Gozi is a computer virus designed to target online consumer bank accounts, according to Federal prosecutors who say they foiled an international cyber-crime ring in the United States and around the globe.
The criminal charges highlight the vulnerabilities of online consumer banking, which has become more popular in the digital age. It also comes just months after most every major U.S. bank suffered a relentless round of online attacks by Middle Eastern hackers.
In the case unveiled Wednesday, three men — a Russian, a Latvian and a Romanian — allegedly created and spread a virus they called “Gozi” that infected more than 1 million computers around the globe, including at least 40,000 in the United States.
The virus and other malicious software infected individuals’ and businesses’ computers, and then stole log-in information for online banking and other accounts. One program even imitated a bank’s website, tricking users into giving away their PINs and personal information, such as their mothers’ maiden names.
“Their bank heists required neither a mask nor a gun, but a clever computer program and an Internet connection,” Preet Bharara, the U.S. attorney in Manhattan, told reporters Wednesday.
Referencing a quotation often attributed to the notorious bank robber Willie Sutton, Bharara said, “Cyber criminals target banks too because that’s where the money still is.”
Although the Gozi virus’ reach spanned the globe — infecting computers in Turkey, Poland and Finland, among other countries — Bharara could not say how many U.S. customers’ accounts had been breached. Nor could he say how much was stolen from the accounts, aside from alleging “tens of millions” of dollars in losses globally. He said the investigation was continuing.
NASA also fell victim to the virus. About 190 of the space agency’s computers came down with the bug between 2007 and 2012, according to court documents. Extracted data allegedly included log-in information for a NASA email account, Web browsing histories and Google chat messages.
Gozi’s mastermind was Nikita Kuzmin, a Russian programmer who created the virus in 2005, authorities said. The virus infiltrated computers through spam email or seemingly innocuous .pdf document files.
Prosecutors said Deniss Calovskis, a Latvian who went by the nickname Miami, allegedly helped develop “Web injects,” such as the phony bank site. Mihai Paunescu, a Romanian known by his online handle Virus, ran what authorities said was essentially an online bazaar for cyber criminals who bought or leased the virus and helped spread it around the world.