Two of three Romanian cybercriminals who targeted American citizens and businesses from abroad in elaborate cybercrime schemes initiated in 2007 have been convicted in Ohio.
Bogdan Nicolescu, 36, and Radu Miclaus, 37, will be sentenced August 14th after being found guilty of 21 counts of wire fraud, conspiracy to traffic in counterfeit service marks, aggravated identity theft, conspiracy to commit money laundering and 12 counts each of wire fraud.
Ohio Chief Judge Patricia A. Gaughan will determine their sentences.
A third man, Tiberiu Danet, 31, was arrested along with Nicolescu and Miclaus in Romania, and all three were extradited to the US in December 2016.
All told, American authorities claim Nicolescu and Miclaus, “…infected 60,000 computers, sent out 11 million malicious emails and stole at least $4 million.”
The attacks were allegedly broad, layered and comprehensive, and involved, “infect(ing) victim computers with malware in order to steal credit card and other information to sell on dark market websites, mine cryptocurrency and engage in online auction fraud.”
According to the Department of Justice:
“…Nicolescu, Miclaus, and a co-conspirator who pleaded guilty, collectively operated a criminal conspiracy from Bucharest, Romania…(that) began in 2007 with the development of proprietary malware…disseminated through malicious emails purporting to be legitimate from such entities as Western Union, Norton AntiVirus and the IRS. When recipients clicked on an attached file, the malware was surreptitiously installed onto their computer.”
But that was just the beginning. Once a computer was infected:
“This malware harvested email addresses from the infected computer, such as from contact lists or email accounts, and then sent malicious emails to these harvested email addresses. The defendants infected and controlled more than 400,000 individual computers, primarily in the United States.”
From there, the cybercriminals, “…harvest(ed) personal information, such as credit card information, user names and passwords. They disabled victims’ malware protection and blocked the victims’ access to websites associated with law enforcement.”
Stolen email credentials were then exploited again, “…to copy a victim’s email contacts. They also activated files that forced infected computers to register email accounts with AOL…more than 100,000 (fake) email accounts (were registered) using this method. They then sent malicious emails from these addresses to the compromised contact lists. Through this method, they sent tens of millions of malicious emails.” (emphasis added)
Affected victims were then further embroiled in a web of fraud and data theft:
“When innfected computers visited websites such as Facebook, PayPal, eBay or others, the defendants would intercept the request and redirect the computer to a nearly identical website they had created. The defendants would then steal account credentials. They used the stolen credit card information to fund their criminal infrastructure, including renting server space, registering domain names using fictitious identities and paying for Virtual Private Networks (VPNs) which further concealed their identities.”
“They placed more than 1,000 fraudulent listings for automobiles, motorcycles and other high-priced goods on eBay and similar auction sites. Photos of the items were infected with malware, which redirected computers that clicked on the image to fictitious webpages designed by the defendants to resemble legitimate eBay pages.” (emphasis added)
This is where alleged fraud-assisting fake-escrow agents came in:
“The Bayrob group laundered this money by hiring ‘money transfer agents’ and created fictitious companies with fraudulent websites designed to give the impression they were actual businesses engaged in legitimate financial transactions. Money stolen from victims was wired to these fraudulent companies and then in turn wired to Western Union or Money Gram offices in Romania. European ‘money mules’ used fake identity documents to collect the money and deliver it to the defendants.”
The Romanian National Police assisted the FBI in the case.
According to the 2016 release regarding the arrest and extradition of the three accused:
“If convicted, the defendants’ sentences will be determined by the court after review of factors unique to this case, including the defendant’s prior criminal record, if any, the defendant’s role in the offense and the characteristics of the violations. In all cases, the sentence will not exceed the statutory maximum and, in most cases, it will be less than the maximum.”