Case Law Database

Cybercrime

Acts against the Confidentiality, Integrity and Availability of Computer, Data and Systems

• Illegal access to a computer system
• Illegal access of computer data

Computer-related acts for personal or financial gain

• Fraud
• Identity offences

Participation in an organized criminal group

Offences

• Agreement to commit a serious crime (conspiracy)

Degree of Involvement

• Overt act in furtherance of agreement

United States v Kuzmin, Calovskis and Paunescu (Gozi Virus)

Fact Summary

On 23 January 2013, the US District Court of the Southern District of New York unsealed three indictments against Nikita Vladimirovich Kuzmin, Deniss Calovskis and Mihai Ionut Paunescu. The defendants were charged with conspiracy in fraud and related activities in connection with computers and access devices for the creation and use of the Gozi virus. The Gozi virus is one of the most harmful computer viruses ever created. It infected at least one million computers worldwide and 40,000 in the US. It caused the theft or loss of tens of millions of dollars. The virus was undetectable by anti-virus software and was able to collect data from infected devices, including personal bank account information, usernames and passwords. The stolen information was then transmitted to servers controlled by the defendants. The defendants used such information to steal funds from victims’ bank accounts. Kuzmin created the Gozi virus in 2005. Calovskis developed a number of features, including an altered webpage of a bank that was used to steal personal information from the victims. Paunescu created a “bulletproof host”, i.e. a system preventing law enforcement authorities from detecting illegal activities. He leased servers from legitimate hosting providers and then sub-leased them to the cybercriminals. He also distributed malware, such as the “Zeus trojan” and the “SpyEye trojan”, and spam.

Kuzmin was arrested in the US in November 2010 and pled guilty in May 2011. Calovskis was arrested in Latvia in November 2012. In August 2013, the Latvian government agreed to extradite Calovskis to the US. However, Calovskis appealed the decision to the Europen Court of Human Rights (ECHR). The ECHR ruled that the extradition is lawful. However, the ECHR ordered the Latvian government not to extradite Calovskis until its judgment became final.Calovskis was later extradited to the US, where he plead guilty to writing part of the virus, and was sentenced to 21 months of prison. Paunescu was arrested in Romania in December 2012 and his extradition proceeding is pending before Romanian authorities.

Commentary and Significant Features

The case at hand concerns one of the most destructive cyberfrauds in history. The victims of the fraud are located not only in the US but also in several other countries in the world, including, but not limited to, Germany, Great Britain, Poland, France, Finland, Italy and Turkey. The virus also infected a number of computers belonging to NASA. The transnational dimension of the scheme proves that international cooperation is crucial in order to fight cybercrime. In this case, US law enforcement authorities sought international legal assistance. US prosecutors sent a Mutual Legal Assistance request to Romanian authorities in order to gather evidence related to Paunescu's illegal activities. In addition, the US government issued two extradition requests for Calovskis. (Latvia) and Paunescu (Romania).

This cyberfraud case shows that the more cybercriminals develop their ability to attack computers located in different jurisdictions, the more it is necessary to strenghten international legal cooperation in criminal matters.

Cross-Cutting Issues

Liability

... for

• completed offence
• attempt

... based on

• criminal intention

... as involves

• principal offender(s)
• participant, facilitator, accessory

Offending

Details

• involved an organized criminal group (Article 2(a) CTOC)
• occurred across one (or more) international borders (transnationally)

Involved Countries

United States of America

Romania

Latvia

Investigation Procedure

Involved Agencies

• Federal Bureau of Investigation (United States of America)
• Central Criminal Police Department of the State Police (Latvia)
• Intelligence Service (Romania)
• Directorate for Combating Organized Crime (Romania)
• Directorate for Investigating Organized Crime and Terrorism (Romania)

Confiscation and Seizure

Comments

The US District Court ordered the defendants to forfeit to the US the proceeds of the offences they had committed.

 

Computer specific investigative measures

• Seizure/Confiscation of hardware and/or software
• Order for release of information from third party service providers

Special investigative techniques

• Electronic or other forms of surveillance

Comments

The FBI carried out the investigation in cooperation with other law enforcement authorities and private sector security experts throughout the US and Europe. The joined efforts of these agencies led to the identification of the three defendants. The prosecution is taking place in the Southern District of New York as the illegal acts were committed in that district and elsewhere. In addition, the investigators used evidence gathered pursuant to a series of search warrants issued by US Magistrate Judges in the District of Nebraska in another cybercrime investigation. The investigators also relied on wiretaping evidence provided by Romanian authorities.

 

International Cooperation

Measures

• Extradition
• Mutual legal assistance

Outline

Deniss Calovskis was extradited from Romania to the United States. US authorities have also sought the extradition of Paunescu from Latvian authorities, and he currently awaits extradition to the US.
Romanian authorities provided evidence on the malware used by Paunescu to the US prosecutors pursuant to a Mutual Legal Assistance request.

 

Procedural Information

Legal System:
Common Law
Latest Court Ruling:
Court of 1st Instance
Type of Proceeding:
Criminal
 
 
Proceeding #1:
  • Stage:
    first trial
  • Court

    Court Title

    United States District Court for the Southern District of New York.

     

    Location

  • City/Town:
    New York City
  • Province:
    New York
  • • Criminal

    Description

    Kuzmin was indicted on 2 counts of conspiracy to commit fraud (bank and access device fraud), 2 counts of fraud (bank and access device fraud), 1 count of conspiracy to commit computer intrusion, 2 counts of computer intrusion for a maximum penalty of 95 years in prison.

