Skip to Content

Hacker ring dismantled after stealing $100 million

Federal and international law enforcement have dismantled a major hacker network responsible for stealing more than $100 million from individuals and businesses, the Justice Department said on Monday.

Officials said that they have also indicted the mastermind – Evgeniy Bogachev, a 30 year-old Russian national who is still at-large – for wire fraud, bank fraud, and conspiracy.

The cyber thieves, believed to operate from Russian and Ukraine, secretly infected computers to capture financial information so they could initiate or re-direct wire transfers to accounts they controlled overseas.

Many victims of the botnet, called GameOver Zeus, were unaware that their computers had been infected. Others had their computer files frozen and were then extorted for money to restore access, a tactic known as “ramsomware.”

“GameOver Zeus is the most sophisticated botnet the FBI and our allies have ever attempted to disrupt,” said Robert Anderson, FBI executive assistant director, said in a statement.

The hackers gained access to victims’ computers by sending unsolicited emails containing infected files. When recipients clicked on the links or attachments in the emails, they unknowingly downloaded the malware. The cyber thieves could then monitor the computer’s activity for financial information like bank account passwords.

Security researchers estimated that between 500,000 and 1 million computers. U.S. victims lost more than $100 million, according to the F.B.I.

At the same time, the cyber criminals sent infected emails containing software known as Cryptolocker, which blocked recipients from opening their computer files. Messages on their computer screens told victims they could restore access only by paying a ransom of up to $700. Security researchers estimated that Cryptolocker infected nearly 250,000 computers and that victims paid $27 million in ransom in the first two months of the attack.

A federal grand jury in Pittsburg indicted Bogachev, who went by a number of handles online including “Slavik” and “Lucky12345.” He was also named in a separate civil filing in Omaha for his alleged role in the scheme.

Working with law enforcement in Ukraine, authorities were able to seize computer servers used by the hackers in Kiev and Donetsk used for GameOver Zeus. They also seized servers used to operate Cryptlocker.

Starting early Friday, law enforcement made further server seizures in France, Canada, Luxembourg, Germany, the Netherlands, Ukraine and Britain. U.S. officials obtained court orders letting them divert traffic from infected computers to a server they controlled.