WASHINGTON (AP) — A band of hackers implanted viruses on computers around the world, seized customer bank information and stole more than $100 million from businesses and consumers, the U.S. Justice Department said Monday in announcing charges against the Russian man accused of masterminding the effort.
In disclosing the criminal case, federal authorities said they disrupted European-based cyber threats that were sophisticated, global and lucrative.
The criminals in one scheme infected computers with malicious software that captured bank account numbers and passwords, then used that information to secretly divert millions of dollars from victims' bank accounts to themselves. In another, they locked hacking victims out of their own computers, secretly encrypted personal files on the machines and returned control to the users only when ransom payments of several hundred dollars were made.
"The criminals effectively held for ransom every private email, business plan, child's science project, or family photograph — every single important and personal file stored on the victim's computer," Leslie Caldwell, the head of the Justice Department's criminal division, said at a news conference.
Working with officials in more than 10 other countries, the FBI and other agencies recently seized computer servers that were central to the crimes, which affected hundreds of thousands of computers.
The FBI called the alleged ringleader, 30-year-old Evgeniy Bogachev, one of the most prolific cyber criminals in the world and issued a "Wanted" poster that lists his online monikers and describes him as a boating enthusiast. He faces criminal charges in Pittsburgh and in Nebraska. He was not in custody, but Deputy Attorney General James Cole said U.S. authorities were in contact with Russia about seeking his arrest.
The case is unrelated to the recently unsealed cyber-espionage indictment of five Chinese army hackers accused of stealing trade secrets from American firms. Though those cyber-attacks relied on similar tactics — including sending emails to unsuspecting victims with links that installed malware — the hackers in that case, unlike this one, were government officials. Bogachev's operation, prosecutors say, consisted of criminals in Russia, Ukraine and the United Kingdom who are assigned different roles within the conspiracy.
The victims include an unspecified American Indian tribe in Washington state; an insurance company and a firm that runs assisted living centers in Pennsylvania; a local police department in Massachusetts; a pest control company in North Carolina; and two Florida businesses, a restaurant and a regional bank.
A 14-count indictment unsealed Monday accuses Bogachev of trying to make eight fraudulent money transfers from Haysite Reinforced Plastics of Erie, in northwestern Pennsylvania, on a single day in 2011. According to the indictment, two of the transfers went through — one for about $198,000 and one for about $175,000 — but Haysite was able to block the other six attempts.
Officials with Haysite did not immediately return phone calls for comment Monday. The accounts were with Pittsburgh-based PNC Bank, which declined to comment.
The Florida bank lost nearly $7 million through an unauthorized wire transfer. The Massachusetts police department, on the other hand, lost $750 when it paid a ransom demanded by the malicious software that infected its computers.
Last week, a federal judge in Pittsburgh granted a temporary restraining order against Bogachev and the others, demanding that they cease such activities. That order was unsealed along with the charges Monday.
Mandak reported from Pittsburgh.