The U.S. Department of Justice recently announced the sentencing of a Romanian national who operated a “bulletproof hosting” service that facilitated the distribution of destructive malware.
Mihai Ionut Paunescu was sentenced to three years in prison in Manhattan federal court for conspiracy to commit computer intrusion in connection with operating a so-called bulletproof hosting service that allowed cybercriminals to disseminate the Gozi Virus, the Zeus Trojan, the SpyEye Trojan and the BlackEnergy malware, all of which were made to steal confidential information, according to a June 12 news release.
“Paunescu ran a ‘bulletproof’ hosting service that enabled cyber criminals throughout the world to spread malware that stole confidential financial information, crashed websites and caused other harm." DOJ Attorney Damian Williams said in the release. "By allowing cybercriminals to acquire online infrastructure for their unlawful activity without revealing their true identities, Paunescu’s bulletproof hosting service shielded his criminal customers from both law enforcement and cybersecurity professionals, while enriching himself. Paunescu now faces prison time and will be required to forfeit his ill-gotten gains."
Other cybercrimes like spearheading and carrying out distributed denial of service assaults and disseminating spam were also made possible by Paunescu, the release reported. Paunescu entered a plea of guilty before U.S. Magistrate Judge Valerie Figueredo Feb. 24. U.S. District Judge Lorna G. Schofield handed down her ruling June 12.
The Gozi Virus is malicious computer code, sometimes known as malware, that steals customers' usernames and passwords for their personal bank accounts, according to the release. More than a million computers were infected by the Gozi Virus, including computers in Germany, Great Britain, Poland, France, Finland, Italy, Turkey and other countries.Additionally, there was more than 40,000 computers in the U.S. affected, including those used by the National Aeronautics and Space Administration.
The Gozi Virus cost the people, companies and governments whose computers it infected tens of millions of dollars in losses, the release reported.
After being installed, the Gozi Virus — which was purposefully made so that it could not be detected by anti-virus software — began to gather information from the infected computer in order to record usernames and passwords for personal bank accounts, the release said. The Gozi Virus was then utilized by cybercriminals to transmit the data to a number of servers owned by them.
The funds were subsequently transferred out of the victims' bank accounts and into the control of these cybercriminals using the personal bank account information, according to the release.
The Zeus Trojan and the SpyEye Trojan were developed to collect private financial information from victims' computers, much like the Gozi Virus, the release said. BlackEnergy was later enhanced to incorporate the capability of stealing account login credentials. BlackEnergy was initially developed to perform web-based distributed denial of service attacks.
