Advertisement
 
YOU ARE HERE: LAT HomeCollectionsBusiness

'Gozi' computer virus hit bank accounts, officials say; 3 charged

U.S. prosecutors say a Russian, a Latvian and a Romanian have been arrested for spreading a virus to steal online banking data worldwide.

January 23, 2013|By Andrew Tangel, Los Angeles Times
  • Banks including Citigroup, JPMorgan Chase and Wells Fargo have been victims of cyber attacks in the past.
Banks including Citigroup, JPMorgan Chase and Wells Fargo have been victims… (Peter Foley, Bloomberg )

NEW YORK — Federal prosecutors said they had foiled an international cyber-crime ring that targeted bank accounts in the U.S. and around the globe.

The criminal charges, disclosed Wednesday, highlight the vulnerabilities of online consumer banking, which has become more popular in the digital age. It also comes just months after most every major U.S. bank suffered a relentless round of online attacks by Middle Eastern hackers.

In the case unveiled Wednesday, three men — a Russian, a Latvian and a Romanian — allegedly created and spread a virus they called "Gozi" that infected more than 1 million computers around the globe, including at least 40,000 in the United States.

The virus and other malicious software infected individuals' and businesses' computers, and then stole log-in information for online banking and other accounts. One program even imitated a bank's website, tricking users into giving away their PINs and personal information, such as their mothers' maiden names.

"Their bank heists required neither a mask nor a gun, but a clever computer program and an Internet connection," Preet Bharara, the U.S. attorney in Manhattan, told reporters Wednesday.

Referencing a quotation often attributed to the notorious bank robber Willie Sutton, Bharara said, "Cyber criminals target banks too because that's where the money still is."

Although the Gozi virus' reach spanned the globe — infecting computers in Turkey, Poland and Finland, among other countries — Bharara could not say how many U.S. customers' accounts had been breached. Nor could he say how much was stolen from the accounts, aside from alleging "tens of millions" of dollars in losses globally. He said the investigation was continuing.

NASA also fell victim to the virus. About 190 of the space agency's computers came down with the bug between 2007 and 2012, according to court documents. Extracted data allegedly included log-in information for a NASA email account, Web browsing histories and Google chat messages.

Gozi's mastermind was Nikita Kuzmin, a Russian programmer who created the virus in 2005, authorities said. The virus infiltrated computers through spam email or seemingly innocuous .pdf document files.

Prosecutors said Deniss Calovskis, a Latvian who went by the nickname Miami, allegedly helped develop "Web injects," such as the phony bank site. Mihai Paunescu, a Romanian known by his online handle Virus, ran what authorities said was essentially an online bazaar for cyber criminals who bought or leased the virus and helped spread it around the world.

Kuzmin was earlier arrested while in the U.S. and has pleaded guilty. He has been cooperating with authorities, Bharara said. Kuzmin's attorney, David Gordon of New York, did not respond to a phone message Wednesday.

Calovskis was arrested in Latvia in December; Paunescu was arrested in Romania in November. Both have been indicted and are awaiting extradition to the U.S.

Bharara, who in interviews and speeches has been increasingly sounding the alarm over cyber threats, said his office would bring similar cases later this year.

"This case should serve as a wake-up call to banks and consumers alike, because cyber crime remains one of the greatest threats we face, and it is not going away any time soon," Bharara said. "It threatens our financial security and our national security."

The alleged scheme is separate from an onslaught of cyber attacks last year against U.S. banking websites that were believed to have been orchestrated by a hacking group based in the Middle East. Those were "distributed denial of service" attacks, which aim to shut down websites. Banks such as Citigroup Inc., JPMorgan Chase & Co. and Wells Fargo & Co. were victims of the attacks. Although the banks said the attacks did not breach customer accounts, they found their customer-facing websites slowed or briefly crippled.

Marcus Asner, a former federal prosecutor now at the New York law firm Arnold & Porter, said the alleged Gozi ring showed "astonishing sophistication" and highlighted an emerging high-tech challenge for law enforcement and the banking industry.

"It's hard to say who is ahead in the game," Asner said. "It's much more of a Wild West still."

andrew.tangel@latimes.com

Advertisement
Los Angeles Times Articles
|
|
|