ARTICLE
14 January 2017

US Indicts Romanian and Chinese Cybercriminals

SS
Seyfarth Shaw LLP

Contributor

With more than 900 lawyers across 18 offices, Seyfarth Shaw LLP provides advisory, litigation, and transactional legal services to clients worldwide. Our high-caliber legal representation and advanced delivery capabilities allow us to take on our clients’ unique challenges and opportunities-no matter the scale or complexity. Whether navigating complex litigation, negotiating transformational deals, or advising on cross-border projects, our attorneys achieve exceptional legal outcomes. Our drive for excellence leads us to seek out better ways to work with our clients and each other. We have been first-to-market on many legal service delivery innovations-and we continue to break new ground with our clients every day. This long history of excellence and innovation has created a culture with a sense of purpose and belonging for all. In turn, our culture drives our commitment to the growth of our clients, the diversity of our people, and the resilience of our workforce.
December 2016 brought the US government some progress on prosecuting foreign cybercriminals.
United States Privacy

December 2016 brought the US government some progress on prosecuting foreign cybercriminals.  Last month, three Romanians were extradited to face charges in the US for running a cybercrime ring using custom-built malware and money mules to steal at least $4 million.  Chinese authorities also got their hands on one of three Chinese citizens charged by the US with insider trading on confidential information gleaned from the servers and networks of law firms involved in M&A work.  The US is seeking the extradition of the apprehended hacker by the Chinese government.

It is reported that the three Romanians were arrested by the Romanian National Police following an eight-year FBI investigation.  A 21-count indictment awaited them upon their extradition to Ohio, unsealed on December 17, 2016, charging them with wire fraud, identity theft, money laundering and trafficking in counterfeit goods or services.  Known as the Bayrob Group, they allegedly used phishing attacks and malware to rob their victims.  Disseminating its Bayrob Trojan through emails made to look like legitimate sources (e.g. Western Union, Norton Antivirus and the U.S. Internal Revenue Service), they prompted the recipient to click on an attached file, which upon clicking released the Bayrob Trojan to roam around their computers.  Later versions of the Bayrob Trojan harnessed the infected computer's processing power to mine for cryptocurrency.  Symantec's security response team, which worked in conjunction with the US government on the investigation, estimates the total losses over eight years to be as much as $35 million, sending 11 million malicious emails and running a botnet composed of 300,000 infected PCs.

Only one of the three Chinese hackers has been taken into custody (currently held by the Chinese government in Hong Kong), the two others remain at large.  The US alleges that the three began hacking two US law firms (and targeting five others) in April 2014, installing malware on the firm's servers to access lawyers' emails.  By surveilling law firm's emails, they obtained insider information on which they traded.  They are alleged to have earned $380,000 on trades of Intermune, a drug company acquired by Roche in 2014; in 2015 they are alleged to have made $1.4 million trading on Altera, bought by Intel, and $841,000 on Borderfree, acquired by Pitney Bowes.   All three were charged in the Southern District of New York with conspiracy, wire fraud, computer intrusion and insider trading.  Southern District of New York U.S. Attorney Preet Bharara is quoted as stating with respect to the Chinese hackers:

"This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking, because you have information valuable to would-be criminals."

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More