Two Romanian men were sentenced Friday in federal court for infecting over 400,000 computers with malware and gain access to credit card and other information for later sale on dark market websites.
Bogdan Nicolescu, 37, and Radu Miclaus, 37, both from Bucharest, Romania, were sentenced Friday to 20 years and 18 years, respectively. Nicolescu, Miclaus, and others operated a criminal enterprise referred to as the “Bayrob Group” from Bucharest, Romania, according to testimony at trial and court documents.
It began in 2007 with the development of proprietary malware, which they disseminated through malicious emails purporting to be legitimate emails from entities and agencies such as Western Union, Norton AntiVirus, and the IRS. When recipients clicked on an attached file, the malware secretly installed itself onto their computers.
This malware harvested email addresses from the infected computer, such as from contact lists or email accounts, and then sent malicious emails to these harvested email addresses, the court records said. By using the infected computers to reach out and control additional computers, the defendants infected and controlled more than 400,000 individual computers, primarily in the United States.
In addition to using the infected network to expand its size, Nicolescu, Miclaus, and other members of the Bayrob Group used the collective processing power of the computer network to solve complex algorithms for the financial benefit of the group, a process known as cryptocurrency mining, court records said.
The defendants also engaged in persistent and sophisticated data mining of the infected computers, selling information gleaned from infected computers repeatedly over time on the Dark Web, court records said. Investigators discovered evidence on the Dark Web of trafficking in users’ personal financial information, passwords, and access to their computers.
In total, this criminal enterprise resulted in losses of at least $4 million.
The investigation started with a complaint from a victim in the Northern District of Ohio. If it wasn’t for that victim contacting law enforcement, the defendants’ malware would have likely continued to infect thousands of additional computers, law enforcement officials said.
“Today’s sentences underscore the critical work being done to investigate and prosecute to the fullest extent those criminals who think that the presumed anonymity of the Internet can hide their pervasive and extensive criminal activities,” said U.S. Attorney Justin Herdman.
“These sentences handed down today reflect the dynamic landscape in which international criminals utilize sophisticated cyber methods to take advantage of and defraud, unsuspecting victims anywhere in the world,” said FBI Special Agent in Charge Eric Smith. “Despite the complexity and global character of these investigations, this investigation and prosecution demonstrate the commitment by the FBI and our partners to aggressively pursue these individuals and bring justice to the victims.”
The FBI investigated the case, with assistance from the Romanian National Police and the Romanian Directorate for the Investigation of International Organized Crime and Terrorism.