Hijacked computer: What to do
A Gulfport casino is among the American businesses targeted by a transnational cybercrime network that attempted to steal at least $100 million from victims around the world, according to a release from the U.S. Department of Justice.
Federal authorities announced this week the dismantling of the criminal network that attempted to install viruses and gain access to personal banking accounts from tens of thousands of victims in the United States and Europe.
The specific casino targeted in the attack is not identified in the 54-page indictment filed U.S. District Court in Western Pennsylvania, where several of the victims live. But it says the casino is in Gulfport, and Island View Casino is the only one in Gulfport. The Coast’s other 11 casinos are in Biloxi, D’Iberville and Bay St. Louis.
The Coast casino is referred to as “Victim 11” in the indictment and says a phishing email sent to a casino employee on the job gave the criminals access to install a type of malware called GozNye into the casino’s employee’s personal account.
As a result, the suspects obtained usernames and passwords to get into the victim’s bank account.
The attack on Victim 11 in Gulfport occurred around April 21, 2016, when the suspects gained access to the victim’s account at People’s Bank and attempted to steal $197,300 through four electronic fund transfers, the records say. The suspect made two successful electronic transfers totaling $185,00 from the victim’s account.
The defendants include five Russian nationals and residents of Georgia, Ukraine, Moldova and Bulgaria. All of the suspects used the GozNym malware to find victims’ online bank account information to steal and launder money, the DOJ said.
“International law enforcement has recognized that the only way to truly disrupt and defeat transnational, anonymized networks is to do so in partnership,” U.S. Attorney Scott W. Brady said. “The collaborative and simultaneous prosecution of the members of the GozNym criminal conspiracy in four countries represents a paradigm shift in how we investigate and prosecute cybercrime.”
The accused are facing federal charges of conspiracy to commit computer fraud, conspiracy to commit wire fraud and bank fraud, and conspiracy to commit money laundering.
Those charged so far include:
- Alexander Konovolov, aka “NoNe,” and “none_1,” 35, of Tbilisi, Georgia, who controlled 41,000 computer infected by the malware.
- Konovolov’s primary assistant, Marat Kazandjian, aka “phant0m,” age 31, of Kazakhstan, and Tbilisi, Georgia.
- Gennady Kapkanov, aka “Hennadiy Kapkanov,” “flux,” “ffhost,” “firestarter,” and “User 41,” age 36, of Poltava, Ukraine, who was identified as an administrator of a bulletproof hosting service known by law enforcement and computer security researchers as the “Avalanche” network.
- Alexander Van Hoof, aka “al666,” age 45, of Nikolaev, Ukraine, known as “cash-out” or “drop master” who provided fellow members of the criminal network with access to bank accounts.
- Eduard Malanici, aka “JekaProf,” and “procryptgroup, age 32, of Balti, Moldova, who provided crypting services to cybercriminals.
Five Russian nationals currently sought as fugitives are:
- Victor Vladmirovich Eremenko, aka Viktor Vladimirovich Eremenko, aka “nfcorpi”,
- Vladimir Gorin, aka “Voland”, “mrv”, and “riddler”,
- Farkhad Rauf Ogly Manokhin, aka “frusa”,
- Konstantin Volchkov, aka “elvi”,
- Ruslan Vladimirovich Katirkin, aka “stratos” and “xen”
Assistant U.S. Attorney Charles A. “Tod” Eberle, Chief of National Security and Cybercrime for the Western District of Pennsylvania, is prosecuting the case.