Global hackers are thwarted by FBI, Europe in $100M heist

Register now

(Bloomberg) --U.S. and European law enforcement officials on Thursday said they had dismantled a global organized cybercrime network, which used malware to steal banking login details in an attempt to pocket about $100 million from thousands of businesses.

A federal grand jury in Pittsburgh charged ten members of the network, and other criminal prosecutions have begun in Georgia, Moldova and Ukraine, the European Union’s agency for law enforcement cooperation Europol said in a statement. Five Russian nationals charged in the indictment are on the run, the agency said, including the developer of the malware.

In what Europol called a "highly specialized and international criminal network," the members -- spread across Georgia, Moldova, Bulgaria, Ukraine, and Russia -- sent spear-phishing emails to infect computers with malware, dubbed GozNym, designed to capture login details. That allowed the members to steal money from the bank accounts and launder the funds using U.S. and foreign bank accounts.

"It was truly the scope of this organization that made this campaign so dangerous," Scott W. Brady, U.S. attorney for the Western District of Pennsylvania, said at a press conference at Europol’s headquarters in the Hague.

The cyber investigative team at the Federal Bureau Investigation’s Pittsburgh field office initiated the investigation, which accelerated in 2016 after officials took down the Avalanche network. That network provided online hosting services to dozens of some of the largest malware campaigns, including GozNym.

"We identified over 41,000 victims, unsuspecting citizens of European and North American countries who thought they were clicking on a simple invoice as part of their business," Brady said."Instead, they were giving hackers access to their most personal and sensitive information." He said targeted businesses included law firms, mom-and-pop businesses, international corporations and non-profit organizations.

The network formed after members each advertised their technical skills and services on underground, Russian-speaking online forums and were then recruited by the group’s leader, who controlled more than 41,000 computers infected with the GozNym malware. The accomplices used encryption techniques so the malware could avoid detection by antivirus tools and protective software, Europol said.

Once infected, money was then wired to other accounts or withdrawn from ATMs in order to be distributed to members of the network. Officials from Bulgaria, Germany, Georgia, Moldova, Ukraine and the U.S. coordinated searches and shared evidence to track down the alleged criminals.

In a house search in Ukraine, one of the accused individuals resisted arrest by opening fire on officials, Ukraine’s first Deputy Prosecutor Dmytro Storozhuk said at the press conference, adding that no one was injured during the operation.

The wider investigation was also supported by Europol and Eurojust, the EU’s judicial cooperation unit.

Bloomberg News