International Team Hits GozNym Malware Syndicate

The US Department of Justice (DoJ) has announced that they have been working with European agencies to dismantle an organized crime network responsible for the GozNym malware, used to capture online banking and login credentials. GozNym infected thousands of computers worldwide, primarily in the US and Europe, to steal an estimated USD100 million by targeting businesses and their financial institutions.

The defendants reside in Russia, Georgia, Ukraine, Moldova and Bulgaria. This unprecedented joint operation demonstrates that cooperation beyond the geopolitical boundaries isn’t just possible, but it yields results.

The indictment includes theft and money laundering charges as well as the conspiracy to infect computers with GozNym. Prosecutions are based upon coordinated searches in Georgia, Ukraine, Moldova and Bulgaria, with additional evidence shared by the US and Germany.

Five of the named defendants live in Russia and remain fugitives. Despite the inability to extradite them, the cooperative effort to share evidence has built the case for prosecutions in the remaining countries.

The news comes as a breath of fresh air. Organized crime exploits the lack of international collaboration to elude authorities. This operation sets a positive precedent, but collaboration remains slow because of the differing legal obligations when laws are broken across borders. Criminal networks are quick to react and able to change tactics or disappear at speed, meaning law enforcement is often on the back foot.

It isn’t just law enforcement collaboration that will hurt criminals. Telcos should be leading the way by working together and sharing information in order to stop crime and protect customers.

The Risk & Assurance Group (RAG) are advocates of cross-business and cross-border sharing of information that will rapidly identify and address criminal schemes. RAG recently announced a partnership with Orillion to create a wangiri blockchain ledger. Authorized telcos will be able to add number ranges responsible for wangiri attacks; anyone will be able to access this data for free, and so prevent repeat attacks. Vodafone Group, MTN Group and Deutsche Telekom have already committed to participate in the first trials of the wangiri blockchain ledger.

The DOJ’s announcement of the GozNym indictments can be found here.

Rob Chapman
Rob Chapman
Rob is the Chief Operating Officer of the Risk & Assurance Group (RAG). He is responsible for the planning and execution of each RAG event. Rob's goal is to bring together professionals from across the industry and drive RAG's agenda forward.

Rob started working for RAG full time in 2018, having served as Chair on a voluntary basis for the previous four years.

Before joining RAG, Rob was a senior consultant at Cartesian. He has worked in revenue assurance and billing roles for TalkTalk, Verizon Business, Energis and Hutchinson 3G.