Romanian hackers convicted of cyber crimes, 400,000 affected

The pair of cyber criminals conducted a sophisticated campaign dating back to 2007

Picture depicting romania being involved in a cyber crime

A US federal court has convicted two Romanian hackers after they targeted more than 400,000 American citizens, infecting them with 'Bayrob' malware and using their systems for crypto mining.

Bogdan Nicolescu, 36, and Radu Miclaus, 37, had been running the operation since 2007 and began by distributing malware through emails purporting to be from legitimate sources such as Western Union or the IRS, which then syphoned other email addresses on the infected system and sent the same malware to them, too.

Once infected, the victims' anti-malware software was disabled and then their own emails were used to register for AOL email accounts, more than 100,000 were created in total, which were then used to send more malicious emails to the victim's original contact list leading to tens of millions of malicious email distributions.

At the height of the sophisticated operation, the pair controlled more than 400,000 systems - mainly in the US - harvesting credit card information, usernames and passwords to sell on darknet marketplaces. They did this by intercepting traffic to popular websites such as Facebook and PayPal and redirecting them to a phishing clone of the site where their login details were stolen.

Gaining control to a network of infected systems allowed the hackers to harness the processing power of said systems for crypto mining, further filling the criminals' virtual swag bag.

If the aforementioned offences weren't enough, we can add wire fraud to that list of 21 felony charges too. The pair injected fake listings into eBay accounts for items such as motorbikes and other high-priced goods but did so using malware-infected images which then redirected buyers to phishing payment pages which used an 'eBay escrow agent' - an individual hired by the cyber criminals - to get the money and run. This technique "resulted in a loss of millions of dollars," according to the court's report.

"The Bayrob group laundered this money by hiring 'money transfer agents' and created fictitious companies with fraudulent websites designed to give the impression they were actual businesses engaged in legitimate financial transactions," the report added. "Money stolen from victims was wired to these fraudulent companies and then in turn wired to Western Union or Money Gram offices in Romania. European 'money mules' used fake identity documents to collect the money and deliver it to the defendants".

The pair won't be sentenced until 14 August 2019 but with a rap sheet as large as this, it's likely that any punishment will be severe.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

8 most secure web browsers
web browser

8 most secure web browsers

25 Sep 2020
Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020

Most Popular

Windows XP source code allegedly leaked online
Microsoft Windows

Windows XP source code allegedly leaked online

25 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020