Three people allegedly involved for years in cybercriminal activities in Eastern Europe have been charged in a U.S. court for creating and distributing the Gozi virus that infected more than 1 million computers and allowed cybercriminals to steal millions of dollars over a five-year period.
The three defendants, Nikita Kuzmin of Russia, Mihai Ionut Paunescu of Romania, and Deniss Calovskis of Latvia, face a variety of charges in U.S. District Court for the Southern District of New York, the U.S. Department of Justice announced Wednesday. Gozi targeted online banking credentials and other online accounts and infected 40,000 computers in the U.S., including 160 at NASA, the U.S. space agency.
Kuzmin, the alleged chief architect and promoter of Gozi, faces charges of bank fraud and conspiracy, access device fraud and conspiracy, and computer intrusion, among other charges. Kuzmin allegedly began working on Gozi in 2005, and computer security experts discovered the threat in 2007, according to court documents.
Paunescu, who allegedly provided secure hosting to the creators of Gozi, the Zeus Trojan and the SpyEye Trojan, faces charges of conspiracy to commit computer intrusion, conspiracy to commit bank fraud and conspiracy to commit wire fraud.
Calovskis, who allegedly developed Web injects code for both Gozi and Zeus, faces charges of bank fraud conspiracy, access device fraud conspiracy and conspiracy to commit computer intrusion, among other charges.
Early in the development of the virus, Kuzmin hired a computer programmer to help him develop Gozi, which stole personal bank and other information from computers while remaining virtually undetectable, according to court documents. In 2006, Kuzmin allegedly began offering the virus to others for a weekly fee, his indictment said.
The stolen data was sent back to a server controlled by Kuzmin, the DOJ alleged. In 2009, a group of cybercriminals asked Kuzmin to sell them the source code of Gozi so they could attack U.S. computers, the DOJ said. Kuzmin sold the source code to several co-conspirators through mid-2010, according to court documents.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.