US charges hackers responsible for attacking NASA, banks

US charges hackers responsible for attacking NASA, banks

Summary: Three hackers who siphoned money out of banks for two years before their malware was even identified have been charged for their crimes.

TOPICS: Security

The United States has charged three young Eastern European men with running an international cybertheft ring that broke into 1 million computers, including at the National Aeronautics and Space Administration (NASA).

The trio used a piece of malware, dubbed the Gozi Virus, to infiltrate computers across Europe, then America, causing "millions in losses by, among other things, stealing online banking credentials," the federal prosecutor's office said on Wednesday.

The alleged designer and "chief architect" of the virus, Russian national Nikita Kuzmin, 25, was detained on US soil back in 2010, and pleaded guilty the following year, agreeing to cooperate with investigators.

His virus' primary purpose was to steal personal bank account information, including usernames and passwords. He created it in 2005, but it was only identified in 2007 by security researchers who managed to discover it siphoning funds out of bank accounts.

According to the FBI, the Gozi virus has infected over 1 million computers worldwide, including more than 160 computers belonging to the space agency NASA. The FBI has placed the losses to individuals, businesses, and government entities in the tens of millions of dollars.

Deniss Calovskis, known as "Miami," 27, was arrested in his native Latvia in November, and charged with writing some of the computer code in the Gozi Virus.

Calovski's refinements to the Gozi Virus include injecting additional code into users' browsers when they accessed their online banking services — also known as a man in the browser attack — which tricked users into giving up specific personal information that would be needed to commandeer their account. Such information included the user's mother's maiden name, social security number, driver's licence information, and PIN.

Mihai Ionut Paunescu, nicknamed "Virus," 28, was arrested in his home country of Romania in December, and charged with running a so-called "bulletproof hosting" service that enabled distribution of the Gozi and other viruses. Not to be confused with the legitimate Australian web host by the same name, bulletproof hosting services has no, or more lenient, terms of use that allow customers to use servers for questionable or even illegal purposes. This may range from serving pornography to sending spam and conducting attacks on others.

FBI assistant director-in-charge George Venizelos said: "This long-term investigation uncovered an alleged international cybercrime ring whose far-reaching schemes infected at least 1 million computers worldwide and 40,000 in the US, and resulted in the theft or loss of tens of millions of dollars."

Manhattan chief federal prosecutor Preet Bharara likened the alleged gang to the notorious American bank robber William "Willie" Sutton. But, he added, "As we have seen with increasing frequency, cybercriminals' bank heists require neither a mask nor a gun, just a clever program and an internet connection.

"This case should serve as a wake-up call to banks and consumers alike, because cybercrime remains one of the greatest threats we face, and it is not going away any time soon."

The FBI worked with Britain, Finland, Germany, the Netherlands, Latvia, Moldova, Romania, and Switzerland over a two-and-a-half-year period, seizing 51 servers in Romania alone, and 250 terabytes of information.

Topic: Security

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Man in the browser attacks

    Haven't been so far well described in even the tech media so far -- for those interested in a good intro to it, Google up "Review of Browser Extensions, a Man-in-theBrowser Phishing Techniques Targeting Bank Customers" by Nattakant Utakrit (School of Computer and Security Science, Edith Cowan University in Australia.)
  • The ages are getting younger...

    Let's see. Kuzmin, 25, if the age refers to today, arrested in 2010 (23?) and he created the bug in 2005 would make him roughly 18-19 when he wrote it. Sounds about average. After extradition, and all that great stuff, I wonder what government group he'll be employed by? I jest, of course, or do I?
  • Losses? What Losses?

    "The FBI has placed the losses to individuals, businesses, and government entities in the tens of millions of dollars."

    What? None of these people, businesses, government agencies have Accountant who check bank balances and resolve discrepancies? None reported thefts? Or perhaps this is another of those cases where the Gov slaps a vow of silence on the victims, thus enabling crimes?

    Every day we hear claims that the Gov has uncovered some vast financial criminal genius, and then we hear claims that the Gov needs more power, more "enforcement", and more money.

    Enough already! Either show us the facts, figures, the evidence, and show us what specific actions the Gov undertook to identify and capture these "evil criminal masterminds", or else stop asking for additional money to do the job you're already funded and paid to do.

    But most importantly, stop making assertions of catastrophe unless you are willing to back them up, in the court of public opinion.