Earlier this week Nikita Kuzmin, a 28-year old Russian citizen who created the Gozi malware, was released from US prison after being sentenced in a federal court to time served (37 months). Kuzmin was also ordered to pay forfeiture and restitution in the amount of nearly $7 million.
Kuzmin pled guilty to the computer intrusion and fraud charges in May 2011. The relatively short prison sentence is due to a cooperation agreement with the US authorities – more likely than not they used his expertise in other investigations, notes Help Net Security.
Gozi, which was used to steal money from bank accounts, caused tens of millions of dollars in losses.
According to the charging and sentencing documents, and statements made in Manhattan federal court: “Once downloaded, the malware collected bank account-related data from the victim’s computer, including the username and password, to access the victim’s bank account online. The malwaremalware transmitted that data to the individuals who controlled the malware, which they used fraudulently to transfer money out of victims’ bank accounts. The network security experts subsequently identified a server that contained certain data stolen by Gozi, including 10,000 account records belonging to over 5,200 personal computer users. The records included login information for accounts at over 300 companies, including leading global banks and financial services firms. ”
The malware thus infected over one million computers across the United States, Germany, Great Britain, Poland, France, Finland, Italy, Turkey, and other countries. US victims include individuals, companies, and others, including the NASA.
Cybercrime as a service
In addition to creating Gozi, Kuzmin developed an innovative means of distributing and profiting from it.
“Unlike many cybercriminals at the time, who profited from malware solely by using it to steal money, Kuzmin rented out Gozi to other criminals, pioneering the model of cybercriminals as service providers,” the US Attorney’s Office stated.
For a fee of $500 a week paid in WebMoney, a digital currency from Russia which is widely used by cybercriminals across the globe, Kuzmin rented the Gozi “executable” to other criminals, the investigation revealed.
“Kuzmin designed Gozi to work with customized ‘web injects’ created by other criminals that could be used to enable the malware to target information from specific banks; for example, criminals who sought to target customers of particular American banks could purchase web injects that caused the malware to search for and steal information associated with those banks. Once Kuzmin’s customers succeeded in infecting victims’ computers with Gozi, the malware caused victims’ bank account information to be sent to a server that Kuzmin controlled where, as long as the criminals had paid their weekly rental fee, Kuzmin gave them access to it. Kuzmin, who used the online identity ’76,’ advertised this cybercriminal business, which he called ’76 Service,’ on underground cybercriminal forums. Kuzmin made at least a quarter of a million dollars renting and selling Gozi to other criminals,” according to the US Attorney’s Office.
Kuzmin previously had significant computer science training, attending two major engineering universities in Russia and graduating with a computer science degree.
Source: US Department of Justice.
