$4 Million International Cyber Fraud Scheme: 3 Romanians Face Charges in Cleveland

CLEVELAND, OH - Three Romanian nationals were recently charged for operating a cyber fraud that infected 60,000 computer, sent out 11 million malicious emails, and stole at least $4 million, according to a 21-count indictment that was unsealed.

The three men, Bogdan Nicolescu, 34, Tiberiu Danet, 31, and Radu Miclaus, 34, were extradited to the United States after they were arrested in Romania. Each man is charged with conspiracy to commit wire fraud, conspiracy to traffic in counterfeit service marks, aggravated identity theft, conspiracy to commit money laundering and 12 counts each of wire fraud.

The scam is complex and sophisticated, but we've pieced it together below.

The three men began operating their fraud out of Bucharest, Romania in 2007. They developed their own malware and then sent it around in emails claiming to be from Western Union, Norton AntiVirus, and the IRS.

The email worked like this: if a recipient clicked on an attached file, the malware automatically installed onto the person's computer. The malware then acquired all of the person's stored email addresses (from contact lists, etc.) and sent more fraudulent emails to those people. Most of the 60,000 infected computers were in the United States.

Once the men had access to the person's computer, they not only had access to email lists, but they could also access the person's credit card information, passwords, and account usernames. They would also disable the person's malware protection and they would block the person's access to law enforcement websites.

They'd steal passwords and account information by creating replica websites of places like Facebook, PayPal, eBay and other commonly visited sites. When the infected computer tried to reach those sites, they would be re-directed to the replica site and the user would unintentionally give away their password and account name.

On top of accessing more than 60,000 people's credit card information, the group also used the collective computer power to engage in cryptocurrency mining. Crpytocurrency mining is when you group several computers together to solve complex algorithms. That gave the three men some financial benefit, the indictment says.

Ultimately, all of this stolen credit card info and other stolen personal data went to funding the group's criminal enterprise. The trio rented server space, registered domain names using fictitious identities and paying for Virtual Private Networks (VPNs), which helped hide their identities from law enforcmeent.

The boosted infrastructure helped the men place fake pages onto real websites, like eBay. That made their criminal operation even more convincing. This meant the group placed more than 1,000 fraudulent listings for cars, motorcycles, and other expensive items. The indictment says the photos of the items on those pages were infected with the malware, so when people clicked the pictures they were taken to the fake eBay page and unintentionally provided their personal information to the group.

The duped users would also be asked to pay for the items using an eBay Escrow Agent, which was actually a person working for the men. Users would then pay this "Escrow Agent" and that "Agent" would wire the money to Romania.

This resulted in a loss of at least $4 million.

“This case illustrates the sophistication and determination with which cyber criminals seek to harm Americans and American businesses from abroad,” said Assistant Attorney General Leslie R. Caldwell said in a statement. “But our response demonstrates that, with effective international cooperation, we can track these criminals down and make sure they face justice, no matter where or how they try to hide.”

Photo from Shutterstock