US indicts 10 cybercrims over alleged $100m GozNym hacking spree

THE US HAS INDICTED 10 European cybercriminals in connection with the GozNym malware campaign in 2015 and 2016.

The alleged fraud raised $100m in revenues for the attackers, according to the indictments.

The defendants are from six countries, with a number of them currently awaiting trial in Europe. Five are Russians who remain at large in their country and who are unlikely to either face justice in their own country, or be extradited to face justice in either the US or Europe. 

The charges framed against these people include conspiracy to commit bank fraud, conspiracy to commit computer fraud and money laundering.

An 11th offender in a related case was extradited from Bulgaria to the US in 2016. He pleaded guilty in Pittsburgh federal court last month, and is scheduled to be sentenced in August.

"It represents a paradigm change in how we prosecute cybercrime," Scott Brady, the US attorney in Pittsburgh told Associated Press.

According to Brady, this case reflects a new model of international collaboration, in which European officials started prosecutions against defendants in their own countries after they were provided with evidence by US officials.

The people charged were alleged members of the GozNym malware network that infected nearly 41,000 systems with a banking Trojan. The malware enabled attackers to remotely hijack infected machines and ransack the bank accounts of victims.

The organisations targeted included a law firm based in a Mississippi casino, a Texas church, Washington law firm, and a furniture business in California.

The malware relied on spam emails that, once opened, enabled attackers to record keystrokes from the victims' machines and then to steal bank account login credentials. The malicious links were served through the Avalanche hosting service, which was eventually taken down in December 2016 by security agencies.

The offenders carried out attacks between October 2015 and December 2016.

Alexander Konovolov, 35, was the leader of the group, according to officials. He is from Georgia and recruited several other members in the group. The defendants advertised their specialised hacking services on secretive online criminal forums, according to the court documents.

The five Russians in the case remain fugitive and are unlikely to be extradited to face justice, or to face justice in Russia.

Brady said that investigating agencies are trying to recover stolen funds in the case, although the task is challenging in international cybercrime cases.

"Proceeds were converted to bitcoin and, without the private key, it is really hard to identify and access, let alone seize, those accounts," Brady added. µ

Comments are closed.