Using malware to infect individuals’ PCs and drain their bank accounts continues to be a lucrative source of income for criminals, but such cybercrime has never been a risk-free undertaking.
The latest example of the potential profits and pitfalls from participating in a banking Trojan attack campaign comes via Vyacheslav Khaimov, 55, who pleaded guilty Feb. 3 before U.S. Senior District Judge Edward R. Korman to running an unlicensed money-transmitting business tied to the theft of $1.2 million from at least 30 victims, according to the U.S. Department of Justice.
Federal prosecutors accused Brooklyn, N.Y.-based Khaimov of participating in a global cybercrime ring that had attempted to steal $6 million, and which involves at least four other suspects – none of whom have been publicly identified – according to court documents filed July 12, 2016. The documents were unsealed the following month after Khaimov had been arrested.
“This is an ongoing investigation conducted by the FBI’s Cyber Task Force. We will continue to investigate all co-conspirators and bring them to justice,” William F. Sweeney Jr., the FBI’s assistant director in charge of its New York field office, says in a statement.
The FBI says the cybercrime campaign in which Khaimov participated would take control of victims’ bank accounts using malware, then wire the funds to a network of individuals based in the United States, who then moved some of the money into overseas accounts.
Khaimov has been tied to 20 wire transfers from victims’ accounts, according to the Department of Justice, which says he received $230,000 between July 2015 and May 2016. Prosecutors said Khaimov held accounts registered in both his own name as well as in the name of a business called Global Universal.
Khaimov had been charged with bank fraud, wire fraud, conspiracy to commit both types of fraud, money laundering as well as conspiracy to commit money laundering.
But he appears to have pleaded guilty to the single, lesser offense of running an unlicensed money-transmitting business. That could see him having to pay a fine as well as serve up to five years in prison.
Khaimov’s attorney couldn’t be immediately reached for comment.
Tapping Money Mules
Prosecutors didn’t disclose the type of malware employed by the gang. But they said the operation relied on more than 20 money mules.
“Mules are typically unsuspecting individuals who believe they are working for a legitimate ‘work from home’ business,” according to a related complaint and affidavit submitted to the court by FBI Special Agent George Schultzel. “As part of their ’employment,’ the mules are instructed, typically via email, to open a bank account and receive the funds that have been removed from victims’ bank accounts. The mule is then provided further instructions as to where to send the money she/he has received.”
In this case, the FBI says, individuals were recruited by an individual named “Samuel Gold,” who communicated via phone and email. “None of these individuals had ever met Samuel Gold,” Schultzel wrote. But emails received by the money mules repeatedly instructed them to send cashier’s checks – for amounts up to $26,600 each – to a Brooklyn-based sporting good store called G&P Sports World where Kaimov worked as a manager, according to the FBI.
It’s not clear if Kaimov, or his alleged co-conspirators, were behind the Samuel Gold moniker.
Modern Day Bank Robbery
The attraction of using banking Trojans for criminal gangs is easy to see: They can steal money while not putting themselves at physical risk during the theft, then make it harder for investigators to “follow the money” by laundering it via intermediaries.
The FBI says that stolen funds were often sent to U.S. bank accounts registered in the name of businesses called “Reality Management Corp” and “First California Escrow,” after which the money would be moved into overseas accounts, for example in Thailand. One of the suspects in the case – referred to in court documents only as co-conspirator 2, or “CC-2” – had opened 14 bank accounts at 11 different banks in three different countries, according to the FBI.
“Modern-day bank robbers no longer need a gunman and a getaway driver,” the FBI’s Sweeney says. “Today, they just need a malware operator and money mules to carry out their crime from anywhere in the world.”