Three Romanian Nationals Indicted in $4 Million Cyber Fraud Scheme that Infected at Least 60,000 Computers and Sent 11 Million Malicious Emails

A 21-count indictment was unsealed today charging three Romanian nationals for operating a cyber fraud conspiracy in which they infected between 60,000 and 160,000 computers, sent out 11 million malicious emails and stole at least $4 million.

Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, U.S. Attorney Carole S. Rendon of the Northern District of Ohio and Special Agent in Charge Stephen D. Anthony of the FBI’s Cleveland Division made the announcement.

Bogdan Nicolescu, 34, Tiberiu Danet, 31, and Radu Miclaus, 34, were extradited to the United States this week after being taken into custody in their native Romania earlier this year.  They were each charged with 12 counts of wire fraud, as well as one count each of conspiracy to commit wire fraud, conspiracy to traffic in counterfeit service marks, aggravated identity theft, conspiracy to commit money laundering and conspiracy to violate the Computer Fraud and Abuse Act.

“This case illustrates the sophistication and determination with which cyber criminals seek to harm Americans and American businesses from abroad,” said Assistant Attorney General Caldwell.  “But our response demonstrates that, with effective international cooperation, we can track these criminals down and make sure they face justice, no matter where or how they try to hide.”

“These defendants stole millions of dollars from people in the United States through a sophisticated fraud conspiracy they operated in Eastern Europe,” said U.S. Attorney Rendon.  “Cybercrime is an ever-growing threat.  We will continue to work with both our partners in law enforcement and in the private sector to evolve with the threat and protect our networks and national security.”

“This indictment and subsequent arrests reveal the dynamic landscape in which international criminals utilize sophisticated cyber methods to take advantage of and defraud unsuspecting victims,” said Special Agent in Charge Anthony.  “Despite the complexity and global character of these investigations, these arrests demonstrate the commitment by the FBI and our partners to aggressively pursue these individuals and bring justice to the victims.”

According to the indictment, Nicolescu, Danet and Miclaus collectively operated a criminal conspiracy from Bucharest, Romania, which began at least as early 2007 with the development of proprietary malware used to infect and control more than 60,000 computers, primarily in the United States.  The co-conspirators allegedly used the computers to harvest personally identifiable information, such as credit card information, user names and passwords; disable malware protection; and solve complex algorithms to accrue valuable cryptocurrency for the financial benefit of the group, a process known as cryptocurrency mining.

To spread their malware, the defendants allegedly activated files that forced infected computers to register a total of over 100,000 email accounts with public email providers, according to the indictment.  The co-conspirators sent a total of more than 11 million emails containing the malware from these accounts to email contacts copied from victim computers.  When victims with infected computers visited websites such as Facebook, PayPal or eBay, the co-conspirators would redirect the computers to a nearly identical website they had created to steal account credentials.  The defendants then used stolen credit card information to fund their criminal infrastructure while concealing their identities.

In addition, the indictment alleges that the defendants placed more than 1,000 fraudulent listings for automobiles, motorcycles and other high-priced goods on eBay and similar auction websites.  Photos of the items were allegedly infected with malware, which, when clicked, redirected victims to fictitious webpages designed by the co-conspirators to resemble legitimate eBay pages.  The fictitious webpages prompted users to pay for their goods through a nonexistent “eBay Escrow Agent,” and payments would then be funneled back to the co-conspirators.  This scheme allegedly resulted in at least $4 million – though the actual total may be tens of millions more – in losses to victims, which the defendants laundered through wire transfers under the names of fictitious companies and then collected and delivered to the co-conspirators by “money mules.”

An indictment is merely an allegation and the defendants are presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.

The FBI investigated the case with assistance from the Romanian National Police.  Senior Counsel Brian Levine of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorneys Duncan T. Brown and Om Kakani of the Northern District of Ohio are prosecuting the case.  The Criminal Division’s Office of International Affairs provided substantial assistance in this matter.