The man behind the biggest cyberscam the world has seen

Like many computer scams, GOZ works by sending unsolicited emails containing an infected file, often a receipt or shipping confirmation. Photo / Thinkstock
Like many computer scams, GOZ works by sending unsolicited emails containing an infected file, often a receipt or shipping confirmation. Photo / Thinkstock

His FBI "most wanted" page shows a grinning, shaven-headed figure, accused of a string of very grand thefts across America. With a total haul estimated at more than US$100 million, and tricks that ran rings around the police, the case against Evgeniy Bogachev could form yet another sequel to the Oceans 11 heist movies.

But the man named last week as the biggest new threat to America's banking system has never needed a gun, nor is he even thought to have set foot in the United States. Instead, under the code name "Lucky 12345", he carried out his entire operation via strokes of a keyboard from his house on Russia's Black Sea coast, masterminding what is thought to be the most sophisticated cybercrime network the world has seen.

Using so-called "malware" - malicious software that "enslaves" computers and steals user names and passwords, the 30-year-old and his gang allegedly hacked into hundreds of thousands of bank accounts, emptying up to $7 million at a time from unsuspecting firms across America.

Most were unaware that the attacks, from a program called GameOver Zeus, or GOZ, had even happened.

A second program, known as "ransomware", would freeze victims' computer files and threaten to destroy them unless an online ransom was paid. It targeted not just businesses, but home computer users - freezing precious online family photo albums and even children's school projects. To US law enforcement's considerable embarrassment, one victim was a police station in Massachusetts, which had to pay up to retrieve its database of mug shots.

Read more:
Computer users warned over virus pandemic

Yet, even after a massive global operation to dismantle his network last weekend, in which a dozen national police forces, including Britain's, shut down hijacked servers and "freed" up to 300,000 computers, the malware remains a threat. For one, Bogachev still appears to be at large in Russia, where officials have shown little interest in helping the FBI in the wake of the sanctions slapped on Moscow over its annexation of Crimea. And for another, it is only a matter of time before the network is up and running again, hitting not just the US, but Britain as well.

On Monday, police said that some 15,000 British computer users had already been infected with the GOZ virus, and gave warning that within a fortnight it would have hijacked new servers. Having identified victims from one infected server, police urged them to install anti-virus software before it was too late.

"Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals," said Andy Archibald, the deputy director of the National Crime Agency's cybercrime unit.

Most victims would not be happy either at the way Bogachev was hailed as a hero last week by fellow Russians in his home town of Anapa, a balmy beach resort 112 kilometres from Crimea. Using details in the US indictment unsealed against him last week, The Sunday Telegraph visited his last known address at Lermontova, a skyscraper of £150,000 a-time flats.

There, neighbours remembered a quiet, affable figure, who sailed a yacht at the local marina, and whose only involvement in cyber-activity was the bumper sticker on his ageing Volvo sedan, which advertised his services for "computer repairs". When told, though, of how he was now a public enemy No 1 in the US, many were delighted.

"What a talented guy," said Mikhail, 23, who recognised Bogachev's FBI photo as the man he would see in the lobby with his wife and nine-year-old daughter. "Sitting at his computer at home, he broke into our enemies' camp, but did not harm his fellow Russians."

"What a great dude," added Vazgen Atanasov, a taxi driver. "Judging by what Americans do to other people, what Bogachev is said to have done to them serves them right."

While not voiced by all of Bogachev's neighbours, such comments show how the anti-Americanism that has lain dormant in Russia since the end of the Cold War has re-erupted since the confrontation with the West over Ukraine. As lone agents exposing holes in US cyber-defences, Russian cyberhackers are seen as combining the cunning of a KGB spy with the brains of a scientist.

Whether the Kremlin shares that view of Bogachev is unclear. But right now, there seems little sign of him facing a court. Russian law forbids the extradition of its citizens abroad - a policy that prevented suspects in the poisoning of the ex-KGB spy, Alexander Litvinenko, being brought to Britain.

And while Washington said last week that it had sought Russia's help in tracking Bogachev down, the fact that the FBI simultaneously issued a "wanted" poster of him suggests that help has not been forthcoming. Asked for clarification a US Department of Justice spokesman declined to comment, as did Russia's interior ministry.

However, neighbours said they had seen no police activity at Bogachev's home. And from the attitude of officers at Anapa's central police station, just 200 yards down the road, it seems likely to remain that way. Refusing to say whether they had been asked to arrest Bogachev, one policeman added: "I'd pin a medal on the guy."

So, too, did the FBI in a backhanded way, describing GOZ last week as "the most sophisticated" cyberscam that it had ever seen. "Bogachev and his criminal network implemented the kind of cybercrimes that you might not believe if you saw them in a science fiction movie," said Leslie Caldwell, a lawyer on the case.

Like many computer scams, GOZ works by sending unsolicited emails containing an infected file, often a receipt or shipping confirmation. Clicking on it allows the user's computer to be accessed remotely by the hackers. They then wait until the user logs into online banking systems and other sensitive websites, stealing their passwords to empty their accounts.

The scam's particular genius was that if a user logged on to a website requiring just a password, the hackers could add additional security questions asking for social security numbers, credit cards, and all manner of sensitive data.

The FBI believes that a million computers worldwide are now infected with the GOZ virus, with losses of about $100 million in America alone. While the victims' full identities have not been revealed, they include a Florida bank that lost nearly $7 million, and a plastics firm in Pennsylvania that lost $375,000 in a single day.

Arguably crueller still, was the "ransomware", which confounds the notion of hackers as "Robin Hoods" who only target big institutions. "The criminals effectively held for ransom every private email, business plan, child's science project, or family photograph," said Mr Caldwell.

The ransomware, known as "CryptoLocker", would encrypt all data on the victims' computer and demand a ransom of around $750 to decrypt it. It would be payable in "Bitcoins", the internet currency. While the ransoms themselves were relatively small, vast numbers of people paid up, told that their data would be destroyed if they did not meet a deadline. US officials believe CryptoLocker earned nearly $15 million a month.

Bogachev faces multiple charges of computer hacking, bank fraud, and money laundering, along with several other accomplices still only known by pseudonyms, such as Chingiz 911 (Ghengis 911), and Mr Kykyprky.

But with no chance of him being handed over to the FBI, the real question now is what Russia will do with him. "The former Soviet Union has long been fertile ground for cybercrime due to a volatile mixture of technical expertise, a tough job market, and tensions with the West," said Kenneth Geers, a US military computer expert now at internet security firm FireEye. "It is unlikely that there has been no collaboration between the state and non-state cyber attacks, especially if the attacks favour Russian national interests."

So does Mr Geers think that Bogachev will remain free? That, he says diplomatically, will be a "cost-benefit calculation for Russia". Which, given relations with America, may mean "Lucky 12345" stays lucky for some time yet.

- Daily Telegraph UK

Get the news delivered straight to your inbox

Receive the day’s news, sport and entertainment in our daily email newsletter


© Copyright 2017, NZME. Publishing Limited

Assembled by: (static) on production apcf03 at 27 Apr 2017 20:29:49 Processing Time: 362ms