Cybercrime takedown: Is it game over for Gozi trojan that stole millions?
The three alleged leaders of the Gozi cybercrime gang were indicted in federal court. The Gozi trojan was highly successful, but it may be too hard to operate with the alleged masterminds in jail.
US attorney for Manhattan Preet Bharara holds a news conference on the Gozi virus in New York Wednesday. Federal prosecutors charged three people in as many countries with creating and distributing the computer virus known as the 'Gozi virus,' which infected more than a million computers around the world, including some operated by the US space agency and others by banks.
Carlo Allegri/Reuters
"In order to provide you with extra security, we occasionally need to ask for additional information when you access your account online."
Skip to next paragraph
Subscribe Today to the Monitor
Beginning in 2007, those innocuous-sounding words began appearing seamlessly and immediately on the personal computer screens of thousands of online banking victims in the United States and worldwide right after they logged into their accounts.
Many were duped into entering their mother's maiden name, Social Security numbers, and other personal data into the neat little labeled boxes.
Little did they know that the moment the personal data was entered, a Trojan horse program inhabiting their personal computer immediately sent it to a computer server in California – and from there to a central command-and-control server in the Netherlands. After that, access to the stolen account data was sold to other criminals, who used it to enter the accounts and transfer out cash.
Tens of millions of dollars was stolen this way from online accounts, according to charges filed in a federal court in New York Wednesday against the alleged leading members of the Gozi Gang, cyber-bank-robber masterminds and creators of the infamous Gozi Trojan, one of the world's most notorious and malicious bank-theft software programs.
According to the US attorney for New York’s Southern District, the alleged gang leaders, three Eastern European men in US custody, played critical roles in producing and distributing the Gozi virus. They faced criminal charges ranging from conspiracy to commit bank fraud to access device fraud and computer intrusion, and maximum penalties ranging from 60 to 95 years in prison.
Since 2007, Gozi has infected at least 1 million computers worldwide, including 40,000 in the US.
Documents released in federal court Wednesday shed light on the federal takedown of the gang – including the three alleged international cybercriminals suspected of creating and distributing the Gozi virus (really a Trojan horse program that creates an invisible digital back door) – as well as the inner workings of the gang.
First, they allege that Nikita Kuzmin, a Russian national, was the mastermind who set out the technical specifications and hired a programmer called only "CC-1" to create the Gozi Trojan in 2005. Mr. Kuzmin was arrested during a visit to the US in November 2010, later pleading guilty to computer intrusion and fraud charges in May 2011.
Charged yesterday were Deniss Calovskis, a Latvian who goes by the online nickname “Miami,” who is alleged to have written some of the computer code that made the Gozi Trojan so effective. He was arrested in Latvia in November 2012. He was indicted on several conspiracy charges, including conspiracy to commit aggravated identity theft.
Also charged was Mihai Ionut Paunescu, a Romanian whose alleged hacker handle is "Virus.” Authorities say he operated a so-called bulletproof hosting service that enabled Kuzmin and other cybercriminals to distribute the Gozi Trojan, the Zeus Trojan, and other infamous malware. He was arrested in Romania in December 2012.
Become part of the Monitor community