Two Romanian hackers namely Bogdan Nicolescu and Rady Miclaus will be spending 20 and 18 years respectively in prison for infecting 400,000 computers with cryptominers and stealing sensitive financial and credential data. The duo is said to have stolen millions of dollars from countless unsuspected users.
Both the accused are members of the infamous Romanian hacking group called Bayrob. Nicolescu was the group leader whereas Miclaus served as the co-conspirator. The third accused, Tiberiu Danet, is also a member of the same group. In November 2018, Danet pleaded guilty to eight of the charges and will be sentenced on January 8, 2020.
According to the official press release, the duo was found guilty of 21 counts of money laundering, wire fraud, identity theft, and malware development for mining bitcoin and monero cryptocurrencies through utilizing host computers’ resources apart from other crimes.
“These sentences handed down today reflect the dynamic landscape in which international criminals utilize sophisticated cyber methods to take advantage of and defraud, unsuspecting victims anywhere in the world,” said FBI Special Agent in Charge Eric Smith. “Despite the complexity and global character of these investigations, this investigation and prosecution demonstrate the commitment by the FBI and our partners to aggressively pursue these individuals and bring justice to the victims.”
The Bayrob Group was founded in 2007 and operated actively until the apprehension and extradition of its key members, including the group leader Nicolescu, in 2016. This group operated from the outskirts of Bucharest and carried out different hacking and malware campaigns including spam emails loaded with dangerous Trojans sent as harmless messages from renowned firms and enterprises.
The emails mostly contained attachments hiding the Bayrob botnet, and were sent from the IRS, Norton, and Western Union. As soon as the user clicked on the attachment, the computer got infected with the malware, and all the installed malware protection tools got disabled while access to websites of law enforcement agencies was also blocked. The attackers copied the email contacts of the victim through the malware and sent the infected emails to them as well.
Through the botnet, the Romanian hacker group managed to steal $4 million. Moreover, the group also developed crypto miners to mine for Bitcoin and Monero and scan and transfer the victims’ crypto wallet ownership along with the funds. They also stole personal data from the infected computers including credit card information, login credentials, and usernames/passwords on different websites.
Furthermore, the malware enabled the system to register AOL accounts, which were used to send more malicious emails. The duo got 100,000 email accounts registered through this method and subsequently sent out tens of millions of infected emails.
They also replaced legitimate websites like eBay with fake replicas and when the victim accessed these websites, they were tricked into entering their credentials to the fake webpage instead of the authentic ones.
It did not end here; the group also used eBay for their nefarious objectives. The duo placed over 1,000 fake listings of motorbikes and automobiles on eBay and uploaded malware-infected images on these listings. Users who clicked on the images were redirected to fake eBay ordering pages where the victims were encouraged to pay for the items. A person was hired to play the role of fictional eBay Escrow Agent whose only job was to collect the money from the victim and transfer it to the hacker duo.
“These sentences handed down today reflect the dynamic landscape in which international criminals utilize sophisticated cyber methods to take advantage of and defraud, unsuspecting victims anywhere in the world,” added Special Agent Smith.