Three Romanian were indicted for involvement in $4 million cyber fraud scheme that infected 60,000 computers and sent 11 million malicious emails, according to officials.
The trio were named in a 21-count indictment was unsealed Friday.
Bogdan Nicolescu, 34, Tiberiu Danet, 31, and Radu Miclaus, 34, were extradited to the U.S. this week after being taken into custody in their native Romania earlier this year.
They were each charged with 12 counts of wire fraud, as well as one count each of conspiracy to commit wire fraud, conspiracy to traffic in counterfeit service marks, aggravated identity theft, conspiracy to commit money laundering and conspiracy to violate the Computer Fraud and Abuse Act, according to officials.
“These defendants stole millions of dollars from people in the United States through a sophisticated fraud conspiracy they operated in Eastern Europe,” said U.S. Attorney Carole S. Rendon. “Cybercrime is an ever-growing threat. We will continue to work with both our partners in law enforcement and in the private sector to evolve with the threat and protect our networks and national security.”
According to the indictment, Nicolescu, Danet and Miclaus collectively operated a criminal conspiracy from Bucharest, Romania, which began at least as early 2007 with the development of proprietary malware used to infect and control more than 60,000 computers, primarily in the United States.
The co-conspirators allegedly used the computers to get information, such as credit card information, user names and passwords; disable malware protection; and solve complex algorithms to accrue valuable cryptocurrency for the financial benefit of the group, a process known as cryptocurrency mining, officials said.
To spread their malware, the defendants allegedly activated files that forced infected computers to register a total of over 100,000 email accounts with public email providers, according to the indictment.
The co-conspirators sent a total of more than 11 million emails containing the malware from these accounts to email contacts copied from victim computers.
When victims with infected computers visited websites such as Facebook, PayPal or eBay, the co-conspirators would redirect the computers to a nearly identical website they had created to steal account credentials.
The defendants then used stolen credit card information to fund their criminal infrastructure while concealing their identities.
In addition, the indictment alleges that the defendants placed more than 1,000 fraudulent listings for automobiles, motorcycles and other high-priced goods on eBay and similar auction websites.
Photos of the items were allegedly infected with malware, which, when clicked, redirected victims to fictitious webpages designed by the co-conspirators to resemble legitimate eBay pages, according to the indictment.
The fictitious webpages prompted users to pay for their goods through a nonexistent “eBay Escrow Agent,” and payments would then be funneled back to the co-conspirators.
This scheme allegedly resulted in at least $4 million – though the actual total may be tens of millions more – in losses to victims, which the defendants laundered through wire transfers under the names of fictitious companies and then collected and delivered to the co-conspirators by “money mules,” according to officials.
The defendants are presumed innocent unless proven guilty.