Two Russian men are being sought for allegedly being behind what authorities say was one of the worst computer hacking and bank fraud schemes of the past decade and led to $70 million in losses from bank accounts.
Two Nebraska banks and an ethanol production facility were listed among the victims, but it appears none lost any money to the plot.
The Justice Department announced the unsealing of criminal charges in Pittsburgh, Pennsylvania, and Lincoln on Thursday.
Maksim V. Yakubets, 32, of Moscow and Igor Turashev, 38, from Yoshkar-Ola, Russia were charged in the 10-count indictment filed in federal court in Pittsburgh. The charges include conspiracy, computer hacking, wire fraud and bank fraud.
The two men have not been arrested, and their whereabouts are unknown.
Prosecutors say the charges there stem from the creation of malware known as “Bugat,” which was designed to automate the theft of confidential personal and financial information, including online banking logins, from infected computers.
FBI investigators said the malware was designed to defeat antivirus software and allowed hackers to hijack a victim’s computer, present fake online banking webpages and trick the user into entering their personal information.
Yakubets is charged in federal court in Lincoln with conspiracy to commit bank fraud in connection with other malware known as “Zeus.”
“The Zeus scheme was one of the most outrageous cybercrimes in history,” said Joe Kelly, the U.S. Attorney for Nebraska. “Our identification of Yakubets as the actor who used the moniker ‘aqua’ in that scheme, as alleged in the complaint unsealed today, is a prime example of how we will pursue cyber criminals to the ends of justice no matter how long it takes, by tracking their activity both online and off and working with our international partners to expose their crimes.”
Prosecutors allege that Yakubets worked with multiple co-conspirators to commit widespread computer intrusions, employ malicious software and steal millions of dollars from numerous bank accounts in the United States and around the globe.
The criminal complaint unsealed in Nebraska lists 21 banks, companies, a municipality, a religious congregation and nonprofit organizations in California, Illinois, Iowa, Kentucky, Maine, Massachusetts, Nebraska, New Mexico, North Carolina, Ohio, Texas, and Washington.
In Pennsylvania, Yakubets and Turashev are accused of targeting two banks, a school district and four companies — a petroleum business, building supply company, vacuum and thin film deposition technology company and metal manufacturer — as well as a gun manufacturer.
In Nebraska, Yakubets is accused of targeting First National Bank of Omaha, Union Bank & Trust in Lincoln and Husker Ag LLC of Plainview.
Doll Distributing, a beer distributor based in Des Moines, Iowa, that has ties to Nebraska, also was targeted.
Kevin Langin, a spokesman for First National Bank, said a couple of business accounts were affected by incidents in 2010 and 2014. He said the bank’s losses were “minimal,” and no customers experienced losses.
And, in an emailed statement, Union Bank & Trust said the case involved an attack on one of the bank’s customers in 2010, not an attack on the bank.
“We were able to intervene and prevent any loss,” the spokeswoman said.
The State Department and the FBI are offering a $5 million reward for information leading to Yakubets’ arrest and conviction, which the Department of Justice says is the largest reward ever offered for an accused cybercriminal.
In the complaint, the FBI alleges the deployment of the Zeus malware resulted overall in the attempted theft of an estimated $220 million, with actual losses of an estimated $70 million from victims’ bank accounts.
FBI Special Agent Jacob Foiles, who is assigned to the Cyber Task Force of the Omaha field office, said Yakubets’ role in the Zeus scheme was to provide money mules and their associated banking credentials in order to facilitate unauthorized transfers of money from victim bank accounts.
In 2011, the hacker known as “aqua” was indicted as a John Doe and accused of conspiracy to participate in racketeering, commit computer fraud and identity theft, aggravated identity theft, and multiple counts of bank fraud related to the same scheme.
The government now says that hacker is Yakubets.
In Nebraska in 2011, two co-conspirators of “aqua,” Ukrainian nationals Yuriy Konovalenko and Yevhen Kulibaba, were charged and in 2014 extradited from the United Kingdom to Nebraska. Both pleaded guilty in 2015 to conspiracy to participate in racketeering activity and have completed 34-month federal prison sentences.
According to the Department of Justice, Konovalenko and Kulibaba previously were convicted in the U.K., after an investigation conducted by the Metropolitan Police Service, for their role in laundering £3 million on behalf of the group responsible for the Zeus malware.
Yakubets and five others indicted in Nebraska in 2011 — Vyacheslav Igorevich Penchukov, Ivan Viktorvich Klepikov, Alexey Dmitrievich Bron and another John Doe, all of Ukraine, and Alexey Tikonov of Russia — so far have evaded prosecution.