Feds allege Russian hackers targeted Western Pennsylvania school, banks, businesses.
A high school, banks and a handful of businesses in Western Pennsylvania were victims of cyber crimes by Russian hackers, federal authorities said Thursday.
After a 10-year investigation, Russian nationals Maskim V. Yakubets and Igor Turashev were indicted in Pittsburgh and accused of distributing financial malware as part of a conspiracy involving computer hacking, wire fraud and bank fraud schemes.
The two allegedly stole about $70 million and attempted to steal about $200 million from at least 300 victims around the world, investigators said.
The first victim in the area was Mercer County’s Sharon High School, said Scott Brady, U.S. attorney for the Western District of Pennsylvania.
“We know that for every dollar stolen from a school district, that’s one less dollar for the football team or the girls basketball team. One less dollar for teacher salaries or special education,” Brady said during a news conference at the Department of Justice in Washington, D.C.
Sharon City Superintendent Michael Calla said the cyber attack occurred in December 2011, when a Moldovan national attempted to transfer almost $1 million from the high school’s bank account with First National Bank. The bank was able to catch the hack before the transfer was approved.
Had the transfer been successful, Calla said the entire community would have been affected. It would take the equivalent of 10 mills in property taxes to make up for such a loss, he said.
In addition to Sharon City School District, the hackers targeted First National Bank, First Commonwealth Bank, Penneco Oil Company in Delmont, 84 Lumber in Eighty Four, Kurt J. Lesker Company in Jefferson Hills, JWF Industries in Johnstown and Remington Outdoor Company in North Carolina, according to the indictment.
A hacker named Andrey Ghinkul allegedly stole $3.5 million from Penneco in 2015, according to Ben Wallace, the company’s chief operating officer. Ghinkul allegedly transferred the money on the Friday before Labor Day, knowing that American banks would be closed the following Monday and might not catch the unusual activity.
Wallace said Penneco began receiving dozens of spam phone calls and at least 70,000 spam emails before they finally heard from their bank, First Commonwealth. While Penneco was quickly reimbursed for what they lost in the transfer, it took First Commonwealth around two years to recover all the money from a Moscow bank, Wallace said.
Local FBI agents responded to the incident, eventually tracking Ghinkul down and arresting him in Cyprus, Wallace said.
At Penneco, Wallace said the attack spurred a string of new cybersecurity measures. The company now has a special computer dedicated only to banking transactions, and they’ve deleted the banking feature that previously allowed them to do international wire transfers. Wallace said every business and individual should stay vigilant.
“Everything on the internet is fraudulent, until you can prove it’s not,” he said.
Ghinkul’s arrest and other incidents in the past decade led law enforcement to Thursday’s indictment.
“Today’s announcement involved a long-running investigation of a sophisticated organized cybercrime syndicate,” said FBI Deputy Director David Bowdich. “The charges highlight the persistence of the FBI and our partners to vigorously pursue those who desire to profit from innocent people through deception and theft.”
The investigation began in 2009 and was a collaboration between the U.S. Department of Justice, the State Department, the FBI and the United Kingdom’s National Crime Agency.
The malware used in Pittsburgh was known as “Bugat,” authorities said. Bugat is designed to automate the theft of personal and financial information, such as online banking credentials, from infected computers. This allowed the hackers to make unauthorized electronic fund transfers from victims’ accounts, the indictment said. Bugat was specifically designed to defeat antivirus measures, according to the indictment.
Yakubets also is being charged with using “Zeus” malware to commit bank fraud in Lincoln, Neb., along with many co-conspirators.
Bowdich said the malware was spread through phishing emails and spam campaigns. The perpetrators were constantly innovating the technology to evade law enforcement. Bowdich said this investigation demonstrates the complexity of cyber criminals and their capabilities, especially as they band together to form organized criminal syndicates.
“To successfully combat them, we, as law enforcement partners, must do the same,” Bowdich said.
Moving forward, Bowdich and other representatives from law enforcement said Thursday’s indictment was a critical step in bringing the longtime hackers to justice. While those indicted are Russian nationals, Bowdich said law enforcement is determined to detain and prosecute Yukabets and Turashev.
“It’s difficult, no doubt,” he said. “But it’s not impossible.”