A federal jury has convicted two Romanian cybercriminals of infecting computers with malware in order to steal credit card and other information that resulted in the loss of millions of dollars.
The stolen data was used to sell on dark market websites, as well as mine cryptocurrency and in online auction schemes, according to a Department of Justice announcement by Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division and U.S. Attorney Justin E. Herdman of the Northern District of Ohio.
The defendants, Bogdan Nicolescu and Radu Miclaus, were convicted of conspiracy to commit wire fraud, conspiracy to traffic in counterfeit service marks, aggravated identity theft, conspiracy to commit money laundering and 12 counts each of wire fraud. They are both scheduled to be sentenced on Aug. 14.
Beginning in 2007, Nicolescu, Miclaus and a co-conspirator used malware to steal email addresses from more than 400,000 infected computers, primarily in the United States. The defendants were then able to take personal information, such as credit card information, user names and passwords, as well as mine cryptocurrency.
The stolen credit card information was used to fund their criminal infrastructure, including renting server space, registering domain names and paying for Virtual Private Networks (VPNs).
“The defendants also used stolen email credentials to copy a victim’s email contacts. They also activated files that forced infected computers to register email accounts with AOL. The defendants registered more than 100,000 email accounts using this method. They then sent malicious emails from these addresses to the compromised contact lists. Through this method, they sent tens of millions of malicious emails,” the announcement explained.
In addition, when victims with infected computers visited websites such as Facebook, PayPal and eBay, the criminals would redirect the computer to an almost identical, but fraudulent website, allowing the defendants to steal account credentials.
The defendants were also able to place fake pages into websites such as eBay, going on to place “more than 1,000 fraudulent listings for automobiles, motorcycles and other high-priced goods on eBay and similar auction sites. Photos of the items were infected with malware, which redirected computers that clicked on the image to fictitious webpages designed by the defendants to resemble legitimate eBay pages,” according to the announcement.
Users were then prompted to pay for their items through a fraudulent “eBay Escrow Agent,” which was actually a person hired by the defendants.