Felix Pergande - Fotolia
Russian cyber criminal Nikita Kuzmin must pay $6.9m in forfeiture and restitution for helping to create and distribute the Gozi money-stealing virus, according to a US judicial ruling.
However, he’s been spared additional jail time because of his co-operation with investigators during the three years he has already spent in US custody, reports Bloomberg.
Kuzmin was arrested in 2013 and charged alongside Romanian Mihai Ionut Paunescu and 27-year-old Latvian Deniss Calovskis.
The three men were identified and tracked down by the FBI, which was working with a number of European nations, including the UK.
PDFs used to transport virus
Kuzmin’s assistance led to the conviction of Calovskis and the arrest of Paunescu in Romania in December 2012. The latter is still awaiting extradition to the US, according to Voice of America (VOA), a broadcaster and news service linked to the US government.
The virus was used to collect personal bank information and steal at least $50m in Europe and the US between 2005 and 2011.
The malware was spread using malicious PDF documents, which seemed legitimate but once opened infected the victim’s computer and began logging banking credentials.
Calovskis, who wrote some of the computer code that enabled the virus to target particular banks, pleaded guilty in 2015 and was sentenced in January 2016 to the 21 months he had already spent in US custody.
US authorities believe the gang began operating in Europe and then moved on to the US, infecting more than 190 computers belonging to US space agency Nasa.
The details of 10,000 bank accounts belonging to 5,200 people in the UK, Germany, Poland, France, Finland, Italy, Turkey and the US were collected.
The case is one of several prosecutions brought by US attorney for the Southern District of New York Preet Bharara in recent years targeting cyber criminals.
Renting malware capabilities
Bharara said in renting the Gozi malware to others, Kuzmin made it widely accessible to criminals who do not have the same skills as the creators.
“From this perspective, Kuzmin’s crime is particularly significant,” said Bharara in a letter to the court, noting that this had become the dominant model used in the cyber criminal world.
In September 2014, a report from Europol’s European Cybercrime Centre found the cyber crime support industry was becoming increasingly commercialised. Europol is the European Union’s law enforcement agency.
The report said this crime-as-a-service business model drove innovation and sophistication, and provided access to a wide range of services that facilitate almost any type of cyber crime.
“Kuzmin used his talent and skills to create malware with the single purpose of stealing other people’s money, and when he succeeded in doing that, he spent lavish sums on luxury sports cars, and extravagant travel and entertainment in Europe and Russia,” Bharara told the court.
Read more about money-stealing malware
- The Dridex Trojan, used to steal millions from UK banks, is still dominant globally and continues to evolve, security researchers have warned
- Singapore is a top target for hackers and in the second quarter of 2015 was the country most targeted by cyber criminals using Trojans
- Heimdal Security researchers have found new cases of the nesting-doll financial malware, while Fortinet researchers have peeled back the layers to reveal its surprising intricacies