Theft • Infection hit 1M users globally, targeting bank account data.
This is an archived article that was published on sltrib.com in 2013, and information in the article may be outdated. It is provided only for personal research purposes and may not be reprinted.
New York • A computer virus that spread to more than a million computers worldwide, including some at NASA, and produced at least $50 million in illegal profits or losses to victims should be a "wake-up call" for banks and consumers unaware of the threat posed by Internet criminals, a prosecutor said Wednesday.
U.S. Attorney Preet Bharara and George Venizelos, head of the New York FBI office, warned of the growing threat to financial and international security as they announced that a 2½-year probe had resulted in three arrests, two of them overseas, and the seizure of vast amounts of computer-related evidence that will take months or years to fully analyze. They said the Gozi virus had infected 40,000 computers in the United States since 2005, including 190 at the National Aeronautics and Space Administration, along with computers in Germany, Great Britain, Poland, France, Finland, Italy, Turkey and elsewhere.
"This case should serve as a wake-up call to banks and consumers alike because cybercrime remains one of the greatest threats we face, and it is not going away anytime soon," Bharara said. "It threatens individuals, businesses and governments alike."
He told a news conference that cybercriminals "believe that their online anonymity and their distance from New York render them safe from prosecution, but nothing could be further from the truth."
Venizelos said law enforcement had seized 51 computer servers in Romania, along with laptops, desktops and external hard drives, accumulating more than 250 terabytes of information.
So far, the investigation has produced three arrests, including that of Nikita Kuzmin, who pleaded guilty to computer intrusion and fraud charges in May 2011, admitting his role in creating the virus. The plea was followed by the arrest in November of a co-conspirator in Latvia and another in Romania last month. Extradition proceedings are under way against both on various criminal charges, including conspiracy.
The NASA breach occurred from Dec. 14, 2007, to Aug. 9, 2012, with the most damage occurring between May and August last year, according to documents filed in U.S. District Court in Manhattan. The infected computers sent data without user authorization, including login credentials for an eBay account and a NASA email account, details of visited websites and the contents of Google chat messages.
The Gozi virus was designed in 2005 and distributed beginning in 2007, when it was secretly installed onto each victim's computer in a manner that left it virtually undetectable by antivirus software.
Authorities say Kuzmin began designing the Gozi virus in 2005 to steal personal bank account information of individuals and businesses in a widespread way.