Site icon Sophos News

Gozi banking Trojan co-author pleads guilty

A Latvian programmer pleaded guilty on Friday, 4 September 2015, to writing malware that infected more than a million computers around the world, leading to tens of millions of dollars in losses.

Standing before a Manhattan federal court, Deniss Calovskis, 30, admitted conspiring to commit computer intrusion.

His plea marks the beginning of the end of a story that may have started as far back as 2005.

His arrest and prosecution involved the efforts of numerous agencies from around the world, including:

According to an indictment filed in 2013 by the US Department of Justice, Calovskis is one of three men accused of conspiring to “steal personal information that was used to access bank and other accounts online… using malicious computer code, or malware, known as the “Gozi Virus”.

Following the indictment, Calovskis at first avoided extradition to the US due to the Latvian government’s concerns over the length of the sentence he could face if found guilty.

Latvia’s foreign minister noted at the time that a potential 67 years behind bars was “disproportionate” to the crime he had been accused of.

Nevertheless, he remained in a Latvian cell for 10 months after his initial November 2012 arrest, before eventually being extradited in February this year.

The reason why Latvian authorities eventually handed him over appears to surround a plea agreement in which Calovskis agreed not to submit an appeal should he be sentenced to two years or less of imprisonment – a hint as to what may happen on 14 December 2015 at his sentencing hearing.

As for whether he would be given credit for time already served in Latvia, Calovskis’ lawyer, David Bertan, said the question remained an “open” one.

Calovskis, who went by the online handle of “Miami,” admitted being hired to write the Gozi Trojan which hit computers in the US – including 190 machines associated with NASA – as well as the UK, Germany, France, Finland, Italy, Poland and Turkey.

Speaking about the code he developed – which altered the appearance of banks’ websites, thus tricking victims into giving up personal information – Calovskis told the judge:

I knew what I was doing was against the law.

US attorney Preet Bharara said the case was a “wake-up call to banks and consumers” who need to know that the threat of cybercrime is not going away.

In addition to Calovskis, Russian national Nikita Kuzmin and Romanian citizen Mihai Ionut Paunescu also stand accused of being behind the Gozi Trojan.

According to prosecutors, Kuzmin was the mastermind of the operation, having conceived the idea in 2005.

Accused of renting Gozi out to other cyber criminals intent on stealing from banks, he was arrested in 2010. He secretly submitted a guilty plea in May 2011 as part of a deal with federal prosecutors.

Paunescu, who is alleged to have provided the secure hosting facilities required by the operation, was arrested in Romania in 2012. According to a spokesman for Bharara, his extradition remains pending.

Despite the detention of the major players behind the now ageing Gozi, the threat remains.

TIPS TO PROTECT YOURSELF AND YOUR MONEY ONLINE

💡 Learn more: 8 tips for safer online banking ►

💡 Learn more: How phishing works ►

💡 Learn more: Booby-trapped attachments ►

Image of binary Trojan horse courtesy of Shutterstock.com

Exit mobile version