Hacker Used 'Army Of Infected Computers' To Steal Bank, Credit Data

The administrator of two criminal online hacking forums has admitted that he used an “army of infected computers” to steal bank and credit card data from users throughout the United States, authorities announced.

According to the U.S. Attorney’s Office (NJ), 29-year-old Sergey Vovnenko - a.k.a. “Sergey Vovnencko,” “Tomas Rimkis,” “Flycracker,” “Flyck,” “Fly,” “Centurion,” “MUXACC1,” “Stranier” and “Darklife” - most recently of Naples, Italy, pleaded guilty in Newark federal court to wire fraud conspiracy and aggravated identity theft on Wednesday.

Vovnenko was arrested in June of 2014 after an international investigation led by the U.S. Secret Service in coordination with Italian law enforcement.

He had been detained by the Italian authorities pending extradition proceedings, which he contested for more than 15 months, prosecutors said.

According to court documents and statements, from September 2010 to August 2012, Vovnenko and his conspirators operated an international criminal organization that hacked into the computers of individual users and companies located in the United States.

Vovnenko and his conspirators then used that access to steal user names and passwords for bank accounts and other online services, as well as debit and credit card numbers and related personal identifying information, authorities stated.

Vovnenko reportedly admitted that he operated a “botnet” — more than 13,000 computers infected with malicious computer software — to gain unauthorized access to computers and to identify, store and export information from hacked computers.

A number of the infected computers were located in New Jersey, authorities stated.

In addition, Vovnenko admitted using malware known as “Zeus” to steal banking information and record the keystrokes of the users of infected computers, prosecutors said.

According to a criminal indictment, Vovnenko was a high-level administrator of several online criminal forums and used his position to traffic in the data he stole as part of the conspiracy. These forums featured electronic bulletin boards, which members used to publicly communicate with all members and also send private messages directly to individual members, authorities stated.

The public and private discussions on these forums typically pertained to criminal activity, including the purchase, sale, and use of stolen log-in credentials and payment card data, as well as discussions related to cybercrime activity such as malicious computer hacking, prosecutors asserted.

According to prosecutors, the wire fraud conspiracy charge to which Vovnenko pleaded guilty carries a maximum potential penalty of 20 years in prison and a $250,000 fine. The aggravated identity theft charge carries a mandatory two-year sentence, to be served consecutively to the conspiracy charge.

Sentencing is scheduled for May 2.