Three alleged hackers were charged by the U.S. with distributing a virus that infected more than 1 million computers worldwide, allowing thieves to steal bank data and siphon millions of dollars from online accounts.
Prosecutors in the office of U.S. Attorney Preet Bharara in Manhattan today unsealed criminal charges against Mihai Ionut Paunescu, Deniss Calovskis and Nikita Kuzmin for allegedly creating and distributing the Gozi virus.
Paunescu, a Romanian citizen also known as “Virus,” is in custody in Romania, according to a person familiar with the matter who spoke on condition of anonymity because the information is not yet public. Calovskis, a citizen of Latvia, is in custody in that country and Kuzmin, a citizen and resident of Russia, is in U.S. custody, the person said.
At least 40,000 computers in the U.S. were infected, including more than 160 belonging to the National Aeronautics and Space Administration, prosecutors said. Gozi also infected computers in Germany, the U.K., Poland, France, Finland, Italy and Turkey, according to the U.S.
Kuzmin began designing Gozi in 2005 to steal bank account information belonging to individuals and businesses and hired a co-conspirator to write the virus’s source code, prosecutors said in a criminal information filed under seal in 2011.
Kuzmin rented the virus to criminals through what he called “76 Service” from 2006 to 2008, the U.S. said. He then sold the source code to co-conspirators in 2009 and 2010, for at least $50,000 a sale, plus a share of the buyers’ illegal profits, prosecutors said. The alleged co-conspirators weren’t named in court filings.
Kuzmin faces seven criminal charges, including conspiracy, bank fraud, computer intrusion and access device fraud.
Paunescu, who was charged with three counts of conspiracy in a sealed indictment this year, operated a so-called bulletproof hosting service using computers in the U.S. and Romania, prosecutors said.
The service provided Internet protocol addresses and servers that allowed computer criminals to evade detection by law enforcement, according to the U.S.
Paunescu’s service helped in the distribution of malicious software, including Gozi, the Zeus Trojan and the SpyEye Trojan, used to target banks, according to the indictment. His service also helped criminals send spam e-mails and execute distributed denial of service attacks, according to the indictment.
In May, Paunescu or his co-conspirators obtained the login for an EBay Inc. account from one of the infected NASA computers, according to the indictment.
A 2012 indictment unsealed Wednesday charges Calovskis, also known as Miami, with five counts of conspiracy. Prosecutors say he was hired by a co-conspirator, also not identified, to develop computer code known as “Web injects,” which changed the appearance of banking websites that were viewed on infected computers. The Web injects were used to fool victims into providing personal information that was used by others to steal from their accounts, prosecutors said.
In 2011, the U.S. charged one Russian and six Estonians in a computer intrusion scheme that used malicious software to manipulate online advertising, divert users to rogue servers and infect more than 4 million computers. Victims included at least 500,000 U.S. individuals, businesses and government agencies, including NASA, prosecutors said at the time.
The cases are U.S. v. Kuzmin, 11-CR-387; U.S. v. Calovskis, 12-CR-487; U.S. v. Paunescu, 13-CR-41, U.S. District Court, Southern District of New York (Manhattan).
© Copyright 2013 Bloomberg News. All rights reserved.