Assistant Attorney General Brian A. Benczkowski Delivers Remarks at the Yakubets Press Conference

Remarks as Prepared for Delivery

Good morning and thank you all for being here. 

We are here today to identify and announce charges against a Russian national whom the Department of Justice alleges is responsible for two of the worst computer hacking and bank fraud schemes of the past decade.

The charges we are announcing today are merely allegations, and each of the defendants is presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Maksim Yakubets, of Moscow, Russia, has been indicted in Pittsburgh, Pennsylvania for his alleged role as the leader of a cybercriminal gang responsible for the distribution of a multifunction malware package known as “Bugat.”

Bugat was designed to automate the theft of confidential personal and financial information, such as online banking credentials, from infected computers. 

Later versions of the malware, also known as “Dridex,” were designed with the added function of assisting in the installation of ransomware. 

Over the past decade, the Bugat malware facilitated the theft of millions of dollars from victims, some of which occurred as recently as May of this year. 

A second co-conspirator, Igor Turashev, also was indicted in Pittsburgh in connection with the Bugat scheme.

Yakubets also has been charged in a criminal complaint in Lincoln, Nebraska, for his participation in a scheme to disseminate “Zeus,” a similar form of malware that was likewise used to empty out the financial accounts of its victims. 

According to the complaint, the deployment of the Zeus malware resulted in a total attempted theft of around $220 million, with actual losses of an estimated $70 million from victims’ bank accounts. 

Yakubets is a true 21st century criminal who, with the stroke of a key and the click of a mouse, committed cybercrimes across the globe.

He has earned his place on the FBI’s list of the world’s most-wanted cyber criminals. 

To that end, our colleagues from the State Department will have an announcement in a few minutes that will further our collective effort to bring Yakubets to justice.

A little bit of detail about the malware deployed by Yakubets and his co-conspirators: both forms of the malware intercept passwords and other private information that can be used to conduct wire transfers. 

The malware then initiates or re-directs wire transfers from victims’ bank accounts to foreign bank accounts controlled by the criminals. 

Because many of the victims of both Bugat and Zeus are small- and mid-sized businesses, their accounts typically do not have the same legal protections afforded to consumer accounts, so some of the losses involved were particularly devastating. 

Yakubets and his co-conspirators did not discriminate in their choice of targets.  For example, the Nebraska complaint alleges that Yakubets was directly involved in the theft of tens of thousands of dollars from a religious order of Franciscan sisters. 

Maksim Yakubets and the members of his criminal networks devised and implemented the kinds of criminal schemes so audacious and sophisticated that they would be difficult to imagine if they were not real. 

Sitting quietly at computer terminals far away, these cyber criminals allegedly stole tens of millions of dollars from unwitting members of our business, nonprofit, governmental, and religious communities. 

Each and every one of these computer intrusions was, effectively, a cyber-enabled bank robbery.  We take such crimes extremely seriously, and will do everything in our power to hold these criminals to account for their crimes.

The Justice Department, federal prosecutors, FBI agents and analysts, and foreign law enforcement authorities in a number of different countries all worked together to unmask Yakubets and his co-conspirators. 

The assistance provided by numerous private sector partners was likewise invaluable, and I especially want to thank our foreign law enforcement partners from the United Kingdom. 

The National Crime Agency and the Metropolitan Police Service of the U.K. conducted their own investigation into the harms that the Zeus and Bugat malware caused to U.K. victims. 

They also provided invaluable assistance to our investigations as well. 

The U.K. also extradited two of Yakubets’ co-conspirators in the Zeus scheme to the United States to face justice.

Maksim Yakubets allegedly has been engaged in cybercrime on an almost unimaginable scale for over a decade. 

While our goal is to be able to identify the perpetrators of such audacious crimes in rapid fashion, the reality of law enforcement work is that a quick resolution of these cases cannot always happen. 

But make no mistake: we will doggedly pursue cyber criminals until we can bring them to justice. 

Today’s announcement should make clear to those engaged in cybercrime that we will identify you, we will unmask you, and we will prosecute you, no matter how much effort it requires or how long it takes.  You will never have safe haven from the efforts of U.S. law enforcement and our international partners to bring you to justice.

And now I would like to invite U.S. Attorney Scott Brady of the Western District of Pennsylvania to make remarks.