WASHINGTON (Reuters) - U.S. authorities on Thursday targeted a Russian cybercriminal group known as Evil Corp, indicting its Lamborghini-driving alleged leader and ordering asset freezes against 17 of his associates over a global, $100 million digital crime spree.
The action against Evil Corp., described by officials as one of the most damaging criminal organizations on the internet, comes with a $5 million bounty issued for information leading to the arrest of its alleged leader, Maksim Yakubets.
British authorities described the 32-year-old Yakubets as a supercar-lover who customized his Lamborghini license plate to read “Thief” in Russian and ran his operation from the basements of Moscow cafes.
“Yakubets is a true 21st century criminal,” U.S. Assistant Attorney General Brian Benczkowski said. “He’s earned his place on the FBI’s list of the world’s most wanted cyber criminals.”
Evil Corp is alleged to be behind an ever-evolving family of malicious software known as Dridex, which has bedeviled banks and businesses since it first appeared in 2011. The malware works by hacking into banks and businesses and making rogue financial transfers that are eventually funneled back to the hackers. It has since also branched out into ransomware.
Underlining alleged links between cybercriminals and the Russian state, U.S. Treasury officials said Yakubets worked on the side for Russia’s Federal Security Service (FSB), its domestic intelligence agency, and stole classified material on Moscow’s behalf.
One senior U.S. Treasury official said he had even applied to the FSB for a license last year to handle secret documents.
Even so, FBI Deputy Director David Bowdich said the Russian government had been “helpful to a point” in their request to track the hackers down. He and other U.S. officials declined to comment on whether either of the two men had links to the Russian government.
The FSB did not immediately reply to a Reuters request for comment sent after hours in Russia on Thursday.
The Kremlin said on Friday that Moscow has repeatedly called for closer international cooperation on investigations into cyber crime, which it described as a “very serious” challenge, but that its proposals have been broadly rejected.
The Dridex malware targeted smaller businesses and organizations that lacked the sophisticated cyberdefenses of larger organizations, U.S. officials said.
Though the indictments only mentioned incidents in Nebraska and Pennsylvania, victims spanned the United States - including a dairy company in Ohio, a luggage firm in New Mexico and a religious order in Nebraska, Bowdich told a news conference.
Losses totaled $70 million in the United States alone, officials said.
The crackdown straddled the world of cybercrime and intelligence. The U.S. Treasury and Justice Departments worked in coordination with Britain’s National Crime Agency, which published a series of photographs and video of the hacker’s lavish, devil-may-care lifestyle that featured pictures of his camouflaged car streaked with florescent yellow.
The director general of the British agency, Lynne Owens, said Yakubets and Evil Corp “represent the most significant cyber crime threat to the U.K.,” a sentiment endorsed by John Shier, an expert at U.K.-based cybersecurity company Sophos.
“I’d put them in the top tier,” he said of the group’s operators.
American and British companies were targets of choice, according to U.S. Treasury officials, but they said France, Italy, the United Arab Emirates, India and Malaysia were also badly affected.
In addition to Yakubets, his close associate Igor Turashev, 38, was also indicted in the United States on Thursday for allegedly serving as the group’s technical administrator. British authorities say they have already arrested and convicted eight other members of the network.
Reuters could not immediately locate contact details for Yakubets and Turashev, who have not been arrested and are believed to be still at large.
This is at least the second major effort by American authorities and their allies to bring down Evil Corp - whose eye-catching name appears to be more of nickname than a formal company. A 2015 indictment charged Yakubets and Turashev with a series of fraud and hacking crimes, but they were never arrested and - following a brief disruption - Dridex went right back to stealing money.
Shier, of Sophos, said Thursday’s attempt appeared to be more robust - but he doubted that Yakubets would ever see justice. “What are the chances this guy is going to face trial in the United States?” he said. “Probably next to zero.”
Even so, officials described the charges as an important step that strips the hackers of their anonymity and makes it more difficult for them to travel internationally.
Benczkowski, head of the U.S. Justice Department’s Criminal Division, said the group was carrying out crimes as recently as May. “It is fair to say they are not out of business at this point,” he said. “But that is our ultimate goal.”
Reporting by Raphael Satter and Andy Sullivan; Additional reporting by Mark Hosenball and Jack Stubbs in London, Susan Heavey and Lisa Lambert in Washington, Andrey Ostroukh and Tom Balmforth in Moscow, Jonathan Stempel in New York; Editing by Nick Zieminski and Alistair Bell/Mark Heinrich