Three Eastern European cybercriminals -- one nicknamed "Virus" -- were charged in federal court in Manhattan on Tuesday with infecting a million computers, including some belonging to NASA, and snatching identity data that allowed them to steal as much as $50 million through online banking sites.
Authorities said one of the three men -- Nikita Kuzmin, 25, a Russian who created a malicious piece of software called the Gozi Virus that specialized in stealing online banking data -- pleaded guilty in 2011 and is cooperating with law enforcement, paving the way for more cases.
"In an information-age update on Willie Sutton . . . cybercriminals' bank heists require neither a mask nor a gun, just a clever program and an Internet connection," said Manhattan's U.S. Attorney Preet Bharara. "This case should serve as a wake-up call to banks and consumers alike."
In court papers, officials charged that the Gozi Virus, invented by Kuzmin in 2005 and identified by computer security experts in 2007, was spread through PDF attachments to spam emails that were opened by unsuspecting users. It specialized in locating and stealing user names and passwords for online banking sites.
The virus was allegedly improved upon by co-conspirator Deniss Calovskis, 27, a Latvian, who devised a way to have it display bogus Web pages that mimicked online banking pages, and asked users to reveal their Social Security numbers.
Another co-defendant, Mihai "Virus" Paunescu, 28, of Bucharest, provided "bulletproof hosting services" that blocked law enforcement from tracing the virus back to the cybercriminals, according to the charges. He also helped distribute similar viruses, with names such as Zeus Trojan, Spy Eye and Black Energy.
Officials said the Gozi Virus was leased and sold through a website called 76 Service to other cybercriminals, who could configure it to steal data of their choosing in return for sharing the profits. The virus allegedly sent identifying data from infected computers back to the crooks, who then used that information to take money out of victims' accounts.
Among 1 million infected computers globally, at least 40,000 were in the U.S., officials said, including 190 at the National Aeronautics and Space Administration. NASA found that data sent without authority to a Paunescu site included login credentials to an eBay account and a NASA email account, and the contents of some Google chat messages.
Calovskis and Paunescu are in custody overseas, awaiting extradition to the United States.