The three alleged leaders of the Gozi cybercrime gang were indicted in federal court. The Gozi trojan was highly successful, but it may be too hard to operate with the alleged masterminds in jail.
"In order to provide you with extra security, we occasionally need to ask for additional information when you access your account online."
Beginning in 2007, those innocuous-sounding words began appearing seamlessly and immediately on the personal computer screens of thousands of online banking victims in the United States and worldwide right after they logged into their accounts.
Many were duped into entering their mother's maiden name, Social Security numbers, and other personal data into the neat little labeled boxes.
Little did they know that the moment the personal data was entered, a Trojan horse program inhabiting their personal computer immediately sent it to a computer server in California – and from there to a central command-and-control server in the Netherlands. After that, access to the stolen account data was sold to other criminals, who used it to enter the accounts and transfer out cash.
Tens of millions of dollars was stolen this way from online accounts, according to charges filed in a federal court in New York Wednesday against the alleged leading members of the Gozi Gang, cyber-bank-robber masterminds and creators of the infamous Gozi Trojan, one of the world's most notorious and malicious bank-theft software programs.
According to the US attorney for New York’s Southern District, the alleged gang leaders, three Eastern European men in US custody, played critical roles in producing and distributing the Gozi virus. They faced criminal charges ranging from conspiracy to commit bank fraud to access device fraud and computer intrusion, and maximum penalties ranging from 60 to 95 years in prison.
Page 1 of 4