46°F
weather icon Partly Cloudy
Las Vegas, NV
Nation and World

US, European officials charge 10 in $100M global malware case

A July 27, 2008, file photo shows a, LED-illuminated wireless router in Philadelphia. Officials ...
A July 27, 2008, file photo shows a, LED-illuminated wireless router in Philadelphia. Officials from the United States and Europe are announcing charges against 10 people in connection with malicious software attacks that infected tens of thousands of computers and caused more than $100 million in financial losses. (AP Photo/Matt Rourke, File)
This undated poster released by the FBI includes five Russian fugitives that have been charged ...
This undated poster released by the FBI includes five Russian fugitives that have been charged in connection with malicious software attacks that infected tens of thousands of computers worldwide and caused more than $100 million in financial losses. (FBI Pittsburgh Field Office via AP)
More Stories
FILE - Kash Patel, former chief of staff to Acting Secretary of Defense Christopher Miller, spe ...
Trump taps loyalist Patel for FBI director, sign of possible agency change
Backdropped by a Lebanese village an Israeli army position sits near the Israeli-Lebanese borde ...
Ceasefire deal in Lebanon appears to be holding
CORRECTS SURNAME.- Orna Weinberg stands at the damaged dining hall, that was hit by a rocket fi ...
Israelis wary of returning to the north
Israeli soldiers stand atop army armoured vehicles outside the agricultural settlement of Avivi ...
Israel, Lebanon cease-fire holds despite claims of breach
By Eric Tucker Associated Press
May 16, 2019 - 8:39 am
 

WASHINGTON — Ten people, including five Russian fugitives, have been charged in connection with malicious software attacks that infected tens of thousands of computers worldwide and caused more than $100 million in financial losses, U.S. and European authorities announced Thursday.

The malware enabled criminals from Eastern Europe to take remote control of infected computers and siphon funds from victims’ bank accounts, and targeted companies and institutions across all sectors of American life. Victims included a Washington law firm, a church in Texas, a furniture business in California, a casino in Mississippi and a Pennsylvania asphalt and paving business.

Several defendants are awaiting prosecution in Europe, and five are Russians who remain fugitives in that country. An 11th participant in the conspiracy was extradited to the United States from Bulgaria in 2016 and pleaded guilty last month in a related case in federal court in Pittsburgh, where Thursday’s indictment was brought.

Though the Justice Department has pursued multiple malware prosecutions in recent years against foreign hackers, this case stands out as a novel model of international collaboration , said Scott Brady, the U.S. attorney in Pittsburgh.

American authorities did not seek the immediate extradition of all 10 defendants. Extradition is an often cumbersome process that can take years of negotiations, even in countries that have treaties with the U.S. Instead, they shared evidence with their European counterparts to allow officials in Ukraine, Moldova and Georgia to initiate prosecutions in the countries where the defendants reside.

Change in prosecution

“It represents a paradigm change in how we prosecute cybercrime,” Brady said in an interview with The Associated Press before a news conference in The Hague with representatives of six countries.

Cybercrime networks “are increasingly targetable” when investigators work together, Robert Jones, the FBI special agent in charge of the Pittsburgh office, said at the news conference. “International cooperation is no longer a nicety, it’s a requirement,” he said.

Other law enforcement officials also said the strategy represents the new face of combating high-tech crime.

Cybercrime has no borders, and criminals have taken advantage of the legal complexities of trying to fight it, said Steven Wilson, head of the European CyberCrime Centre at Europol. “Only through international cooperation can we hope to tackle it,” he said, adding the charges “provide for a safer internet for all of us.”

The charges in the indictment include conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud and conspiracy to commit money laundering.

The investigation was an outgrowth of the Justice Department’s dismantling in 2016 of a network of computer servers, known as Avalanche, which hosted more than 20 different types of malware.

Started in online criminal forums

GozNym, the malware cited in Thursday’s case, was among the ones hosted on the network and was designed to automate the theft of sensitive personal and financial information. Law enforcement officials say it was formed by the defendants as they advertised their technical skills in underground, Russian-language online criminal forums.

