A Varna, Bulgaria, man got a sentence of time served last week after spending 39 months in prison following his conviction on charges of criminal conspiracy, computer fraud, and bank fraud for his role as a member of the GozNym malware cybercrime network, said United States Attorney Scott W. Brady.
After the sentencing, Krasimir Nikolov, 47, will be transferred into U.S. Immigration and Customs Enforcement custody and removed from the United States to Bulgaria.
At the request of the United States, Nikolov was arrested in September 2016 by Bulgarian authorities and extradited to Pittsburgh in December 2016 to face prosecution in the Western District of Pennsylvania.
Nikolov’s primary role in the conspiracy was that of a “casher” or “account takeover specialist,” according to court records. In that capacity, Nikolov used victims’ stolen online banking credentials captured by GozNym malware to access victims’ online bank accounts and attempt to steal victims’ money through electronic transfers into bank accounts controlled by fellow conspirators.
Nikolov conspired with fellow GozNym members charged in a related indictment in May in The Hague, Netherlands by U.S. Attorney Brady and international partners from Georgia, Ukraine, Moldova, Bulgaria, Germany, Europol, and Eurojust.
The indictment, returned by a federal grand jury in Pittsburgh, charged 10 additional members of the GozNym criminal network with conspiracy to commit computer fraud, conspiracy to commit wire fraud and bank fraud, and conspiracy to commit money laundering.
Alexander Konovolov, aka “NoNe,” aka “none_1,” of Tbilisi, Georgia, was the primary organizer and leader of the GozNym network who controlled more than 41,000 victim computers infected with GozNym malware, according to the indictment.
Konovolov assembled the team charged in the indictment, in part by recruiting them through underground online criminal forums. Marat Kazandjian, aka “phant0m,” of Kazakhstan and Tbilisi, Georgia, was Konovolov’s primary assistant and technical administrator. Konovolov and Kazandjian were arrested and prosecuted in Georgia for their respective roles in the GozNym criminal network
In a related announcement, the Office of the Prosecutor General of Georgia and the Ministry of Internal Affairs of Georgia announced the convictions and imposition of sentences against Konovolov and Kazandjian following a lengthy trial held in Tbilisi, Georgia. In a new level of cooperation, the Georgian trial included witness testimony from an FBI agent and a computer scientist from the FBI’s Pittsburgh Field Office, as well as evidence obtained by the FBI and U.S. Attorney’s Office through their parallel investigation. The Georgian prosecution was based on violations of Georgian criminal laws perpetrated by Konovolov and Kazandjian against GozNym victims in the United States, including victims in the Western District of Pennsylvania.
“In announcing the prosecution of the GozNym international cybercrime syndicate with our law enforcement partners at Europol in May, I stated that borderless cybercrime necessitates a borderless response,” Brady said. “This new paradigm involves unprecedented levels of cooperation with willing and trusted law enforcement partners around the world who share our goals of searching, arresting and prosecuting cyber criminals no matter where they might be.”
“The FBI will not allow cyber criminals from any country to operate with impunity,” said FBI Pittsburgh Special Agent in Charge Robert Jones. “For years, these cyber criminals believed they could steal millions from innocent victims. Through international cooperation with multiple agencies, we were able to target, takedown and bring to justice members of this criminal enterprise.”