Russian hacker faces 14 federal counts
Getting Bogachev into custody might prove difficult, require Moscow’s help
6/3/2014WASHINGTON — An eight-country cyber crimes investigation that led to an indictment in Pittsburgh of a computer mastermind may now depend for its continued success on the cooperation of a ninth country: Russia.
Evgeniy Mikhailovich Bogachev of the Black Sea town of Anapa, Russia, was named in a 14-count indictment, unsealed on Monday, accusing him of conspiracy, wire fraud, computer fraud, bank fraud, and money laundering.
He and five alleged co-conspirators, identified by nicknames, are also defendants in a civil suit filed by federal prosecutors that provided the government with the judicial approval needed to shut down the Cryptolocker virus and the Gameover Zeus computer network, which have infected millions of computers worldwide.
“Bogachev, a true 21st century criminal, commits cyber crimes across the globe with a stroke of a key,” Deputy Attorney General James Cole said at a news conference in Washington. He called the vast, global array of computers captured by the Gameover Zeus “the most sophisticated and complicated botnet we have encountered.”
Justice officials said they have been watching Mr. Bogachev for years. His orchestration of the Gameover Zeus and Cryptolocker schemes elevated the 30-year-old to a spot on the FBI’s list of most-wanted cyber criminals.
Agents had been separately investigating the Gameover and Cryptolocker cases when they discovered both were connected to Mr. Bogachev, known online as Lucky12345, Slavik, and Pollingsoon.
The lucrative and damaging schemes were aimed at two different sets of victims: businesses, which were robbed by the millions, and individuals, whose pockets were virtually picked a few hundred dollars at a time.
The Cryptolocker virus spread through email messages with links that activate software that blocks up computer files and displays a splash message demanding payment within 72 hours. Payment was to be made in Bitcoins, the difficult-to-trace online currency.
Assistant Attorney General Leslie R. Caldwell characterized Gameover Zeus as a quiet scheme to defraud companies who wouldn’t be aware of the infiltration until their bank accounts were empty, while she said Cryptolocker was “brutally direct.”
“The criminals effectively held for ransom every private email, business plan, child’s science project, or family photograph — every single important and personal file stored on the victim’s computer,” Ms. Caldwell said.
U.S. Attorney David Hickton of Pittsburgh said he would use all available legal processes to bring Mr. Bogachev to Pittsburgh to stand trial.
Mr. Cole said discussions with Russia have begun but declined to detail them. “Our goal right now is to find him and get him into custody,” he said.
Experts predicted that the talks would be tough.
“There have been attempts from both the United States and Britain to extradite Russians who commit crimes, and each time Russia has refused to extradite anyone,” said Sean Guillory, a post-doctoral fellow at the Russian and East European Center at the University of Pittsburgh. “The Russians … flatly refuse that their nationals should be tried in other nations’ courts.
“The only way I could see the Russians cooperating is first behind the scenes, without any public knowledge,” and that seems decreasingly likely given tensions over Ukraine, he said.
Malicious software called Zeus that stole victims’ credentials, allowing criminals to drain bank accounts, emerged in 2007, according to a court filing in which FBI special agent Elliott Peterson, based in Pittsburgh, detailed the probe.
When a victim opened an email and clicked on the link, the virus would infect their computer, stealing personal information and secretly turning the machine into another “bot” in a network of remotely directed machines.
The updated version, Gameover Zeus, infected perhaps a million computers.
Cryptolocker emerged last year, infecting around 230,000 computers, more than half of them in the United States.
Prosecutors got court orders allowing them to establish a computer server to which they could redirect the communications of computers infected with Gameover Zeus.
The government then worked with law enforcement in Ukraine, Canada, France, Germany, Luxembourg, the Netherlands, and the United Kingdom to begin seizing computer servers associated with Gameover Zeus and Cryptolocker, Ms. Caldwell said.
Ukraine, for instance, seized Gameover Zeus command centers within its borders on May 7.
A “carefully timed sequence” of computer countermeasures by officials in the United States and The Hague, Netherlands, then allowed the governments to redirect all of the computer traffic allegedly associated with Mr. Bogachev, according to Ms. Caldwell.
Computer and security companies worked with law enforcement to understand the network.
By Saturday, Ms. Caldwell said, Cryptolocker was no longer functioning, and Gameover Zeus was severely damaged.
The Block News Alliance consists of The Blade and the Pittsburgh Post-Gazette. Rich Lord and Tracie Mauriello are reporters for the Post-Gazette.
Contact Rich Lord at: rlord@post-gazette.com or 412-263-1542.