Last week, we began the countdown of the Ten Most Wanted Hackers by the FBI. First up was No. 10, Carlos Enrique Perez-Malera, who is guilty of having developed and sold the “Lover Spy” malware program out of his San Francisco apartment.
This week, we present No. 9 and No. 8: Alexandr Sergeyevich Bobnev and nine individuals collectively known as the “JabberZeus” suspects.
#9 – Alexandr Sergeyevich Bobnev
In 2008, Alexandr Sergeyevich Bobnev was indicted in the Southern District of New York on one count of conspiracy to commit wire fraud and one count of conspiracy to commit money laundering.
Bobnev allegedly participated in a money-laundering scheme in the summer of 2007 in which he unlawfully gained access to the accounts of a major provider of investment services. Bobnev then wired funds from these accounts to “money mules” based in the United States, who then transferred the money back to him.
Overall, Bobnev wired or attempted to wire more than $350,000.
The FBI is currently offering a $50,000 reward for any information leading to Bobnev’s arrest.
In addition to his placement on the FBI’s Cyber’s Most Wanted List, Bobnev is also one of New York State’s most wanted criminals.
#8 – The JabberZeus Suspects
In 2012, nine individuals were indicted in Nebraska for having infected thousands of computers with the Zeus banking Trojan, which they used in turn to steal millions from victims’ bank accounts.
The charges against them include conspiracy to participate in a racketeering activity, conspiracy to commit computer fraud and identity theft, aggravated identity theft, and multiple counts of bank fraud.
Those named in the indictment, included:
- Vyacheslav Igorevich Penchukov, 32, of Ukraine, aka “tank” or father”
- Ivan Viktorvich Klepikov, 30, of Ukraine, aka “petr0vich” or “nowhere”
- Alexey Dmitrievich Bron, 26, of Ukraine, aka “thehead”
- Alexey Tikonov, of Russia, aka “kusanagi”
- Yevhen Kulibab, aka “jonni”
- Yuriy Konovalenko, aka “jtk0”
- John Doe #1, aka “lucky12345”
- John Doe #2, aka “aqua”
- John Doe #3, aka “mricq”
Together, this cybercrime ring unlawfully installed the Zeus banking Trojan on victims’ computers, allowing them to steal usernames, passwords and other information necessary for them to gain access to their victims’ banking accounts.
By claiming that they were employees of the victims and therefore authorized to deal with their funds, the JabberZeus suspects tricked a number of organizations, including a bank and a company both based in Nebraska, into wiring more than $70 million to “money mules” based in the U.S. These persons then forwarded some of the funds to the conspirators.
The total value of the JabberZeus suspects’ attempted cyber thefts is upwards of $220 million.
While a number of individuals have been found, tried and convicted, the four masterminds of the scheme—Penchukov, Klepikov, Bron and Tikonov—remain at large.
Zeus is one of the most dangerous forms of malware on the web today, as illustrated by a worldwide law enforcement effort designed to bring down GameOver Zeus that took place earlier this year.
- Hacker Myths Debunked
- Top Five Hacker Tools Every CISO Should Know
- Infosec’s Rising Stars and Hidden Gems: The Hackers
- Average Cyber Crime Incident Costs Companies $12.7 Million
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the ShellShock and Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Hacker image courtesy of ShutterStock.com