Hackers use ‘Gameover’ virus to steal $100m from bank accounts
US authorities charge Russian man with implanting virus to intercept customers’ bank accounts
US assistant attorney general Leslie Caldwell (at podium) of the Justice Department’s Criminal Division announces criminal charges and two global cyber fraud disruptions, Gameover Zeus and Cyrptolocker, at the Department of Justice in Washington.Photograph: Gary Cameron/Reuters
America has revealed more details about the attack by a band of hackers who implanted viruses on hundreds of thousands of computers around the world, seized customers’ bank information and stole more than $100 million from businesses and consumers.
Announcing charges against the Russian man accused of masterminding the effort, the US justice department said the gang’s cyber threats were sophisticated, lucrative and global.
In one scheme, the criminals infected computers with malicious software that captured bank account numbers and passwords, then used that information to secretly divert millions from victims’ bank accounts to themselves.
In another, they locked hacking victims out of their own computers, secretly encrypted personal files on the machines and returned control to the users only when ransom payments of several hundred dollars were made.
“The criminals effectively held for ransom every private email, business plan, child’s science project, or family photograph — every single important and personal file stored on the victim’s computer,” Leslie Caldwell, head of the US justice department’s criminal division, said.
Working with officials in more than 10 other countries, the FBI and other agencies recently seized computer servers that were central to the crimes, which affected hundreds of thousands of computers.
The FBI called the alleged ringleader, Evgeniy Bogachev (30) one of the most prolific cyber criminals in the world and issued a “wanted” poster that lists his online monikers and describes him as a boating enthusiast.
He faces criminal charges in Pittsburgh, where he was named in a 14-count indictment in Nebraska, where a criminal complaint was filed. He has not been arrested, but deputy attorney general James Cole said US authorities were in contact with Russia to try to bring him into custody.
Officials say the case is another stark reminder of the evolving cybercrime threat, though it is unrelated to the recently unsealed cyber-espionage indictment of five Chinese military hackers accused of stealing trade secrets from American firms. Both sets of hackers relied on similar tactics — including sending emails to unsuspecting victims that installed malware — but the Chinese defendants were government officials who sought information that could bring Chinese companies a competitive advantage.
Mr Bogachev’s operation, prosecutors say, consisted of criminals in Russia, Ukraine and the United Kingdom who were assigned different roles within the conspiracy. The group is accused in the development of both Gameover Zeus — a network of infected computers that intercepted customers’ bank account numbers and passwords that victims typed in — and Cryptolocker, malicious software that hijacked victims’ computers and demands ransom payments. Computer users who do not pay the fee generally lose their files for good.
The victims of the different schemes included an American Indian tribe in Washington state; an insurance company and a firm that runs assisted living centres in Pennsylvania; a police department in Massachusetts; a pest control company in North Carolina; and a restaurant operator in Florida.
The Pittsburgh indictment also accuses Bogachev’s group of trying to siphon hundreds of thousands of dollars from the bank accounts of Haysite Reinforced Plastics of Erie, in north-western Pennsylvania, on a single day in 2011.
According to the indictment, two of the transfers went through — one for about $198,000 and one for about $175,000 — but multiple other attempted transfers did not. The accounts were with Pittsburgh-based PNC Bank, which declined to comment.
A Florida bank lost nearly $7 million through an unauthorised wire transfer. The Swansea, Massachusetts, police department, on the other hand, lost $750 dollars when it paid a ransom demanded by the malicious software that infected its computers.
Last week, a federal judge in Pittsburgh granted a temporary restraining order against Bogachev and the others, demanding that they cease such activities. That order was unsealed along with the charges yesterday.