    Kuzmin was arrested in the US in November 2010 and pled guilty before US District Judge Leonard B. Sand in May 2011.
    Indictment unsealed on January 23, 2013. The date of issuance of the indictment has been redacted.

    Kuzmin was sentenced on May 2nd, 2016 to time served (37 months).

     

    Outcome

  • Verdict:
    Guilty
  • Decision Date:
    Mon May 02 00:00:00 CEST 2016
    Proceeding #2:
  • Stage:
    Other
  • Court

    Court Title

    United States District Court for the Southern District

     

    Location

  • City/Town:
    New York City
  • Province:
    New York
  • • Criminal

    Description

    Calovskis was indicted on 3 counts of conspiracy to commit fraud (bank, access device and wire fraud), 1 count of conspiracy to commit computer intrusion and 1 count of conspiracy to commit aggravated identity theft for a maximum penalty of 67 years in prison. He was arrested in Latvia in November 2012 and released in October 2013.

     
  • Details:
    Indictment
  • Proceeding #3:
  • Stage:
    appeal
  • Official Case Reference:
    Calovskis v. Latvia, no. 22205/13, 24 July 2014
  • Decision Date:
    Thu Jul 24 00:00:00 CEST 2014

    Court

    Court Title

    European Court of Human Rights

     

    Location

  • City/Town:
    Strasbourg
  • • International

    Description

    Calovskis appealed the decision of the Latvian government to extradite him to the US. The Court stated that the extradition was in compliance with the European Convention on Human Rights. However, it ordered the Latvian government not to extradite Calovskis until its judgment became final.

    Calovskis was later extradited to the US.

     
    Proceeding #4:
  • Stage:
    first trial
  • Official Case Reference:
    United States of America v. Calovskis, No. 1:12-cr-00487 (S.D.N.Y. Jan. 5, 2016)
  • Court

    Court Title

    United States District Court for the Southern District of New York

     

    Location

  • City/Town:
    New York City
  • Province:
    New York
  • • Criminal

    Description

    Calovskis was convicted for his participation in writing computer code for "web injects" that enable the Gozi Virus to target information from particular banks.

    He was sentenced to time served (21 months).

     
    Proceeding #5:
  • Stage:
    Other
  • Details:
    Indictment
  • Court

    Court Title

    United States District Court for the Southern District of New York

     
    • Criminal

    Description

    Paunescu was indicted on one count of conspiracy to commit computer intrusion and two counts of conspiracy to commit fraud (wire and bank fraud) for a maximum penalty of 60 years in prison. He was arrested in Romania in December 2012 and is awaiting extradition to the US.

     

    Defendants / Respondents in the first instance

    Defendant:
    Nikita Vladimirovich Kuzmin
    Gender:
    Male
    Nationality:
    Russian

    Kuzmin is a Russian national who created the Gozi virus. He was arrested in the US in November 2010.

    Defendant:
    Deniss Calovskis
    Gender:
    Male
    Nationality:
    Latvian

    Calovskis, a/k/a “Miami,”is a Latvian national who wrote part of the computer code that made the Gozi virus so effective. He was arrested in Latvia in November 2012 and was extradited to the US after the European Court of Human Rights held his extradition would not violate his rights.

    Defendant:
    Mihai Ionut Paunescu
    Gender:
    Male
    Nationality:
    Romanian

    According to the FBI, Paunescu, a/k/a “Virus,”is a Romanian national who allegedly ran a “bulletproof hosting” service that enabled cyber criminals to distribute the Gozi virus, the Zeus trojan, and other notorious malware and to conduct other sophisticated cyber crimes. He was arrested in Romania in December 2012 and is awaiting extradition to the US.

    Charges / Claims / Decisions

    Defendant:
    Nikita Vladimirovich Kuzmin
    Charge:

    US Code - Title 18: Section 1030 (a), (b) and (c) - Fraud and related activity in connection with computers.
    US Code - Title 18: Section 1029 (a) and (b) - Fraud and related activity in connection with access devices.
    US Code - Title 18: Section 1349 - Attempt and conspiracy.

    Statute:
    US Code - Title 18
    Term of Imprisonment:
    3 years 1 Month
    Defendant:
    Deniss Calovskis
    Charge:

    US Code - Title 18: Section 371 - Conspiracy to commit offense or to defraud United States.
    US Code - Title 18: Section 1029 (b) - Fraud and related activity in connection with access devices.
    US Code - Title 18: Section 1030 (b) - Fraud and related activity in connection with computers.
    US Code - Title 18: Section 1349 - Attempt and conspiracy

    Statute:
    US Code - Title 18
    Term of Imprisonment:
    1 year 9 Months
    Defendant:
    Mihai Ionut Paunescu
    Charge:

    US Code - Title 18: Section 1030 (b) - Fraud and related activity in connection with computers.
    US Code - Title 18: Section 1349 - Attempt and conspiracy

    Statute:
    US Code - Title 18

    Court

    United States District Court for the Southern District of New York

    Sources / Citations

    United States of America v. Nikita Kuzmin, Information & Complaint

    United States of America v. Deniss Calovskis, Indictment

    United States of America v. Mihai Ionut Paunescu, Indictment & Complaint

    Calovskis v. Latvia, no. 22205/13, 24 July 2014

    "Nikita Kuzmin, Creator of the Gozi Virus, Sentenced in Manhattan Federal Court", US Department of Justice, Press Release, May 2, 2016.