A computer virus that spread to more than a million computers worldwide, including some at NASA, and produced at least $50 million in illegal profits or losses to victims should be a “wake-up call” for banks and consumers unaware of the threat posed by Internet criminals, a prosecutor said today.
U.S. Attorney Preet Bharara and George Venizelos, head of the New York FBI office, warned of the growing threat to financial and international security as they announced that a 21/2-year probe had resulted in three arrests, two of them overseas, and the seizure of vast amounts of computer-related evidence that will take months or years to fully analyze. They said the Gozi virus had infected 40,000 computers in the United States since 2005, including 190 at the National Aeronautics and Space Administration, along with computers in Germany, Great Britain, Poland, France, Finland, Italy, Turkey and elsewhere.
“This case should serve as a wake-up call to banks and consumers alike because cybercrime remains one of the greatest threats we face, and it is not going away anytime soon,” Bharara said. “It threatens individuals, businesses and governments alike.”
He told a news conference that cybercriminals “believe that their online anonymity and their distance from New York render them safe from prosecution, but nothing could be further from the truth.”
Venizelos said law enforcement had seized 51 computer servers in Romania, along with laptops, desktops and external hard drives, accumulating more than 250 terabytes of information.
“That vast pile of data is almost certain to aid criminal investigation at FBI offices around the country as well as law enforcement agencies around the world,” he said. “It is more than standard boilerplate to say that this investigation is very much ongoing.”
So far, the investigation has produced three arrests, including that of Nikita Kuzmin, who pleaded guilty to computer intrusion and fraud charges in May 2011, admitting his role in creating the virus. The plea was followed by the arrest in November of a co-conspirator in Latvia and another in Romania last month. Extradition proceedings are under way against both on various criminal charges, including conspiracy.
The NASA breach occurred from Dec. 14, 2007, to Aug. 9, 2012, with the most damage occurring between May and August last year, according to documents filed in U.S. District Court in Manhattan. The infected computers sent data without user authorization, including login credentials for an eBay account and a NASA email account, details of visited websites and the contents of Google chat messages.
Mihai Ionut Paunescu, who was arrested in Romania, set up online infrastructure that allowed others to distribute destructive viruses and malicious software, including ones dubbed Zeus Trojan, SpyEye and BlackEnergy, according to a criminal complaint filed against him. The document said Paunescu, a Romanian national residing in Bucharest, was also known as “Virus.”
The Gozi virus was designed in 2005 and distributed beginning in 2007, when it was secretly installed onto each victim’s computer in a manner that left it virtually undetectable by antivirus software.
Read more here.