Romanian Hackers Who Commanded Vast Cryptomining Botnet Sentenced in Ohio

Bogdan Nicolescu, 37, and Radu Miclaus, 37, two members of a Romanian gang that controlled a network of at least 40o ooo malware-infected computers, have been sentenced to 18 and 20 years in prison each.

According to a press release from the U.S. Attorney’s Office, Northern District of Ohio, the men began their enterprise 12 years ago by circulating malware to unsuspecting email users:

It began in 2007 with the development of proprietary malware, which they disseminated through malicious emails purporting to be legitimate emails from entities and agencies such as Western Union, Norton AntiVirus, and the IRS. When recipients clicked on an attached file, the malware secretly installed itself onto their computers.”

Once installed on a computer, malware typically works to disable anti-malware and other security features and put the computer under the control of hackers.

In this case:

“This malware harvested email addresses from the infected computer (sic), such as from contact lists or email accounts, and then sent malicious emails to these harvested email addresses.  By using the infected computers to reach out and control additional computers, the defendants infected and controlled more than 400,000 individual computers, primarily in the United States.”

With the invention of Bitcoin in 2009, computer-savvy criminals gained several new ways to directly monetize their exploits, including using “botnets” (malware-zombified computer networks) to “mine” cryptocurrencies:

“In addition to using the infected network to expand its size, Nicolescu, Miclaus, and other members of the Bayrob Group used the collective processing power of the computer network to solve complex algorithms for the financial benefit of the group, a process known as cryptocurrency mining.”

Victims were not only robbed of computing power, but they also had their data stolen, prosecutors allege:

“Finally, trial testimony and evidence revealed that these defendants engaged in persistent and sophisticated data mining of the infected computers, selling information gleaned from infected computers repeatedly over time on the Dark Web.  Investigators discovered evidence on the Dark Web of trafficking in users’ personal financial information, passwords, and access to their computers.”

Through the cooperation of local authorities in the Romanian capital of Bucharest, Nicolescu and Miclaus were arrested and extradited to the US in December 2016.

The two were found guilty in April 2019 of 21 counts of wire fraud, conspiracy to traffic in counterfeit service marks, aggravated identity theft, conspiracy to commit money laundering and 12 counts each of wire fraud.

Prosecutors say a single tip from an Ohio victim led to the dismantling of the scheme.

American victims of cybercrime are asked to contact local law enforcement and make a report with the Internet and Cyber Crime Complaint Center at

Sponsored Links by DQ Promote


Send this to a friend