Romanian hackers convicted of cyber crimes, 400,000 affected
The pair of cyber criminals conducted a sophisticated campaign dating back to 2007
A US federal court has convicted two Romanian hackers after they targeted more than 400,000 American citizens, infecting them with 'Bayrob' malware and using their systems for crypto mining.
Bogdan Nicolescu, 36, and Radu Miclaus, 37, had been running the operation since 2007 and began by distributing malware through emails purporting to be from legitimate sources such as Western Union or the IRS, which then syphoned other email addresses on the infected system and sent the same malware to them, too.
Once infected, the victims' anti-malware software was disabled and then their own emails were used to register for AOL email accounts, more than 100,000 were created in total, which were then used to send more malicious emails to the victim's original contact list leading to tens of millions of malicious email distributions.
At the height of the sophisticated operation, the pair controlled more than 400,000 systems - mainly in the US - harvesting credit card information, usernames and passwords to sell on darknet marketplaces. They did this by intercepting traffic to popular websites such as Facebook and PayPal and redirecting them to a phishing clone of the site where their login details were stolen.
Gaining control to a network of infected systems allowed the hackers to harness the processing power of said systems for crypto mining, further filling the criminals' virtual swag bag.
If the aforementioned offences weren't enough, we can add wire fraud to that list of 21 felony charges too. The pair injected fake listings into eBay accounts for items such as motorbikes and other high-priced goods but did so using malware-infected images which then redirected buyers to phishing payment pages which used an 'eBay escrow agent' - an individual hired by the cyber criminals - to get the money and run. This technique "resulted in a loss of millions of dollars," according to the court's report.
"The Bayrob group laundered this money by hiring 'money transfer agents' and created fictitious companies with fraudulent websites designed to give the impression they were actual businesses engaged in legitimate financial transactions," the report added. "Money stolen from victims was wired to these fraudulent companies and then in turn wired to Western Union or Money Gram offices in Romania. European 'money mules' used fake identity documents to collect the money and deliver it to the defendants".
The pair won't be sentenced until 14 August 2019 but with a rap sheet as large as this, it's likely that any punishment will be severe.
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now