FBI, DoJ take out $10 Million “Bugat” banking botnet

FBI, DoJ: Andrey Ghinkul, of Moldova, was charged in a nine-count indictment

The FBI and US Department of Justice today said they disrupted the activities and arrested the administrator of the botnet known as “Bugat,”  “Cridex” or “Dridex,” which authorities said pilfered over $10 million.

More on Network World: Gartner: Risk, relentless data center demand, open source and other tech trends IT needs to know

The FBI called Bugat a sophisticated malware package designed to steal banking and other credentials from infected computers and is generally distributed through phishing. The software typically can upload files from an infected computer and download executable files to the victim’s system. Collected information id sent to the criminal’s system. Bugat is specifically designed to defeat antivirus and other protective measures employed by victims.

The agencies said Andrey Ghinkul, aka Andrei Ghincul and Smilex, 30, of Moldova, was charged in a nine-count indictment with criminal conspiracy, unauthorized computer access with intent to defraud, damaging a computer, wire fraud and bank fraud.  Ghinkul was arrested on Aug. 28, 2015 in Cyprus and the United States is seeking his extradition.

According to the DoJ, the indictment alleges that Ghinkul and his co-conspirators used the malware to steal banking credentials and then, using the stolen credentials, to initiate fraudulent electronic funds transfers of millions of dollars from the victims’ bank accounts into the accounts of money mules, who further transferred the stolen funds to other members of the conspiracy.

Specifically, according to the indictment, on Dec. 16, 2011, Ghinkul and others allegedly attempted to cause the electronic transfer of $999,000 from the Sharon, Pennsylvania, City School District’s account at First National Bank to an account in Kiev, Ukraine, using account information obtained through a phishing email.

In addition, Ghinkul and others allegedly caused the international transfer on Aug. 31, 2012, of $2,158,600 from a Penneco Oil account at First Commonwealth Bank to an account in Krasnodar, Russia, and the international transfer on Sept. 4, 2012, of $1,350,000 from a Penneco Oil account at First Commonwealth Bank to an account in Minsk, Belarus.

The indictment also asserts that on Sept. 4, 2012, Ghinkul attempted to cause the electronic transfer of $76,520 from a Penneco Oil account at First Commonwealth Bank to an account in Philadelphia. In all three instances, the company’s account information was allegedly obtained through a phishing email sent to a Penneco Oil employee.

The DoJ said the United States obtained a civil injunction in the Western District of Pennsylvania authorizing the FBI to take measures to redirect automated requests by victim computers for additional instructions to substitute servers.

Check out these other hot stories:

DARPA’s wants vanishing drones

Gartner: Risk, relentless data center demand, open source and other tech trends IT needs to know

Gartner: Get onboard the algorithm train!

Gartner: IT should simplify security to fight inescapable hackers

NASA targets Venus, asteroids with potential missions

Network security weaknesses plague federal agencies

What will be hottest space research in next ten years?

NASA spots briny water flows on Mars

Researchers tout technology to make electronics out of old tires

CIA details agency’s new digital and cyber espionage focus

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.