Network technologies continue to evolve, and along with them, methods of hacking and stealing information are being improved. Thousands of people are engaged in the development of malicious software, but only a few reach such heights in this area as Evgeny Bogachev. For the FBI, this is the # 1 cybercriminal, with a reward of $3 million set for his capture. This is the largest reward ever offered to the FBI for providing information about the location of a cybercriminal or the attacker himself.
The FBI accuses Bogachev, who lives in Russia, of infecting computers and computer networks of individuals and companies with malicious software. The goal is to steal thousands or even millions of dollars from the victims ' bank accounts. Agents of the bureau believe that for Bogachev there is no difference in who to rob-state organizations or national minorities. If there is money somewhere, Bogachev will come for it.
He is also accused of influencing the course of the US presidential election along with a group of other "colleagues". The previous president of this country, Barack Obama, imposed sanctions against the alleged perpetrators. Perhaps Evgeny himself did not participate in hacking the servers of the US Democratic Party, according to law enforcement officers of this country. But in the process of hacking, exploits and other software tools created by him were used.
New York Times journalists claim that Bogachev has access to data stored on millions of PCs. These are home systems with vacation photos, computers of various enterprises with secret data stored on disks, and servers of government organizations. Representatives of the mentioned media say that they have almost no doubt that Bogachev infected computers that belong to various government organizations in different countries. The software tools developed by Bogachev, according to representatives of the NYT, are an excellent opportunity for Russian special services to gain access to information from government and commercial computer systems of companies and organizations in other countries. Cooperation here, according to the Americans, is mutually beneficial: cybercriminal No. 1 receives money, and Russian special services receive confidential information.
Fox-IT information security specialists say that the Russian special services are primarily interested in information about the situation in Ukraine and the war in Syria. But there are also attempts to obtain classified information from government computers in the United States.
Bogachev, according to the FBI, became a major figure in the world of cybercriminals more than a decade ago, when he and "colleagues" developed the ZeuS malware. This software appeared in 2006 (according to some sources — in 2007). It is a sample of software designed to perform illegal actions. First of all, the purpose of Zeus is to steal user credentials that are used for conducting financial transactions. In 2012, analysts claimed that Zeus is responsible for 90% of fraudulent transactions in the world.
Zeus infects computers by creating botnets. Moreover, Zeus is not one huge botnet, but several hundred or even thousands of small and medium-sized infected systems. The fact is that the creators sell Zeus to anyone who has money and is willing to spend it on purchasing such specialized software. This system consists of a builder and an administrative panel. The bot's executable code is created by the builder, containing the main module and a configuration file with the address of the control center, script paths, and other important data that is required for the virus to work.
This system is perfectly protected from detection, which allowed Zeus operators to bypass the most advanced security systems in banks, infecting all new computers and computer networks around the world. The FBI claims that Zeus at the time of its formation represented the most advanced of all cyber systems for stealing money, which could not be destroyed for several years.
Americans believe that Bogachev for several years had a huge amount of money, which he spent on the purchase of real estate in different countries, expensive cars and much more. Allegedly, he even had three passports in different names, which gave the cybercriminal the opportunity to travel without any problems. At the peak of Zeus activity, Bogachev had between 500,000 and 1 million infected computers at his disposal.
It is also known about Bogachev that in his work he used the nicknames slavik, lucky12345, pollingsoon. By the way, slavik was the operator of the first version of Zeus. Keith Mularski, an FBI agent, claims that Bogachev is paranoid at work, not trusting anyone.
In 2014, the United States, with the help of ten other countries, conducted Operation Tovar, which allowed law enforcement officers to stop the spread of Zeus and clean thousands of computers from malware. It was then, Mularsky claims, that Bogachev was proven guilty of committing a number of cybercrimes, including stealing information and money by using the capabilities of malicious software.
But in Russia, Bogachev is not found guilty. There is no mutual extradition treaty between Russia and the United States, and Russia is not going to extradite Bogachev to the United States. Austin Berglas, one of the FBI agents involved in the investigation of the Zeus creators, says he is confident that Bogachev will cooperate with the Russian special services. This, he believes, makes it possible for a cybercriminal to stay in the country and successfully avoid punishment for many years. The FBI, according to NYT journalists, is firmly convinced that the Russian special services use malicious software developed by cybercriminals in order to obtain secret data about organizations and companies in different countries. It is interesting that in the storerooms of the spy software used by the CIA, there were programs developed in Russia.
Evgeny Bogachev, for the capture of which the FBI announced a reward of $3 million
Requests for information on the situation in eastern Ukraine, actions in Syria, conflicts in Georgia and Turkey, according to the FBI, began to arrive on computers under Bogachev's control starting in 2011. American experts who have studied this case say that it is impossible to establish the authorship of requests. At the same time, they say that these actions are not related to financial theft, which Bogachev specializes in, which means that the requests were sent by third-party people who are interested not in money, but in information.
Infected computers in various regions received unusual requests. For example, infected systems in Turkey began receiving requests like "supply of weapons" after the US authorities agreed to supply small quantities of weapons to Syrian rebels in 2013. Specific requests were sent to infected computers in other regions, for example, during the Ukrainian events in 2014. It is worth noting that American experts do not share exactly how they managed to find out what requests were received on infected computers in different countries.
The FBI believes that the Russian special services hire black-hat hackers on various forums and sites dedicated to carding and other similar things. One of these resources is the Carding World website. There are strict rules on this and similar resources. One of them is not to work in Russia or the former USSR. According to the NYT, on the same Carding World, users receive a lifetime ban for violating this rule.
Representatives of the FBI have repeatedly tried to establish cooperation with the FSB in terms of working to catch intruders who are engaged in financial fraud, carding and other things. But in fact, cooperation was rarely established. The US Department of Justice even started joking that the Russian special services would rather reward a cybercriminal than hand him over to the FBI. "Almost all hackers charged by the US government were immediately sought out by the Russian government. And each time they were asked to provide logistical and technical assistance," Arkady Bukh, a New York lawyer who often represents Russian hackers who are arrested in the United States, told the NYT. Once, according to the FBI, the attacker, whom the bureau suspected of committing a number of cybercrimes, sent a copy of his passport to a person who was considered by the FBI to be a representative of the Russian special service.
The most interesting thing is that Bogachev lived and still lives, according to the FBI, not hiding. His permanent place of residence is Anapa. Here he has an apartment in a house on the coast. He bought another apartment in Moscow. The cybercriminal also owns a large fleet of luxury cars and a yacht.
US law enforcement officers received a large amount of information about Bogachev from other cybercriminals who "got caught". One of them is Alexander Panin, who is serving a prison sentence in the Kentucky State Prison, USA. This person told the FBI that Bogachev often complained to him about exhaustion from work and the small amount of time he spends with his family (wife and two children).
About the real activity of Bogachev can only guess. Journalists of some media outlets, including USA Today, believe that he is not a lone genius of the criminal world, but the head of a criminal clan that specializes in cybercrime, mainly stealing funds from victims ' accounts.
Along with Bogachev, a certain Alexey Belan, who is accused by the FBI of stealing customer databases of various companies, was also included in the sanctions list signed by Obama. For information about his whereabouts, the FBI offers $100 thousand. The same list includes the head of the Main Directorate of the General Staff Igor Korobov, his first deputies Igor Kostyukov, Vladimir Alekseev and Deputy Sergey Gizunov.
