- Malware infected more than 1 million computers worldwide
- Virus creator pleaded guilty, cooperated against underlings
A Russian who admitted creating a computer virus that infected more than 1 million computers worldwide was spared from additional prison time on top of the the three years he’s already spent locked up after U.S. prosecutors lauded his cooperation with their probe.
Nikita Kuzmin, who was arrested in 2010 and pleaded guilty in 2011, was sentenced Monday to the 37 months he has served in custody. He was also ordered by U.S. District Judge Kimba Wood in Manhattan to pay $6.9 million in forfeiture and restitution.
Kuzmin and two others developed computer malware called the “Gozi Virus” that allowed them to steal money from bank accounts across the U.S. and Europe and cause tens of millions of dollars in losses, prosecutors said.
Prosecutor Nicole Friedlander told the judge Kuzmin was motivated by greed, and that after stealing other people’s money with the virus, he spent lavishly on a luxury sports cars and “extravagant travel and entertainment in Europe and Russia.”
Friedlander also said Kuzmin had provided “substantial” assistance to the government but the details were in a letter to the judge sealed from public view.
The virus would infect a victim’s computer typically after a document was downloaded and opened, and could secretly collect data about the user’s bank accounts, including the username and password, according to the U.S.
Security experts later determined that a server which had data stolen by the virus retained 10,000 accounts belonging to more than 5,200 personal computer users, including more than 160 belonging to the National Aeronautics and Space Administration, prosecutors said. Gozi also infected computers in Germany, the U.K., Poland, France, Finland, Italy and Turkey, according to the U.S.
Deniss Calovskis, a Latvian who wrote some of the computer code that enabled the virus to target particular banks, pleaded guilty last year and was sentenced in January to the 21 months he’d already spent in U.S. custody. A third man, Mihai Ionut Paunescu, was arrested in Romania in December 2012 and awaits extradition to the U.S., according to Manhattan U.S. Attorney Preet Bharara.
The case is one of several recent prosecutions brought by Bharara targeting computer hacking and fraud. Bharara last year charged a group of people behind a multiyear criminal enterprise centered on hacks of publishing and financial firms, including JPMorgan Chase & Co.
In March, prosecutors charged hackers linked to the Iranian government for cyber-attacks on at least four dozen U.S. financial institutions and a flood-control dam north of New York City.
Last week, an Estonian man who admitted directing what the U.S. called a massive “cybercriminal enterprise” that infected more than 4 million computers in 100 countries was sentenced in Manhattan to more than seven years in prison.
The case is U.S. v. Kuzmin, 11-cr-00387, U.S. District Court, Southern District of New York (Manhattan).