San Francisco, Dec 6 (IANS) Two Russian nationals have been indicted in the US for allegedly running international computer hacking and bank fraud schemes for over a decade.
The US announced reward of up to $5 million under the Transnational Organised Crime Rewards Program for information leading to the arrest and/or conviction of 32-year-old Maksim V. Yakubets, aka online moniker, “aqua”.
This represents the largest such reward offer for a cyber criminal to date, the US Department of Justice said in a statement on Thursday.
A second individual, Igor Turashev, 38, was also indicted in Pittsburgh for his role related to the “Bugat” malware conspiracy.
Yakubets has been accused of running Evil Corp – believed to be the world’s most harmful cyber crime group that created and deployed malware causing financial losses totalling hundreds of millions of dollars.
He has been indicted in the US following investigation by the Federal Bureau of Investigation (FBI) in the US, and by Britain’s National Crime Agency (NCA) and Cyber Security Centre.
Yakubets employed dozens of people to run his operation from the basements of Moscow cafes, according to the charges.
“Maksim Yakubets allegedly has engaged in a decade-long cybercrime spree that deployed two of the most damaging pieces of financial malware ever used and resulted in tens of millions of dollars of losses to victims worldwide,” said Brian A. Benczkowski, Assistant Attorney General for the Criminal Division of the US Justice Department.
“These two cases demonstrate our commitment to unmasking the perpetrators behind the world’s most egregious cyberattacks,” Benczkowski said.
According to the indictment, Bugat is a malware specifically crafted to defeat antivirus and other protective measures employed by victims.
As the individuals behind Bugat improved the malware and added functionality, the name of the malware changed, at one point being called “Cridex,” and later “Dridex,” according to the indictment.
Bugat malware was allegedly designed to automate the theft of confidential personal and financial information, such as online banking credentials, and facilitated the theft of confidential personal and financial information by a number of methods.
For example, the indictment alleges that the Bugat malware allowed computer intruders to hijack a computer session and present a fake online banking webpage to trick a user into entering personal and financial information.
The indictment further alleges that Yakubets and Turashev used captured banking credentials to cause banks to make unauthorized electronic funds transfers from the victims’ bank accounts, without the knowledge or consent of the account holders.
They then allegedly used persons, known as “money mules”, to receive stolen funds into their bank accounts, and then move the money to other accounts or withdraw the funds and transport the funds overseas as smuggled bulk cash.
According to the indictment, they also used a powerful online tool known as a botnet in furtherance of the scheme.
Yakubets was the leader of the group of conspirators involved with the Bugat malware and botnet, according to the indictment.
“For over a decade, Maksim Yakubets and Igor Turashev led one of the most sophisticated transnational cybercrime syndicates in the world,” said US Attorney Scott W. Brady for the Western District of Pennsylvania.
“Deploying ‘Bugat’ malware, also known as ‘Cridex’ and ‘Dridex,’ these cybercriminals targeted individuals and companies in western Pennsylvania and across the globe in one of the most widespread malware campaigns we have ever encountered,” Brady said.
It is also alleged that Yakubets worked for Russian intelligence, the BBC reported.