Fighting cybercrime is a hugely complex and challenging endeavor, but an international police effort spanning six countries has just succeeded in dismantling a notorious criminal network that allegedly stole around $100 million from more than 40,000 victims.
The gang reportedly used the extremely powerful GozNym banking malware to infect victims’ computers, allowing them to nab their login details for online banking. The information was used to steal money from their accounts and launder those funds using U.S. and foreign beneficiary bank accounts controlled by the defendants, the U.S. Department of Justice said on Thursday, May 16. The victims comprised mostly U.S. businesses and their financial institutions.
GozNym is a combination of two other pieces of malware — Gozi and Nymaim. The IBM X-Force Research team that discovered GozNym said the malware took the most powerful elements of each one. “From the Nymaim malware, it leverages the dropper’s stealth and persistence; the Gozi parts add the banking Trojan’s capabilities to facilitate fraud via infected internet browsers,” the team said, adding: “The end result is a new banking Trojan in the wild.”
“Unprecedented international effort”
Those behind the investigation described it as an “unprecedented international effort” involving law enforcement officers in the U.S., Germany, Georgia, Ukraine, Moldova, and Bulgaria with additional input from Europol and E.U. judicial agency Eurojust. The breakthrough in the case came with the first arrest in December 2016, eight months after the malware was unleashed.
Ten defendants in five countries are accused of conspiracy to commit computer fraud, conspiracy to commit wire fraud and bank fraud, and conspiracy to commit money laundering. Five of the accused are still on the run and believed to be in Russia.
Alexander Konovolov, 35, of Tbilisi, Georgia, is accused of being the primary organizer and leader of the network, assembling the team of cybercriminals after reading posts on underground online forums where hackers advertised their specialized technical skills. Konovolov is currently being prosecuted in Georgia.
Working in partnership
U.S. Attorney Scott W. Brady of the Western District of Pennsylvania spoke about the investigation during a meeting this week at Europol’s headquarters in the Netherlands, together with his international partners.
“International law enforcement has recognized that the only way to truly disrupt and defeat transnational, anonymized networks is to do so in partnership,” Brady said. “The collaborative and simultaneous prosecution of the members of the GozNym criminal conspiracy in four countries represents a paradigm shift in how we investigate and prosecute cybercrime.”
Brady added: “Cybercrime victimizes people all over the world. This prosecution represents an international cooperative effort to bring cybercriminals to justice.”