The FBI released the below information:
The hackers were like modern-day
John Dillingers, brazenly committing their crimes and repeatedly escaping law
enforcement’s grasp.
But like Dillinger and most other
criminals, they eventually slipped up, and the FBI and its international
partners were waiting for them after years of tracking their activities.
In 2007, an Ohio woman wired
thousands of dollars to an eBay seller thinking she was buying a used car. The
car never arrived. When she went to her local police department, the listing
did not appear on the officers’ computers.
That’s because the woman was on a
fraudulent version of the online auction site that mimicked the real one—a
result of having unknowingly downloaded malicious software, known as malware,
to her computer.
And to thousands of other victims
just like her, the website and transactions looked legitimate. But buyers who
thought they were wiring money across town were, in fact, sending money to
hackers halfway across the world.
The hackers, known as the Bayrob
Group, laundered the money via money mules, making it difficult to track. (Money mules are criminal
accomplices who, often unwittingly, move criminal money through their own bank
accounts.) Additionally, if a user on an infected machine went to the “Help”
section of the site, they were met with the hackers’—not eBay’s—customer
service.
The Bayrob hackers also blocked
websites like ic3.gov—the FBI’s Internet
Crime Complaint Center—where a user might have gone for help. And before
smartphones were so common, the infected computer may have been a victim’s only
access to the Internet.
The would-be car buyer, along with
many other victims, lost her money because wiring funds
lacks the consumer protection of a credit card. Agents estimate each victim
lost between $8,000 and $11,000.
“At the time, this was really
cutting edge,” said Special Agent Ryan Macfarlane, who worked this case out of
the FBI’s Cleveland Field Office. “These guys did a very good job of staying
current with the technologies in the cyber criminal underground.”
The Bayrob hackers were
frustratingly nimble and good at covering their tracks. They used multiple
layers of proxy servers to hide their location. Those proxy servers
communicated with the “command and control” servers that talked to the
thousands of computers the malware had infected.
But as the hackers gained more
victims, more partners joined the investigation. The FBI worked with numerous
law enforcement agencies around the world on this case, as well as with
companies such as AOL, eBay, and Symantec.
Beginning in 2012, the Bayrob Group
began to diversify its criminal business as technology advanced. They continued
to spread their malware via spam and social media, but they also got into
cryptocurrency mining and selling credit card numbers on the Darknet.
“They had all of these infected
systems, and they tried to use as many ways as possible to make money from
them,” Macfarlane said.
A break finally came when a Bayrob
participant accidentally logged into his personal email instead of his criminal
one. AOL, who was investigating his abuse of their network, connected the two
accounts. That personal account led to online profiles in Romania and on social
media—essentially the first action tying one of the suspects to the crimes.
That small mistake helped set
investigators, in partnership with the Romanian National Police, on a path
toward discovering the identities of all three hackers. And after much further
investigation, including undercover buys from the group on Darknet marketplace Alphabay, the FBI had
enough evidence to work with Romanian authorities on the arrests.
By the time the hackers were
arrested in 2016, the Bayrob Group had become one of the top senders of
malicious email.
“We were essentially taking down
this entire infrastructure and arresting the three individuals at one time,”
Macfarlane said. “And the Romanian National Police were key partners in this
effort. They stuck with us year after year. We couldn’t have done this without
them.”
Bayrob Group members Bogdan
Nicolescu and Radu Miclaus were both convicted on wire fraud, money laundering,
and identity theft charges. In December 2019, Nicolescu was sentenced to 20
years and Miclaus to 18 years in prison.
A third member of the group, Tiberiu
Danet, pleaded guilty to similar charges. He was sentenced in January to 10
years in prison.
While it was years in the making, putting
a stop to these prolific thieves was worth the time and effort for the
investigators—even when the hackers were as elusive as a gangster on the run.
“We stuck with it because these guys
weren’t stopping,” Macfarlane said. “They continued to evolve, and they were
becoming a bigger and bigger threat.”
Protecting Yourself Online
Although many of the victims had no
way of knowing their computers were compromised, there are steps you can take
to protect yourself and your devices,
such as making sure your antivirus and operating systems are always up to date.
Also be careful of what you click on, even if it’s coming from someone you
know.
“A lot of people don’t think that
someone they know will be compromised,” said FBI Special Agent Stacy Diaz, who
also worked on the case. “These hackers know how social networks work, and they
use those relationships to grow their network.”
Bayrob by the Numbers
- Infected computers: 400,000+
- Money lost: $4 million+
- Average loss per victim: $8,000-$11,000
- Years in operation: 2007-2016
- Malware variations: 160+
- Malicious emails sent: 70+ million
No comments:
Post a Comment