In the next step in "Operation Tovar," the FBI's plan to break up the GameOver Zeus botnet and Cryptolocker ransomware case and to identify the criminals behind the hacking schemes, the FBI has released an arrest warrant for Evgeniy Mikhailovich Bogachev, the alleged mastermind behind both criminal Internet attacks.
The 30-year-old Bogachev is believed to be living in Anapa, a resort town in Russia's Black Sea area. Since Russia does not extradite citizens charged with crimes in other countries, it is unlikely Bogachev will ever face his accusers in the U.S. The indictment against him is related, however, to a recent policy change that will see the United States pursue cybercriminals beyond U.S. borders, even in cases where capture and extradition is difficult.
The recent indictment of five members of China's People's Liberation Army for economic espionage is another example of the new approach.
"As far as Russia, we are in contact with them and we've been having discussions with them about moving forward and about trying to get custody of Mr. Bogachev," said U.S. Deputy Attorney General James Cole. The counts against Bogachev include conspiracy, computer hacking, wire fraud, bank fraud and money laundering. Bogachev is also wanted for his alleged involvement in the operation of a prior variant of Zeus malware known as "Jabber Zeus." This malware and other "Zeus" infections date back to 2007.
The civil injunction against Bogachev notes that he is linked to well-known online nicknames "Slavik" and "Pollingsoon." The criminal complaint (filed in Omaha, Neb.) also uses "Lucky12345" as another online alias.
Cryptolocker, a ransomware scheme, employed GameOver Zeus as a common distribution mechanism. Unsolicited emails containing an infected file claiming to be a voicemail or shipping confirmation are also used to distribute Cryptolocker. This malware first appeared around September 2013 and uses cryptographic key pairs to encrypt the computer files of victims, who are then required to pay up to $750 dollars to receive the key to unlock the files. As of April 2014, Cryptolocker had attacked more than 200,000 computers, with more than half of the attacks occurring in the United States.
The FBI and the U.S. Department of Justice highly recommend that computer users who suspect that they have been victimized by either GameOver Zeus or Cryptolocker malware visit this Department of Homeland Security website for assistance in removing the malware.
Anyone claiming an interest in any of the property seized or actions taken pursuant to the court orders visit this Department of Justice website for notice of the full content of the orders.