Busted: Feds Charge 3 in Gozi Virus

Thursday, January 24, 2013 @ 05:01 PM gHale


Three men are facing charges they spread a computer virus to more than a million computers worldwide, including at least 40,000 in the United States, siphoning out passwords and online banking information which allowed hackers to steal tens of millions of dollars.

Federal authorities unsealed indictments in Manhattan federal court accusing the men of participating in a conspiracy that began in 2005 and continued through much of last year. NASA computers were among those infected by the Gozi virus.

RELATED STORIES
Guilty Verdict in Phishing Scheme
Arrested: Charges Filed for Breach
Charged Hacker Faces Life
Hacker Guilty in AT&T Breach

The NASA breach occurred from Dec. 14, 2007, to Aug. 9, 2012, when about 190 agency computers ended up infected with the virus, according to court documents. Between May and August last year, they said, the infected computers sent data without the user’s authorization, including login credentials for an eBay account and a NASA email account, details of visited websites and the contents of Google chat messages.

Other destructive viruses and malicious software, including Zeus Trojan, SpyEye and BlackEnergy, distributed through the network, according to a criminal complaint filed against Mihai Ionut Paunescu, also known as “Virus.”

Paunescu is a Romanian national residing in Bucharest. According to court papers, Romanian organized crime investigators have been conducting their own probe of him that included court-authorized surveillance of his cellphone communications over the last year.

The document said Paunescu set up online infrastructure that allowed others to distribute the damaging programs, causing tens of millions of dollars in losses and affecting well over a million computers worldwide.

The Gozi virus came to life in 2005 and started distributing in 2007, when it secretly installed onto each victim’s computer in a manner that left it virtually undetectable by antivirus software, the complaint said.

FBI agent M. Kathryn Scott wrote in the complaint charging Paunescu with conspiracy to commit computer intrusion that some information about the virus came through the cooperation of a Gozi virus distributor who pleaded guilty to various fraud and computer intrusion charges and was cooperating with U.S. law enforcement officials in the hopes of receiving leniency at sentencing.

Paunescu is under arrest in Romania. Police arrested Deniss Calovskis in Latvia, where he is a citizen and resident, on charges including bank fraud conspiracy. Police arrested Nikita Kuzmin, a Russian national, in New York on various charges, including bank fraud and bank fraud conspiracy.

A charging document against Kuzmin accused him of designing the Gozi virus beginning in 2005 as a way to steal the personal bank account information of individuals and businesses in a widespread way.

It said he hired a programmer to write it and began to rent the virus to others in 2006 for a weekly fee, advertising it on Internet forums devoted to cybercrime and other criminal activities. In 2009, according to the document, others approached Kuzmin to acquire the source code so they could attack computers and steal money from bank accounts in the United States and in particular European countries. The document said Kuzmin offered the code to other groups of people for $50,000 plus a guaranteed share of future profits.

According to court documents, Calovskis had training and expertise in computer programming when a co-conspirator hired him to upgrade the virus with new code that would deceive victims into divulging additional personal information, such as mother’s maiden names. Federal authorities sought at least $50 million from Calovskis, an amount of money they said he obtained through the conspiracy.



Leave a Reply

You must be logged in to post a comment.