Russian Charged With Running $100 Million Data Theft Plot

An accused Russian hacker faces U.S. charges over his suspected development of malicious computer software that cybercriminals used to steal more than $100 million from businesses and consumers since 2011.

Evgeniy Mikhailovich Bogachev, 30, ran a criminal ring responsible for Gameover Zeus and Cryptolocker, a form of malware known as ransomware, the U.S. Justice Department said in papers unsealed today in Pittsburgh federal court. Zeus infected hundreds of thousands of computers worldwide, the U.S. said. Bogachev remains at large. He was last known to live in Anapa, Russia, and also owns property in Krasnodar, according to a Federal Bureau of Investigations wanted poster.

“This operation disrupted a global botnet that had stolen millions from businesses and demanded payments for giving users access to their own files and data,” Deputy Attorney General James Cole said today at a news conference in Washington.

The charges follow the arrests of about 90 people in more than a dozen countries last month in a U.S.-led crackdown on the makers and users of software designed to steal identities and remotely control computers.

Gameover Zeus allowed Bogachev to remotely turn infected computers into a botnet, a global network that silently siphoned financial and other valuable information, prosecutors said. A system infected by the program can be used to send spam, take part in denial-of-service attacks and harvest users’ credentials for online services, including banking, according to the U.S. Computer Emergency Readiness Team website.

Million Infections

Early versions of Zeus software began appearing in 2007, the Justice Department said in its statement. Gameover Zeus, which first emerged in September 2011, has infected about 1 million computers worldwide, about 25 percent of which are located in the U.S, resulting in financial losses in the hundreds of millions of dollars, according to the U.S.

Victims included a composite-materials company in western Pennsylvania, an American Indian tribe in Washington and an assisted-living facility in eastern Pennsylvania, prosecutors said. A regional bank in northern Florida lost almost $7 million after an unauthorized wire transfer was initiated with credentials stolen by Bogachev’s group, according to court documents.

An arrest warrant has been issued for Bogachev, also known by the online nicknames Slavik and Pollingsoon, according to court papers. He faces charges including conspiracy, money laundering, bank fraud and wire fraud.

Cryptolocker Servers

Separately, U.S. and foreign law enforcement officials seized computer servers central to Cryptolocker in a joint operation in 10 countries including Canada, Germany, the Netherlands and the U.K., the Justice Department said in a statement.

Bogachev was indicted by a federal grand jury in Omaha in 2012 under the nickname Lucky12345. A criminal complaint issued there on May 30 ties the nickname to Bogachev and charges him with conspiracy to commit bank fraud related to his alleged involvement in the operation of a version of Zeus malware known as Jabber Zeus, the FBI said.

Gameover Zeus is a common distribution mechanism for Cryptolocker, which first emerged late last year and has infected more than 230,000 computers worldwide, according to court documents.

While Gameover Zeus worked secretly to steal information, Cyrptolocker was blunt: a victim opened an infected e-mail and soon the “ransomware” took over the computer, encrypting everything from family photographs to work projects.

Police Ransom

Victims were charged as much as $700 to unlock their files. The malware infected personal computers and those at businesses. A Massachusetts police department had to pay a ransom to unlock its files, Cole said.

More than $27 million in ransom payments were made in the first two months after Cryptolocker’s debut, the Justice Department said.

FBI and Ukranian officials seized and copied key command centers in Kiev and Donetsk starting on May 7, Leslie Caldwell, the assistant attorney general in charge of the Justice Department’s criminal division, said today.

Prosecutors obtained sealed charges against Bogachev on May 19 and by May 28 got court orders allowing prosecutors to stop infected computers from communicating with Gameover Zeus’s command centers, Caldwell said.

A coordinated weekend operation seized servers around the globe resulting in more than 300 computers being freed from the botnet, Caldwell said.

The case is U.S. v. Bogachev, 14-cr-00127, U.S. District Court, Western District of Pennsylvania (Pittsburgh).