Russian ‘Evil Corp’ hackers charged by US in $100m cyber theft
US officials announce a $5m reward towards the hacking group leader’s arrest, highest ever offered for a cybercriminal.
Two members of a Russia-based hacking group that calls itself Evil Corp have been accused by authorities in the United States of the worst computer hack and bank fraud that stole more than $100m from companies across the world.
Evil Corp’s alleged leader Maksim V Yakubets, 32, and administrator Igor Turashev, 38, were charged on Thursday in a 10-count indictment, including bank fraud, conspiracy, computer hacking and wire fraud.
Separately, the US Treasury Department said that in collaboration with Britain’s National Crime Agency, it was freezing all assets of the two Russian men, along with 15 other associates.
The two men have not been arrested and their whereabouts are unknown. Russia and the US do not have an extradition treaty.
An international law enforcement operation has exposed the world’s most harmful cyber crime group, Evil Corp.
Maksim Yakubets has been indicted in the United States following unprecedented collaboration between the NCA, @FBI, @NCSC & @TheJusticeDept.https://t.co/YFXDuk8PpO pic.twitter.com/EE3TafK7qC
— National Crime Agency (NCA) (@NCA_UK) December 5, 2019
The British agency called Evil Corp “the world’s most harmful cyber crime group” and posted pictures on Twitter of Yakubets, his customised Lamborghini sports car and his 2017 wedding, on which it said he had spent more than $300,000.
US officials are offering a $5m reward for information leading to Yakubets’ arrest and conviction, calling it the largest reward ever offered for an accused cybercriminal.
Alleged links with Russian government
In a statement, US Treasury officials also accused Yakubets of recruiting cybercriminals for the Russian government.
According to the statement, he began working for FSB, a successor to the KGB spy agency, in 2017 and was tasked to work on projects including “acquiring confidential documents through cyber-enabled means and conducting cyber-enabled operations on its behalf”.
The Treasury’s press office would not elaborate on those projects.
A US-based analyst said the case highlighted the difficulties authorities face when dealing with cybercrime.
“This is very significant. It’s a major boost of a major criminal cyber ring, but what the FBI wasn’t really focusing on in their announcements was it took them eight years to do this investigation,” Jody Westby, CEO of Global Cyber Risk, told Al Jazeera.
“They begin it in 2011, so it’s wonderful that they finally brought this ring into indictments. It is doubtful they will ever bring these two Russians to trial, because they remain in Russia, and it highlights… how hard it is to track and trace … cybercrime investigations.”
How the cyber theft worked
Evil Corp is alleged to be behind an ever-evolving family of malicious software, “Bugat” (also known as “Dridex” and “Kridex”), which has bedevilled banks and businesses since it first appeared in 2011.
Their tools, which built from an early malware known as Zeus, could also be used to defeat banks’ online computer security systems.
Prosecutors said the malware automates the theft of credentials used to log in to banks and other financial institutions.
It was typically delivered through phishing emails that tricked users into entering their personal information at fake online banking websites, investigators said.
The online thieves would then make unauthorised withdrawals. It has since also branched out into ransomware.
Yakubets, who used the online moniker “aqua”, and Turashev are accused of targeting two banks, a school district and four companies in Pennsylvania as well as a gun manufacturer.
The hackers are alleged to have victimised 21 specific municipalities, banks, companies and non-profit organisations in nearly a dozen US states.