TWO MEMBERS OF THE ROMANIAN CYBERCRIMINAL ENTERPRISE BAYROB GROUP SENTENCED ON 21 COUNTS RELATING TO INFECTING OVER 400,000 VICTIM COMPUTERS WITH MALWARE AND STEALING AT LEAST $4 MILLION
Bogdan Nicolescu, 37, and Radu Miclaus, 37, both from Bucharest, Romania, were sentenced to 20 years and 18 years, respectively, for their roles in a scheme to, among other things, infect more than 400,000 computers with malware and gain access to credit card and other information for later sale on dark market websites.
According to testimony at trial and court documents, Nicolescu, Miclaus, and others operated a criminal enterprise referred to as the “Bayrob Group” from Bucharest, Romania. It began in 2007 with the development of proprietary malware, which they disseminated through malicious emails purporting to be legitimate emails from entities and agencies such as Western Union, Norton AntiVirus, and the IRS. When recipients clicked on an attached file, the malware secretly installed itself onto their computers.
This malware harvested email addresses from the infected computer, such as from contact lists or email accounts, and then sent malicious emails to these harvested email addresses. By using the infected computers to reach out and control additional computers, the defendants infected and controlled more than 400,000 individual computers, primarily in the United States.
In addition to using the infected network to expand its size, Nicolescu, Miclaus, and other members of the Bayrob Group used the collective processing power of the computer network to solve complex algorithms for the financial benefit of the group, a process known as cryptocurrency mining.
Finally, trial testimony and evidence revealed that these defendants engaged in persistent and sophisticated data mining of the infected computers, selling information gleaned from infected computers repeatedly over time on the Dark Web. Investigators discovered evidence on the Dark Web of trafficking in users’ personal financial information, passwords, and access to their computers.
In total, this criminal enterprise resulted in losses of at least $4 million.
Notably, this investigation started with a complaint from a victim in the Northern District of Ohio. But for that victim contacting law enforcement to report suspicious activity and potential theft of information, the defendants’ malware would have likely continued to infect thousands of additional computers and harmed thousands of additional individuals.
“Today’s sentences underscore the critical work being done to investigate and prosecute to the fullest extent those criminals who think that the presumed anonymity of the Internet can hide their pervasive and extensive criminal activities,” said U.S. Attorney Justin Herdman. “Regardless of whether the criminals are in Romania, or within our District, these sentences send the clear and resounding message that crimes committed using the Internet will not go unpunished.”
"These sentences handed down today reflect the dynamic landscape in which international criminals utilize sophisticated cyber methods to take advantage of and defraud, unsuspecting victims anywhere in the world,” said FBI Special Agent in Charge Eric Smith. “Despite the complexity and global character of these investigations, this investigation and prosecution demonstrate the commitment by the FBI and our partners to aggressively pursue these individuals and bring justice to the victims.”
The FBI investigated the case, with assistance from the Romanian National Police and the Romanian Directorate for the Investigation of International Organized Crime and Terrorism. The case was prosecuted by Assistant U.S. Attorneys Duncan T. Brown and Brian McDonough, along with the Computer Crime and Intellectual Property Section of the Department of Justice. The prosecution was assisted by the Department of Justice’s Office of International Affairs.
If you or a family member believe you have been a victim of online fraud, theft, or criminal activity, please contact local law enforcement and make a report with the Internet and Cyber Crime Complaint Center at www.IC3.gov.