Europol busts global cybercrime gang
-
The EU police agency, Europol, is based in the Hague (Photo: European Commission)
The EU's police agency Europol says an international criminal gang that attempted to steal some $100m has been dismantled.
The take-down announced on Thursday (16 May) was described as "unprecedented" given the geographical scope of the investigation and police cooperation.
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Don't miss out on
Our exclusive news stories and investigations. Influential. Investigative. Independent.
Why join?
Watch our founder Lisbeth Kirk explain the reasons in this 30-second video.
Already a member?
Police from Bulgaria, Germany, Georgia, Moldova, Ukraine and the United States managed to bust the so-called GozNym network following a two-year probe.
The loose network of cyber criminals, largely recruited from online Russian-speaking forums, had managed to target some 41,000 people.
They hacked computers using a malware in an effort to capture online banking login credentials.
Aside from the criminal nature of the scam, the way it was set up and organised shows how some cybercrime is being outsourced and sold off as an online service.
"This was a supermarket of cybercrime services. You're looking at coders, malware developers, bulletproof hosters, a whole range of cybercrime services," Steven Wilson, the head of the European Cybercrime Centre, was quoted as saying in Wired Magazine.
It is not immediately clear how much they managed to steal but a federal grand jury in the United States has since slapped charges on ten members of the GozNym network.
Five of them, all Russian nationals, are on the run.
Alexander Konovolov has been named the alleged leader of the GozNym group.
According to Europol, he was based out of Tbilisi in Georgia, where he leased access to the malware from a Russian-based developer named Vladimir Gorin.
Konovolov then went onto a Russian-speaking online criminal forum to recruit others who had advertised themselves and their skills.
Next, he brought in people from Moldova and Kazakhstan to make sure the malware could not be detected on the infected computer.
Phishing mails, designed to look like legitimate business emails, were then sent to hundreds of thousands of people.
Anyone who clicked on the link would then download GozNym, hijacking the victims' web browser. Victims include NGOs, small businesses, law firms and financial institutions.
According to Forbes magazine, the hackers in 2016 stole $4m from more than 24 American and Canadian banks.
Konovolov is now being prosecuted in Georgia.
The whole was linked to the dismantled Avalanche operation, which had provided services to more than 200 cybercriminals, and hosted more than twenty different malware campaigns, including GozNym.
Avalanche was taken down in November 2016 after a four year investigation that involved 31 nations.
