Gozi trojan scheme nears end

Most people are likely familiar with some sort of cybercrime. If not from personal experience, everyone probably knows someone who has been affected by such crimes. One of the most famous crimes in the cyber realm may soon come to an end. The three leaders of the Gozi cybercrime gang have been indicted in federal court, leading to the potential end of their reign of terror.

The Gozi Trojan was successful in stealing millions of dollars from people throughout the past few years. The virus prompted computer users to enter further information such as their mother’s maiden name and social security numbers in order to gain access to their online accounts. This information was then sent to a server in California, which relayed the information central command-and-control which was located in the Netherlands. From there, many online criminals could buy this personal information and use it to transfer out money from other people’s accounts. The Gozi Trojan has infected over 1 million computers worldwide, including over 40,000 in the United States.

Three Eastern-European men are currently in US custody and are being held on the accusation of being the creators and distributors of the Gozi Trojan, in addition to being the leaders of the Gozi gang as a whole. These men face charges anywhere from 65 to 95 years in prison.

A Russian national by the name of Nikita Kuzmin is allegedly the mastermind behind the whole operation. It is believed that Kuzmin is the one who designed the technical specifications and hired a computer programmer to design the Gozi Trojan back in 2005. Kuzmin was arrested in the United States in 2010, and in 2011 pleaded guilty to charges of computer intrusion and fraud.

Additionally, a man named Deniss Calovskis, of Latvia, has been charged with allegedly writing some of the most effective components of the computer code present in the Gozi Trojan. He was arrested in Latvia in November of 2012, and has been indicted on many charges including conspiracy to commit aggravated identity theft.

Finally, a Romanian man named Mihai Ionut Paunescu has been charged. It is believed that he operated the “bulletproof hosting” service that allowed for the Gozi Trojan to be distributed so effectively. Paunescu’s hosting service has also been essential in allowing other cybercriminals to distribute various other forms of malware.

The Gozi Trojan became effective through what is called the “76 service” in which Kuzmin would sell access to the information to other cybercriminals for a weekly fee. The service evolved into allowing criminals to specify their reign of terror by picking questions and even focusing on a country of their choosing. Eventually, in 2009, Kuzmin reached a point where he began selling the source code for the Gozi Trojan for $50,000 per copy.

For the first three years of the creation of the Gozi Trojan, the group focused exclusively on European banks. Due to this situation, many law enforcement officers in the United States lacked an interest in the case since it wasn’t directly affecting the US. However, in 2010, the Gozi gang switched their focus and almost exclusively targeting US banks, which is the point where the FBI began to take interest in the case. Since its creation, the Gozi Trojan has infected computers all across the world, and even gained access to 160 computers at NASA, where it began to steal login credentials.

Now that these three men are being charged, the future of the Gozi Trojan is a big question. Unlike many other forms of malware, the Gozi Trojan lacks a certain level of user friendliness, which makes it require more expertise in order to operate. That fact combined with the tight-knit nature of the gang suggests that the Gozi Trojan will likely fade away in near future.