Two Romanian residents, Bogdan Nicolescu, 37, and Radu Miclaus, 37, are being sentenced to 20 years and 18 years in prison, respectively, for their alleged involvement in installing malware on over 400,000 computers in order to obtain personal user information. The network of hacked computers was also used to mine cryptocurrencies.
The defendants were investigated by the Federal Bureau of Investigation and prosecuted in Ohio. Accused of infecting thousands of personal computers with malicious malware scripts in order to gain access to credit card and other personal user information, Nicolescu and Miclaus were found guilty of selling the stolen data on the dark web.
Testimony and court papers revealed that Nicolescu, Miclaus and other Romanian citizens were running a “criminal enterprise” dubbed the “Bayrob Group” from Bucharest, Romania. The group reportedly began operating in 2007 with the development of customized malware software, which was sent via emails claiming to be from trustworthy organizations including Western Union, Norton AntiVirus and the Internal Revenue Service.
When the unsuspecting recipients downloaded the malicious files, the malware automatically installed itself onto the victims’ PCs. The malware then obtained the email addresses from the targeted PCs, including users’ contacts, and began sending out malicious emails to the harvested lists.
According to a statement released on Friday by the US Attorney’s Office,
“By using the infected computers to reach out and control additional computers, the defendants infected and controlled more than 400,000 individual computers, primarily in the United States.
In addition to using the infected network to expand its size, Nicolescu, Miclaus, and other members of the Bayrob Group used the collective processing power of the computer network to solve complex algorithms for the financial benefit of the group, a process known as cryptocurrency mining.”
The investigation began when a complaint was filed by an alleged victim in the Northern District of Ohio. Case investigators also claim they found evidence on dark web forums of “trafficking in users’ personal financial information, passwords, and access to their computers” with criminal activities reportedly leading to losses of around $4 million.
Romania’s National Police and the Romanian Directorate for the Investigation of International Organized Crime and Terrorism assisted the FBI and the the US Department of Justice’s Office of International Affairs assisted the prosecution.
On Tuesday, US authorities arrested three men in connection with BitClub Network, an alleged Bitcoin scam that was highly lucrative and appeared to rake in a whopping $722 million.
The US Attorney’s Office for the District of New Jersey published a press release on Tuesday detailing the indictments of Matthew Brent Goettsche, 37, of Lafayette, Colorado; Jobadiah Sinclair Weeks, 38, of Arvada, Colorado; and Joseph Frank Abel, 49, of Camarillo, California, who were indicted on multiple charges of conspiracy to commit wire fraud and conspiracy to offer and sell unregistered securities through BitClub Network, a mining pool operation.
Goettsche was arrested in Colorado, Weeks in Florida, and Abel in California following investigations led by the FBI and the Internal Revenue Service.
According to documents filed in the case and statements made in court,
“From April 2014 through December 2019, the defendants operated BitClub Network, a fraudulent scheme that solicited money from investors in exchange for shares of purported cryptocurrency mining pools and rewarded investors for recruiting new investors. Goettsche, Weeks, and others conspired to solicit investments in BitClub Network by providing false and misleading figures that BitClub investors were told were ‘bitcoin mining earnings,’ purportedly generated by BitClub Network’s bitcoin mining pool. Goettsche discussed with his conspirators that their target audience would be ‘dumb’ investors, referred to them as ‘sheep,’ and said he was ‘building this whole model on the backs of idiots.’ Goettsche directed others to manipulate the figures displayed as ‘mining earnings’ during the course of the conspiracy.”
Two defendants remain at large.