Skip to main content

The Globe and Mail

A bank heist in cyberspace: Millions stolen, three charged

U.S. Attorney for the Southern District of New York Preet Bharara holds a news conference on the Gozi virus in New York, Jan. 23, 2013. Federal prosecutors charged three people in as many countries with creating and distributing the computer virus that infected more than a million computers around the world, including some operated by NASA and others by banks.


For these new-age bank robbers, there was no need to wear masks or carry weapons. All that was required was a devious piece of computer code.

U.S. authorities announced criminal charges Wednesday against three men for what they alleged was a multiyear scheme to steal money from the bank accounts of individuals and businesses using a computer virus.

The bug – known as the Gozi virus – has infected at least a million computers around the world, they said, and more than 40,000 in the United States, including several dozen at the National Aeronautics and Space Administration.

Story continues below advertisement

It's unclear precisely how much money the alleged conspirators managed to rob, but in court documents, prosecutors put the losses at "tens of millions of dollars."

The suspected mastermind is a 25-year old Russian citizen named Nikita Kuzmin, who is now in U.S. custody. Also charged in connection with the scheme were Deniss Calovskis and Mihai Ionut Paunescu. They were arrested in Latvia and Romania, respectively, and are awaiting extradition to the United States.

"This case should serve as a wake-up call to banks and consumers alike, because cyber crime remains one of the greatest threats we face," Preet Bharara, the top federal prosecutor in Manhattan, told a press conference. "It is not going away any time soon."

Mr. Bharara is perhaps best known for his aggressive pursuit of a spate of insider trading cases. But in recent months, he has also sounded a persistent and public alarm about the danger posed by criminals operating online.

It's a particularly acute concern for businesses, he has noted in speeches and articles. His office has quietly encouraged companies to come forward when faced with hacking or other online intrusions, something they are at times reluctant to do for fear of unnerving customers or damaging their reputation.

Brian Krebs, an online security expert and former journalist for The Washington Post, described Wednesday's cases as "very significant." The virus involved is "one of the most advanced malware threats ever deployed," he said. What's more, one of the individuals charged – Mr. Calovskis – was "a major player in the cyber crime underground."

For many unwitting victims, the virus arrived in the form of a seemingly innocuous PDF file attached to an e-mail. Once opened, U.S. authorities said, the virus would collect personal information like user names and passwords for online bank accounts and relay that data to servers controlled by the conspirators.

Story continues below advertisement

The Gozi virus was the brainchild of Mr. Kuzmin, who is co-operating with U.S. authorities. He approached his creation as a business, court documents said, and initially rented the virus to other cyber criminals for a weekly fee. Later, he sold versions of the virus in exchange for $50,000 (U.S.) and a cut of the future profits, authorities alleged.

They also alleged that Mr. Kuzmin continually modified and updated the virus to keep it virtually undetectable. This was "their version of tech support," said George Venizelos, a senior agent at the Federal Bureau of Investigation, at Wednesday's press conference.

If Mr. Kuzmin was the mastermind, then Mr. Calovskis was the "idea man," prosecutors said. Among his innovations: developing pieces of code known as "web injects" that altered the appearance of bank websites on infected computers. One such web inject, authorities said, modified the welcome page of a bank website to include a prompt to disclose more personal information – social security number, mother's maiden name – in order to continue.

Mr. Paunescu allegedly provided another critical piece of the puzzle. He operated a so-called "bulletproof hosting" service, authorities said, which offered servers and Internet protocol addresses designed to preserve anonymity and evade detection by law enforcement.

His service was used by a number of online scammers, court documents said. The Gozi virus was one of several "banking Trojan" viruses distributed through Mr. Paunescu's hosting service, authorities claimed.

Wednesday's announcement is the product of two-and-a-half years of investigation by the FBI. The three men face numerous criminal charges which, in Mr. Kuzmin's case, carry a maximum penalty of 95 years in prison.

Story continues below advertisement

Report an error Editorial code of conduct Licensing Options
As of December 20, 2017, we have temporarily removed commenting from our articles. We hope to have this resolved by the end of January 2018. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to If you want to write a letter to the editor, please forward to