Romanian hackers convicted of cyber crimes, 400,000 affected

The pair of cyber criminals conducted a sophisticated campaign dating back to 2007

Picture depicting romania being involved in a cyber crime

A US federal court has convicted two Romanian hackers after they targeted more than 400,000 American citizens, infecting them with 'Bayrob' malware and using their systems for crypto mining.

Bogdan Nicolescu, 36, and Radu Miclaus, 37, had been running the operation since 2007 and began by distributing malware through emails purporting to be from legitimate sources such as Western Union or the IRS, which then syphoned other email addresses on the infected system and sent the same malware to them, too.

Once infected, the victims' anti-malware software was disabled and then their own emails were used to register for AOL email accounts, more than 100,000 were created in total, which were then used to send more malicious emails to the victim's original contact list leading to tens of millions of malicious email distributions.

At the height of the sophisticated operation, the pair controlled more than 400,000 systems - mainly in the US - harvesting credit card information, usernames and passwords to sell on darknet marketplaces. They did this by intercepting traffic to popular websites such as Facebook and PayPal and redirecting them to a phishing clone of the site where their login details were stolen.

Advertisement - Article continues below
Advertisement - Article continues below

Gaining control to a network of infected systems allowed the hackers to harness the processing power of said systems for crypto mining, further filling the criminals' virtual swag bag.

If the aforementioned offences weren't enough, we can add wire fraud to that list of 21 felony charges too. The pair injected fake listings into eBay accounts for items such as motorbikes and other high-priced goods but did so using malware-infected images which then redirected buyers to phishing payment pages which used an 'eBay escrow agent' - an individual hired by the cyber criminals - to get the money and run. This technique "resulted in a loss of millions of dollars," according to the court's report.

"The Bayrob group laundered this money by hiring 'money transfer agents' and created fictitious companies with fraudulent websites designed to give the impression they were actual businesses engaged in legitimate financial transactions," the report added. "Money stolen from victims was wired to these fraudulent companies and then in turn wired to Western Union or Money Gram offices in Romania. European 'money mules' used fake identity documents to collect the money and deliver it to the defendants".

The pair won't be sentenced until 14 August 2019 but with a rap sheet as large as this, it's likely that any punishment will be severe.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now



Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019

Best free malware removal tools 2019

23 Dec 2019
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020