The defendants had different roles within the conspiracy, including developing the malware, encrypting it so it could avoid detection by anti-virus software, mass distributing the spam emails and sneaking in to the victims’ bank accounts.

“For the past three years, we have been unpeeling an onion as it were that is very challenging to investigate and identify,” Brady said.

41K computers infected

GozNym infected more than 41,000 computers. It relied on spam emails, disguised as legitimate messages, that once opened enabled the malware to be downloaded onto the machines. From there, the hackers could record keystrokes from the victims’ computers, steal banking log-in credentials and then launder the stolen money into foreign bank accounts they controlled.

Brady said prosecutors always look to recover stolen funds, but that is especially challenging in international cybercrime cases.

“Proceeds were converted to bitcoin and without the private key, it is really hard to identify and access, let alone seize, those accounts,” Brady told the AP.

———

Associated Press writer Kristen de Groot in Philadelphia contributed to this report.

THE LATEST
FILE - Kash Patel, former chief of staff to Acting Secretary of Defense Christopher Miller, spe ...
Trump taps loyalist Patel for FBI director, sign of possible agency change
By Erin Tucker and Alan Suderman The Associated Press

The selection is in keeping with Trump’s view that the government’s law enforcement and intelligence agencies require a radical transformation and his stated desire for retribution against supposed adversaries.

Backdropped by a Lebanese village an Israeli army position sits near the Israeli-Lebanese borde ...
Ceasefire deal in Lebanon appears to be holding
By Wafaa Shurafa, Tia Goldenberg and Bassem Mroue The Associated Press

Efforts for a ceasefire between Israel and Hamas have faltered. But the U.S.- and France-brokered deal for Lebanon appears to be holding since Wednesday.

CORRECTS SURNAME.- Orna Weinberg stands at the damaged dining hall, that was hit by a rocket fi ...
Israelis wary of returning to the north
By Julia Frankel The Associated Press

Israel’s government seeks to bring the northern reaches of the country back to life, particularly the line of communities directly abutting Lebanon that have played a major role in staking out Israel’s border.

Israeli soldiers stand atop army armoured vehicles outside the agricultural settlement of Avivi ...
Israel, Lebanon cease-fire holds despite claims of breach
By Sam Dagher Bloomberg News

The Israel Defense Forces said it attacked a Hezbollah facility in southern Lebanon after identifying “terrorist activity” by the Iran-backed terrorist group, and separately opened fire on “several suspects” who it said had breached the terms of the cease-fire.

An aerial view of Mammoth Mountain from Mammoth Village on Wednesday, Oct. 27, 2021, in Mammoth ...
Mammoth sees the most snow for month of November in decade-plus
Daniel Miller Los Angeles Times

Mammoth Mountain has experienced its snowiest November since 2010, with a huge storm dumping nearly 50 inches on the Eastern Sierra resort earlier this week, the National Weather Service said Thursday.

Displaced residents drive past destroyed buildings as they return to Nabatiyeh, southern Lebano ...
Day 2 of ceasefire sees Israeli airstrike on Lebanon
By Kareem Chehayeb and Julia Frankel The Associated Press

Lebanese authorities reported scattered incidents of Israeli mortar attacks, strikes and shots fired that wounded two people trying to return to southern Lebanon.

In this screen grab image from video provided by the Israeli Government Press Office, Israeli P ...
Israel to appeal ICC arrest warrants over war in Gaza
By Josef Federman The Associated Press

Israel plans to appeal the International Criminal Court’s arrest warrants against Prime Minister Benjamin Netanyahu and former Defense Minister Yoav Gallant.

Customers shop at a grocery store in Chicago, Oct. 25, 2024. (AP Photo/Nam Y. Huh, File)
What stores are open on Thanksgiving?
By Matt Ott The Associated Press

Here’s what is open and closed this Thanksgiving, and a travel forecast from the experts at AAA auto club.