The Washington Post

In a secret 72-hour blitz over the weekend, the FBI, several foreign governments and a host of security firms dismantled what officials say is the most sophisticated operation ever to commandeer private computers and siphon tens of millions of dollars from American bank accounts.

The operation’s alleged Russian ringleader has been indicted on charges of hacking, conspiracy and bank fraud, Justice Department officials said Monday.

Evgeniy Bogachev, 30, who also goes by the handle “lucky12345,” was the mastermind behind a “botnet,” or network of secretly infected computers whose owners were unaware their machines had been hijacked, officials said.

He also ran a “ransomware” scheme, in which he encrypted victims’ computer files and refused to unlock them until receiving payment, officials said.

Deputy Attorney General James M. Cole called the botnet, dubbed GameOver Zeus, “the most sophisticated and damaging . . . we have ever encountered.” Between 500,000 and 1 million computers worldwide were infected, and the losses exceeded $100 million to U.S. victims alone, he said.

Evgeniy Bogachev, 30, also goes by the handle “lucky12345.” (FBI)

Cole said officials had “some sense” of Bogachev’s location, but declined to elaborate. “Our goal right now is to find him and bring him into custody,” he said.

The unsealing of the indictment against Bogachev comes two weeks after Justice Department officials announced they had charged five Chinese military officials with hacking into U.S. companies’ computer systems and stealing intellectual property.

Beginning in 2011, Bogachev allegedly used “spearphishing” e-mails to infect computers with malware. When computer users clicked on links or attachments, the malicious code would burrow into their machines. The malware enabled Bogachev and others in his ring to watch from Russia as the malware “intercepted the bank account numbers and passwords that unwitting victims typed into computers” in the United States, said Leslie R. Caldwell, assistant attorney general for the Justice Department’s Criminal Division.

In a novel twist, officials said, Bogachev used the botnet to deliver another form of malicious software called Cryptolocker, which encrypted victims’ computer files. It then placed a message on their screens informing them that they could unlock their files only after paying a ransom, which ranged up to $700, officials said.

In the first two months of operation, Cole said, the Russian ring collected over $27 million in ransom payments. The ransoms often would be paid using the virtual currency known as Bitcoin.

The botnet takedown involved federal prosecutors, FBI agents, foreign law enforcement officials in more than 10 countries and at least a dozen commercial security firms that provided technical assistance.

“This is the largest fusion of law enforcement and industry partner cooperation ever undertaken in support of an FBI cyber operation,” said Robert Anderson Jr., the FBI’s executive assistant director of the Criminal, Cyber, Response, and Services Branch.

The groundwork for the operation involved coordination with Ukrainian authorities, who seized key servers in Kiev and Donetsk that were used by the hackers. On May 19, prosecutors brought sealed charges against Bogachev in Pittsburgh, the headquarters of the Western District of Pennsylvania, where some of the victims were located.

Last week, officials obtained civil court orders permitting them to reroute communications from the infected computers to a server set up by U.S. officials with court approval. At the same time, Caldwell said, foreign law enforcement partners seized other critical computer servers used to operate Cryptolocker, preventing the hackers from encrypting other targets’ files.

Beginning early Friday morning, authorities around the world began the coordinated seizure of the servers that formed the backbone of the botnet and Cryptolocker, Caldwell said. The seizures took place in Canada, France, Germany, Luxembourg, the Netherlands, Ukraine and Britain.

Over the weekend, more than 300,000 computers were freed from the botnet, and the botnet itself was “effectively dismantled,” she said.

David J. Hickton, U.S. attorney for the Western District of Pennsylvania, said the investigation is still open and suggested more charges could be pending. “It is obvious that Bogachev did not act alone,” he said.

Though the United States has no extradition treaty with Russia, other Russian hackers have been convicted in the United States after being extradited by other countries.

“Bogachev is now the subject of an international manhunt,” said Steven Chabinsky, formerly the FBI’s top cyber lawyer and now an executive at CrowdStrike, one of the firms that took part in the takedown. “If any of our allies catch him, he could be extradited to the United States. In any case, it’s unlikely that he is working on building a new botnet at this moment.”

Ellen Nakashima is a national security reporter for The Washington Post. She focuses on issues relating to intelligence, technology and civil liberties.

The Freddie Gray case

Please provide a valid email address.

You’re all set!

Campaign 2016 Email Updates

Please provide a valid email address.

You’re all set!

Get Zika news by email

Please provide a valid email address.

You’re all set!
Show Comments

Sign up for email updates from the "Confronting the Caliphate" series.

You have signed up for the "Confronting the Caliphate" series.

Thank you for signing up
You'll receive e-mail when new stories are published in this series.
Most Read



Success! Check your inbox for details.

See all newsletters

Close video player
Now Playing

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.