Ten indicted in the US over alleged $100m GozNym malware cyber crime spree

The alleged criminals include five Russians who remain at large

Ten European cybercriminal have been indicted in a Pittsburgh federal court in connection with the GozNym malware campaign in 2015 and 2016.

The alleged fraud raised $100 million in revenues for the attackers, according to the indictments.

The defendents are from six countries, with a number of them currently awaiting trial in Europe. Five are Russians who remain at large in their country, and who are unlikely to either face justice in their own country, or be extradited to face justice in either the US or Europe.

The charges framed against these people include conspiracy to commit bank fraud, conspiracy to commit computer fraud and money laundering.

An 11th offender in a related case was extradited from Bulgaria to the US in 2016. He pleaded guilty in Pittsburgh federal court last month, and is scheduled to be sentenced in August.

Cloud & Infrastructure Live 2019 returns to London on 19th September 2019. Learn about the latest technologies in cloud, how to keep one step ahead of the regulators, and network with an audience of IT leaders and senior IT pros. The event will include keynotes, panel discussions, case studies, and strategic and technical streams. Best of all, the event is FREE to qualifying attendees. Secure your place now.

Attending Cloud & Infrastructure Live 2019 already? Why not enter the Computing Cloud Excellence Awards that will be celebrated in the evening, too?

"It represents a paradigm change in how we prosecute cyber crime," Scott Brady, the US attorney in Pittsburgh told Associated Press.

According to Brady, this case reflects a new model of international collaboration, in which European officials started prosecutions against defendants in their own countries after they were provided with evidence by US officials.

The people charged were alleged members of the GozNym malware network that infected nearly 41,000 systems with their a banking Trojan. The malware enabled attackers to remotely hijack infected machines and ransack the bank accounts of victims.

The organisations targeted included a Mississippi casino, a Texas church, Washington law firm, and a furniture business in California.

The malware relied on spam emails that, once opened, enabled attackers to record keystrokes from the victims' machines and then to steal bank account login credentials. The malicious links were served through the Avalanche hosting service, which were eventually taken down in December 2016 by security agencies.

The offenders carried out attacks between October 2015 and December 2016.

Alexander Konovolov, 35, was the leader of the group, according to officials. He is from Georgia and recruited several other members in the group. The defendants advertised their specialised hacking services on secretive online criminal forums, according to the court documents.

The five Russians in the case remain fugitive and are unlikely to be extradited to face justice, or to face justice in Russia.

Brady said that investigating agencies are trying to recover stolen funds in the case, although the task is challenging in international cyber crime cases.

"Proceeds were converted to bitcoin and, without the private key, it is really hard to identify and access, let alone seize, those accounts," Brady added.

Delta is a new market intelligence service from Computing to help CIOs and other IT decision makers make smarter purchasing decisions - decisions informed by the knowledge and experience of other CIOs and IT decision makers.

Delta is free from vendor sponsorship or influence of any kind, and is guided by a steering committee of well-known CIOs, such as Charles Ewen, Christina Scott, Steve Capper and Laura Meyer.

Ten crucial technology areas are already covered at launch, with more data appearing and more areas being covered every week. Sign-up here for your free trial of the Computing Delta website.