Cyberspace’s most wanted: Virus used in global cyber crimes

On Jan. 23, the Federal Bureau of Investigation (FBI) charged three men for creating and distributing a computer virus that has affected over one million computers across the globe. Known as the “Gozi virus,” the computer code was used to withdraw tens of millions of dollars from personal bank accounts. In the release it was named “one of the most financially destructive computer viruses in history.”

The Gozi virus is a type of “malware” (or malicious software) that was used to pilfer personal banking information from infected computers. In this case, the Gozi virus was used to steal users’ personal bank account information with the intent of withdrawing funds and wiring them to the accused via the Internet. The success of the software came through its ability to remain undetected in the computers it had affected.

According to Reuters, over 160 computers belonging to the National Aeronautics and Space Administration (NASA) were affected, resulting in excess of US $40,000 in damages.

A co-creator of the Gozi virus, Nikita Kuzmin, is a Russian national who first conceived the virus in 2005. Once the software was coded, Kuzmin began renting out the virus for a weekly fee through a business he called “76 Service.” By 2009, the virus was being sold to cyber criminals online for up to $50,000.

Kuzmin worked with many co-conspirators to update and enhance the virus. Two accomplices in making the malware a “success” were Deniss Calovskis and Mihai Ionut Paunescu. Calovskis, a Latvian resident, helped create a specific code for the virus known as “web injects.” The virus would alter how bank websites look to the users of infected computers. Through alteration of the website, cyber criminals were able to pry additional information from victims, including social security numbers, driver’s licence information, as well as their banking and personal identification numbers (PIN).

Paunescu provided a service known as “bulletproof hosting.” By providing IP addresses and computer servers that preserved their anonymity, the accused and their clientele could go about their cyber crimes without being identified by law enforcement. Crimes that were committed through bulletproof hosting include the utilization of the Gozi virus and other dangerous malware such as the “Zeus trojan” and the “SpyEye trojan.”

Kuzmin was apprehended in November of 2010 in the U.S. and has since pleaded guilty to various intrusion and fraud charges. Calovskis was arrested in Latvia in November of 2012 and Paunescu in Romania in December of 2012. Investigators gathered 51 computer servers containing approximately 250 million megabytes of information. The investigation is ongoing.

The three accused men are in their mid-to-late-20s. Kuzmin began work on the Gozi virus at the age of 18. Co-conspirator Calovskis became involved at the age of 20, while Paunescu, 28, has purportedly  been in the bulletproof hosting world for years. All three men are faced with serious jail time; Kuzmin with a maximum penalty of 95 years in prison, Calovskis with a maximum of 67 years, and Paunescu with a maximum of 60 years.

The means and methods of cyber crime have matured to a point where they pose an increased threat to security. As Manhattan U.S. Attorney Preet Bharara puts it, “cyber criminals’ bank heists require neither a mask nor a gun, just a clever program and an Internet connection.”