U.S. charges Eastern European cyber thieves with stealing banking data from NASA, others
US law enforcement on Wednesday announced charges against three alleged East European cyber thieves accused of stealing banking information from computers across Europe and the United States, including at the space agency NASA.
The “alleged international cyber criminals (were) responsible for creating and distributing a computer virus that infected over one million computers — at least 40,000 of which were in the US — and caused millions in losses by, among other things, stealing online banking credentials,” the federal prosecutor’s office in Manhattan said.
The defendants used a malicious computer code or malware dubbed the “Gozi Virus” to hack into bank accounts and “steal millions of dollars,” stated the indictment against one of the defendants, Deniss Calovskis, who is also known as “Miami.”
Prosecutors say the ultra sophisticated scam unfolded between 2005 and March 2012 and that the virus was “virtually undetectable in the computers it infected.” First, it was implanted in computers across Europe “on a vast scale,” then around 2010 it spread to the United States, the Calovskis indictment said.
In the United States, “more than 160 were computers belonging to the National Aeronautics and Space Administration (NASA)” were infected, the indictment said.
Financial losses caused by the Gozi Virus hit “at a minimum, millions of dollars,” the indictment said.
Calovskis, a computer programming expert, has been arrested in his home country of Latvia, the Manhattan federal prosecutor’s office told AFP.
The virus’ alleged designer and “chief architect,” Nikita Kuzmin, from Russia, was in US custody, while the third man, Mihai Ionut Paunescu from Romania and nicknamed “Virus,” was in Romanian custody, prosecutors said.
Paunescu operated what’s known as a “bulletproof hosting” service that allows cyber criminals to operate beyond the reach of law enforcement, the indictment against him says.
The Romanian would rent thieves safe IP addresses and servers which were then used to spread malware, including the Gozi Virus, the Zeus Trojan and SpyeEye Trojan, the charges said.
Collectively, these viruses “have infected millions of computers around the world, targeted numerous banks in the United States and elsewhere, including at least one major United States bank headquartered in Manhattan,” the indictment said.
Kuzmin, the indictment against him says, “hired a sophisticated computer programmer to write the virus’ source code” for the Gozi, so that he could embark on large-scale theft.
“After months of work, (the unnamed programmer) completed work on the source code for the Gozi Virus and provided it to Kuzmin,” who in turn rented the virus out to other criminals, the indictment says.
These co-conspirators were enabled to tailor the Gozi Virus to their own goals, whether for stealing passwords or other data. Kuzmin allegedly called this business the “76 Service.”
Calovskis, the Latvian, was described as having used his expertise in computer programming to create “web injects,” a code that alters how banking websites appear on infected computers, prompting victims into revealing more personal information, such as social security numbers.