a massive cybercrime ring, charging three alleged hackers with using "one of the most financially destructive computer viruses in history" to steal millions of dollars from banks around the world.

Authorities said the three alleged hackers -- Nikita Kuzmin, Mihai Paunescu and Deniss Calovskis – played roles in a “far-reaching and devastating" scheme that used a computer virus to infect at least one million computers, including 40,000 in the United States. Among the victims were businesses and government entities, including NASA, authorities said.

The hackers disguised the virus, dubbed "Gozi," by making it look like an innocent PDF document, authorities said. But when victims opened it, the file secretly installed malicious software on their computers and began siphoning their bank account numbers, usernames and passwords. The hackers used that data to transfer funds out of the victims’ accounts, resulting in the theft of "tens of millions of dollars," authorities said.

The scheme began in 2005 when Kuzmin, who is Russian, hired a programmer to write code for the virus. He began selling the code to other hackers for $50,000, plus a cut of the profits, on underground Internet forums, authorities said.

He was arrested in 2010, pleaded guilty and began cooperating with authorities. If convicted, he faces a maximum sentence of up to 95 years in prison.

Calovskis, a programmer from Latvia, allegedly helped created the virus, which deceived online banking customers by tricking them into revealing additional information, such as their Social Security number, mother’s maiden name, driver’s license, ATM number and date of birth. He was arrested last month in Latvia and awaits extradition. He faces up to 67 years in prison if convicted.

Paunescu, from Romania, allegedly provided a Web hosting service that helped the alleged hackers disguise their identities from authorities. He was arrested in Romania in November and awaits extradition. If convicted, he faces up 60 years in prison.

"This case should serve as a wake-up call to banks and consumers alike, because cybercrime remains one of the greatest threats we face, and it is not going away any time soon," Manhattan U.S. Attorney Preet Bharara said in a statement announcing the charges.

The FBI’s investigation, which began in 2010, involved the help of law enforcement and intelligence authorities in Latvia, Romania, Moldova, the Netherlands, Germany, Finland, Switzerland and the UK.

In addition to the arrests, authorities seized 51 servers, laptops, desktops and external hard drives.

“That vast pile of data is almost certain to aid criminal investigations in FBI offices around the country, as well as law enforcement agencies around the world,” FBI Assistant Director in Charge George Venizelos said in a statement.



Arrested Over Facebook