A complex transnational organized cybercrime network that used GozNym malware in an attempt to steal an estimated $100 million from unsuspecting victims in the United States and around the world has been dismantled as part of an international law enforcement operation.
Article continues below
GozNym infected tens of thousands of victim computers worldwide, primarily in the United States and Europe.
The operation was highlighted by the unprecedented initiation of criminal prosecutions against members of the network in four different countries as a result of cooperation between the United States, Georgia, Ukraine, Moldova, Germany, Bulgaria, Europol and Eurojust.
United States Attorney Scott W. Brady of the Western District of Pennsylvania made the announcement in Europol, located in The Hague, Netherlands, along with his international partners.
The U.S. Attorney’s Office for the Western District of Pennsylvania unsealed an Indictment returned by a federal grand jury in Pittsburgh charging 10 members of the GozNym criminal network with conspiracy to commit computer fraud, conspiracy to commit wire fraud and bank fraud, and conspiracy to commit money laundering.
An eleventh member of the conspiracy was previously charged in a related Indictment.
The victims of these crimes were primarily U.S. businesses and their financial institutions, including a number of victims located in the Western District of Pennsylvania.
The defendants reside in Russia, Georgia, Ukraine, Moldova and Bulgaria.
The operation was an unprecedented international effort to share evidence and initiate criminal prosecutions against members of the same criminal network in multiple countries.
At the request of the United States, Krasimir Nikolov, aka “pablopicasso,†“salvadordali,†and “karlo,†of Varna, Bulgaria, was searched and arrested by Bulgarian authorities and extradited to the United States in December 2016 to face prosecution in the Western District of Pennsylvania.
Nikolov’s primary role in the conspiracy was that of a “casher†or “account takeover specialist†who used victims’ stolen online banking credentials captured by GozNym malware to access victims’ online bank accounts and attempt to steal victims’ money through electronic funds transfers into bank accounts controlled by fellow conspirators.
Nikolov is named as a GozNym conspirator in the newly unsealed indictment, although he is charged in a related Indictment filed in the Western District of Pennsylvania.
Nikolov entered a guilty plea in federal court in Pittsburgh on charges relating to his participation in the GozNym conspiracy on April 10, 2019.
He is scheduled to be sentenced on Aug. 30, 2019.
Five of the named defendants reside in Russia and remain fugitives from justice.
However, to overcome the inability to extradite the remaining defendants to the United States for prosecution, an unprecedented effort was undertaken to share evidence and build prosecutions against defendants in the remaining countries where they reside, including Georgia, Ukraine and Moldova.
The prosecutions are based on shared evidence acquired through coordinated searches for evidence in Georgia, Ukraine, Moldova and Bulgaria, as well as from evidence shared by the United States and Germany from their respective investigations.
The GozNym network exemplified the concept of “cybercrime as a service.†According to the Indictment, the defendants advertised their specialized technical skills and services on underground, Russian-language, online criminal forums.
The GozNym network was formed when these individuals were recruited from the online forums and came together to use their specialized technical skills and services in furtherance of the conspiracy. ■