Catalin Cimpanu
Nikita
Kuzmin, 28, of Russia, was sentenced yesterday to time served (37
months) and the forfeiture of $6,934,979 as damages caused by his
creation, the Gozi banking trojan.
Kuzmin created Gozi in 2007 and
marketed it on underground hacking forums using the "76" nickname. The
malware was innovative when it was created, being the first that had a
MaaS (malware-as-a-service) offering.
Other criminal groups could come to
Kuzmin and rent the malware and its infrastructure, dubbed the "76
Service," for around $500 per month.
Kuzmin is the man that created the Gozi banking trojan
The Gozi banking trojan worked by
using "Web injects" modules which tapped into Web browser processes on
infected computers. These Web injects would overlay fake Web pages when
the user would visit a banking portal.
Kuzmin or other criminals would
receive the information entered in these fake Web pages on their
servers. This included login details and bank account details. The
crooks would then use this information to log in in the victim's name
and initiate fraudulent transactions.
It's because of banking malware like
Gozi that banks started deploying two-factor authentication en mass at
the start of the 2010s.
Authorities arrested Kuzmin in the US
in 2010. Kuzmin reached a cooperation agreement with the prosecutors
and pleaded guilty later in 2011.
Two other hackers were also involved
Besides Kuzmin, US authorities also indicted two other suspects, known collaborators of Kuzmin.
One of them is Deniss Calovskis, a
Latvian hacker that created many of Gozi's Web inject modules.
Authorities arrested Calovskis in November 2012, and after a long,
drawn-out extradition process, he was sent to the US where he recently
also received a 21-month prison sentence for time served.
The second suspect that aided Kuzmin
is a Romanian national, Mihai Ionut Paunescu, who was arrested in 2012
in Romania, and who is still fighting extradition to the US. Popescu's
role in the whole Gozi affair was to provide bulletproof hosting.
Post a Comment