US charges hackers responsible for attacking NASA, banks

Summary:Three hackers who siphoned money out of banks for two years before their malware was even identified have been charged for their crimes.

The United States has charged three young Eastern European men with running an international cybertheft ring that broke into 1 million computers, including at the National Aeronautics and Space Administration (NASA).

The trio used a piece of malware, dubbed the Gozi Virus, to infiltrate computers across Europe, then America, causing "millions in losses by, among other things, stealing online banking credentials," the federal prosecutor's office said on Wednesday.

The alleged designer and "chief architect" of the virus, Russian national Nikita Kuzmin, 25, was detained on US soil back in 2010, and pleaded guilty the following year, agreeing to cooperate with investigators.

His virus' primary purpose was to steal personal bank account information, including usernames and passwords. He created it in 2005, but it was only identified in 2007 by security researchers who managed to discover it siphoning funds out of bank accounts.

According to the FBI, the Gozi virus has infected over 1 million computers worldwide, including more than 160 computers belonging to the space agency NASA. The FBI has placed the losses to individuals, businesses, and government entities in the tens of millions of dollars.

Deniss Calovskis, known as "Miami," 27, was arrested in his native Latvia in November, and charged with writing some of the computer code in the Gozi Virus.

Calovski's refinements to the Gozi Virus include injecting additional code into users' browsers when they accessed their online banking services — also known as a man in the browser attack — which tricked users into giving up specific personal information that would be needed to commandeer their account. Such information included the user's mother's maiden name, social security number, driver's licence information, and PIN.

Mihai Ionut Paunescu, nicknamed "Virus," 28, was arrested in his home country of Romania in December, and charged with running a so-called "bulletproof hosting" service that enabled distribution of the Gozi and other viruses. Not to be confused with the legitimate Australian web host by the same name, bulletproof hosting services has no, or more lenient, terms of use that allow customers to use servers for questionable or even illegal purposes. This may range from serving pornography to sending spam and conducting attacks on others.

FBI assistant director-in-charge George Venizelos said: "This long-term investigation uncovered an alleged international cybercrime ring whose far-reaching schemes infected at least 1 million computers worldwide and 40,000 in the US, and resulted in the theft or loss of tens of millions of dollars."

Manhattan chief federal prosecutor Preet Bharara likened the alleged gang to the notorious American bank robber William "Willie" Sutton. But, he added, "As we have seen with increasing frequency, cybercriminals' bank heists require neither a mask nor a gun, just a clever program and an internet connection.

"This case should serve as a wake-up call to banks and consumers alike, because cybercrime remains one of the greatest threats we face, and it is not going away any time soon."

The FBI worked with Britain, Finland, Germany, the Netherlands, Latvia, Moldova, Romania, and Switzerland over a two-and-a-half-year period, seizing 51 servers in Romania alone, and 250 terabytes of information.

Topics: Security

About

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.