17 May 2019

GozNym cyber-crime gang which stole millions busted

6:00 am on 17 May 2019

An international crime gang which used malware to steal $US100m from more than 40,000 victims has been dismantled.

Hacker working on hacking some information. Cyber scam. 13 November 2018

Photo: 123rf.com

A complex police operation conducted investigations in the US, Bulgaria, Germany, Georgia, Moldova and Ukraine.

The gang infected computers with GozNym malware, which captured online banking details to access bank accounts.

The gang was put together from criminals who advertised their skills on online forums.

The details of the operation were revealed at the headquarters of the European police agency Europol in The Hague.

It said that the investigation was unprecedented, especially in terms of cross-border co-operation.

This undated poster released by the FBI includes five Russian fugitives that have been charged in connection with malicious software attacks that infected tens of thousands of computers worldwide and caused more than $100 million in financial losses.

This undated poster released by the FBI includes five Russian fugitives that have been charged in connection with malicious software attacks that infected tens of thousands of computers worldwide and caused more than $100 million in financial losses. Photo: AP / Pittsburgh Field Office

Cyber-crime service

Ten members of the network have been charged in Pittsburgh on a range of offences, including stealing money and laundering those funds using US and foreign bank accounts.

Five Russian nationals remain on the run, including one who developed the GozNym malware and oversaw its development and management, including leasing it to other cyber-criminals.

Various other gang members now face prosecution in other countries, including:

  • The leader of the network, along with his technical assistant, faces charges in Georgia.
  • Another member, whose role was to take over different bank accounts, has been extradited to the US from Bulgaria to face trial.
  • A gang member who encrypted GozNym malware to make sure it was not detected on networks faces prosecution in Moldova.
  • Two more face charges in Germany for money-laundering.

Among the victims were small businesses, law firms, international corporations and non-profit organisations.

University of Surrey computer scientist Alan Woodward said one of the things that the operation has highlighted is how common the selling of nefarious cyber-skills has become.

"The developers of this malware advertised their 'product' so that other criminals could use their service to conduct banking fraud.

"What is known as 'crime as a service' has been a growing feature in recent years, allowing organised crime gangs to switch from their traditional haunts of drugs to much more lucrative cyber-crime."

What is GozNym?

It is a hybrid of two other pieces of malware, Nymaim and Gozi.

The first of these is what is known as a "dropper", software that is designed to sneak other malware on to a device and install it. Up until 2015, Nymaim was used primarily to get ransomware on to devices.

Gozi has been around since 2007. Over the years it has resurfaced with new techniques, all aimed at stealing financial information. It was used in concerted attacks on US banks.

Combining the two created what one expert called a "double-headed monster".

- BBC

Get the RNZ app

for ad-free news and current affairs