Geoffrey S. Berman, the United States Attorney for the
Southern District of New York, and William F. Sweeney Jr., Assistant
Director-in-Charge of the New York Office of the Federal Bureau of Investigation
(“FBI”), announced that STANISLAV VITALIYEVICH LISOV, a/k/a “Black,” a/k/a
“Blackf” (“LISOV”), pled guilty today to conspiring to deploy and use a type of
malicious software known as NeverQuest to infect the computers of unwitting
victims, steal their login information for online banking accounts, and use
that information to steal money out of the victims’ accounts. NeverQuest has been responsible for millions
of dollars’ worth of attempts by hackers to steal money out of victims’ bank
accounts. LISOV pled guilty before
United States District Judge Valerie E. Caproni.
U.S. Attorney Geoffrey S. Berman said: “As he admitted today, Stanislav Vitaliyevich
Lisov used malware to infect victims’ computers, obtain their login credentials
for online banking accounts, and steal money out of their accounts. This type of cybercrime extends across
borders, poses a malicious threat to personal privacy, and causes widespread
financial harm. For his audacious crime,
this Russian hacker now faces justice in an American court.”
FBI Assistant Director William F. Sweeney Jr. said: “'In addition to creating and maintaining a
botnet infected with NeverQuest malware, Stanislav Lisov, a Russian national,
gathered personally identifiable information of NeverQuest victims and
discussed illegally trafficking that information. As today's plea should demonstrate, the FBI
and our partners will continue to bring these actors to justice, regardless of
where they may hide.”
According to the Indictment, Complaint, and other statements
made during public court proceedings:
NeverQuest is a type of malicious software, or malware,
known as a banking Trojan. It can be
introduced to victims’ computers through social media websites, phishing
emails, or file transfers. Once
surreptitiously installed on a victim’s computer, NeverQuest is able to
identify when a victim attempts to log onto an online banking website and
transfer the victim’s login credentials – including his or her username and
password – back to a computer server used to administer the NeverQuest
malware. Once surreptitiously installed,
NeverQuest enables its administrators remotely to control a victim’s computer
and log into the victim’s online banking or other financial accounts, transfer
money to other accounts, change login credentials, write online checks, and
purchase goods from online vendors.
Between June 2012 and January 2015, LISOV was responsible
for key aspects of the creation and administration of a network of victim
computers known as a “botnet” that was infected with NeverQuest. Among other things, LISOV maintained
infrastructure for this criminal enterprise, including by renting and paying
for computer servers used to manage the botnet that had been compromised by NeverQuest. Those computer servers contained lists of
millions of stolen login credentials – including usernames, passwords, and
security questions and answers – for victims’ accounts on banking and other
financial websites. LISOV had
administrative-level access to those computer servers.
LISOV also personally harvested login information from
unwitting victims of the NeverQuest malware, including usernames, passwords,
and security questions and answers. In
addition, LISOV discussed trafficking in stolen login information and
personally identifiable information of victims.
On January 13, 2017, LISOV was arrested in Spain pursuant to
a provisional arrest warrant. On January
19, 2018, LISOV was extradited from Spain to the United States.
*
* *
LISOV, 33, a citizen of Russia, pled guilty to one count of
conspiracy to commit computer hacking, which carries a maximum sentence of five
years in prison. The statutory maximum
sentence is prescribed by Congress and is provided here for informational purposes
only, as any sentencing of the defendant will be determined by the judge. LISOV’s sentencing is scheduled for June 27,
2019 at 11:00 a.m. before Judge Caproni.
Mr. Berman praised the outstanding investigative efforts of
the FBI. Mr. Berman also thanked the DOJ
Office of International Affairs for its assistance in this case.
The matter is being handled by the Office’s Complex Frauds
and Cybercrime Unit. Assistant U.S.
Attorney Michael D. Neff is in charge of the prosecution.