On 23 January 2013, the US District Court of the Southern District of New York unsealed three indictments against Nikita Vladimirovich Kuzmin, Deniss Calovskis and Mihai Ionut Paunescu. The defendants were charged with conspiracy in fraud and related activities in connection with computers and access devices for the creation and use of the Gozi virus. The Gozi virus is one of the most harmful computer viruses ever created. It infected at least one million computers worldwide and 40,000 in the US. It caused the theft or loss of tens of millions of dollars. The virus was undetectable by anti-virus software and was able to collect data from infected devices, including personal bank account information, usernames and passwords. The stolen information was then transmitted to servers controlled by the defendants. The defendants used such information to steal funds from victims’ bank accounts. Kuzmin created the Gozi virus in 2005. Calovskis developed a number of features, including an altered webpage of a bank that was used to steal personal information from the victims. Paunescu created a “bulletproof host”, i.e. a system preventing law enforcement authorities from detecting illegal activities. He leased servers from legitimate hosting providers and then sub-leased them to the cybercriminals. He also distributed malware, such as the “Zeus trojan” and the “SpyEye trojan”, and spam.
Kuzmin was arrested in the US in November 2010 and pled guilty in May 2011. Calovskis was arrested in Latvia in November 2012. In August 2013, the Latvian government agreed to extradite Calovskis to the US. However, Calovskis appealed the decision to the Europen Court of Human Rights (ECHR). The ECHR ruled that the extradition is lawful. However, the ECHR ordered the Latvian government not to extradite Calovskis until its judgment became final.Calovskis was later extradited to the US, where he plead guilty to writing part of the virus, and was sentenced to 21 months of prison. Paunescu was arrested in Romania in December 2012 and his extradition proceeding is pending before Romanian authorities.
United States of America
Romania
LatviaThe US District Court ordered the defendants to forfeit to the US the proceeds of the offences they had committed.
The FBI carried out the investigation in cooperation with other law enforcement authorities and private sector security experts throughout the US and Europe. The joined efforts of these agencies led to the identification of the three defendants. The prosecution is taking place in the Southern District of New York as the illegal acts were committed in that district and elsewhere. In addition, the investigators used evidence gathered pursuant to a series of search warrants issued by US Magistrate Judges in the District of Nebraska in another cybercrime investigation. The investigators also relied on wiretaping evidence provided by Romanian authorities.
Deniss Calovskis was extradited from Romania to the United States. US authorities have also sought the extradition of Paunescu from Latvian authorities, and he currently awaits extradition to the US.
Romanian authorities provided evidence on the malware used by Paunescu to the US prosecutors pursuant to a Mutual Legal Assistance request.
United States District Court for the Southern District of New York.
Kuzmin was indicted on 2 counts of conspiracy to commit fraud (bank and access device fraud), 2 counts of fraud (bank and access device fraud), 1 count of conspiracy to commit computer intrusion, 2 counts of computer intrusion for a maximum penalty of 95 years in prison.
Kuzmin was arrested in the US in November 2010 and pled guilty before US District Judge Leonard B. Sand in May 2011.
Indictment unsealed on January 23, 2013. The date of issuance of the indictment has been redacted.
Kuzmin was sentenced on May 2nd, 2016 to time served (37 months).
United States District Court for the Southern District
Calovskis was indicted on 3 counts of conspiracy to commit fraud (bank, access device and wire fraud), 1 count of conspiracy to commit computer intrusion and 1 count of conspiracy to commit aggravated identity theft for a maximum penalty of 67 years in prison. He was arrested in Latvia in November 2012 and released in October 2013.
European Court of Human Rights
Calovskis appealed the decision of the Latvian government to extradite him to the US. The Court stated that the extradition was in compliance with the European Convention on Human Rights. However, it ordered the Latvian government not to extradite Calovskis until its judgment became final.
Calovskis was later extradited to the US.
United States District Court for the Southern District of New York
Calovskis was convicted for his participation in writing computer code for "web injects" that enable the Gozi Virus to target information from particular banks.
He was sentenced to time served (21 months).
United States District Court for the Southern District of New York
Paunescu was indicted on one count of conspiracy to commit computer intrusion and two counts of conspiracy to commit fraud (wire and bank fraud) for a maximum penalty of 60 years in prison. He was arrested in Romania in December 2012 and is awaiting extradition to the US.
Kuzmin is a Russian national who created the Gozi virus. He was arrested in the US in November 2010.
Calovskis, a/k/a “Miami,”is a Latvian national who wrote part of the computer code that made the Gozi virus so effective. He was arrested in Latvia in November 2012 and was extradited to the US after the European Court of Human Rights held his extradition would not violate his rights.
According to the FBI, Paunescu, a/k/a “Virus,”is a Romanian national who allegedly ran a “bulletproof hosting” service that enabled cyber criminals to distribute the Gozi virus, the Zeus trojan, and other notorious malware and to conduct other sophisticated cyber crimes. He was arrested in Romania in December 2012 and is awaiting extradition to the US.
US Code - Title 18: Section 1030 (a), (b) and (c) - Fraud and related activity in connection with computers.
US Code - Title 18: Section 1029 (a) and (b) - Fraud and related activity in connection with access devices.
US Code - Title 18: Section 1349 - Attempt and conspiracy.
US Code - Title 18: Section 371 - Conspiracy to commit offense or to defraud United States.
US Code - Title 18: Section 1029 (b) - Fraud and related activity in connection with access devices.
US Code - Title 18: Section 1030 (b) - Fraud and related activity in connection with computers.
US Code - Title 18: Section 1349 - Attempt and conspiracy
US Code - Title 18: Section 1030 (b) - Fraud and related activity in connection with computers.
US Code - Title 18: Section 1349 - Attempt and conspiracy
United States District Court for the Southern District of New York
United States of America v. Nikita Kuzmin, Information & Complaint
United States of America v. Deniss Calovskis, Indictment
United States of America v. Mihai Ionut Paunescu, Indictment & Complaint
Calovskis v. Latvia, no. 22205/13, 24 July 2014
The case at hand concerns one of the most destructive cyberfrauds in history. The victims of the fraud are located not only in the US but also in several other countries in the world, including, but not limited to, Germany, Great Britain, Poland, France, Finland, Italy and Turkey. The virus also infected a number of computers belonging to NASA. The transnational dimension of the scheme proves that international cooperation is crucial in order to fight cybercrime. In this case, US law enforcement authorities sought international legal assistance. US prosecutors sent a Mutual Legal Assistance request to Romanian authorities in order to gather evidence related to Paunescu's illegal activities. In addition, the US government issued two extradition requests for Calovskis. (Latvia) and Paunescu (Romania).
This cyberfraud case shows that the more cybercriminals develop their ability to attack computers located in different jurisdictions, the more it is necessary to strenghten international legal cooperation in criminal matters.