Bayrob Fraud Ring Extradited to US

Symantec is claiming victory after a Romanian fraud ring thought to have made as much as $35 million from their illegal activities was arrested and extradited to the US.

Bogdan Nicolescu (aka “Masterfraud”, aka “mf”); Danet Tiberiu (aka “Amightysa”, aka “amy”); and Radu Miclaus (aka “Minolta”, aka “min”) now face multiple charges, ranging from money laundering and operating botnets to identity theft, the security vendor claimed.

The three alleged “career cyber-criminals” were part of the “Bayrob” gang, which specialized in elaborate scams often involving the creation of fake websites, voice messages, and customer support chatrooms in order to trick victims.

They started out running vehicle auction scams but soon branched out to things like credit card theft and mining digital currencies using compromised computers, said Symantec.

Along the way, the gang apparently made anywhere between $4-35m, infected 60-160,000 computers and sent 11m malicious emails.

Symantec said it helped the eight-year investigation into the group by discovering and analyzing the Bayrob malware and charted the gang’s progress from an online fraud group to one operating a 300,000-strong botnet for cryptocurrency mining.

After being initially unmasked by Symantec, the Romanian group apparently took offense and subsequently made abusive references to the vendor’s research team in its code.

To get their hands on their ill-gotten gains, the Bayrob gang also recruited an extensive network of money mules, in Europe and the US.

“Mules in the US were often vulnerable people in difficult circumstances. They appeared to be unwitting pawns of the gang, unaware of what they’d become involved with,” claimed Symantec.

“Less is known about the money mules used in Europe, but most appeared to collect transferred funds using fake identities, indicating they may have been more complicit in the gang’s activities.”

The gang also went to great lengths to stay hidden from the white hats, using only communications encrypted with OTR and PGP and hiding their true location behind two proxy layers.

Symantec claimed the arrests highlight the value of effective co-operation across borders and between law enforcement and the security industry.

What’s Hot on Infosecurity Magazine?