Over 200,000 named victims of false Belarusian antivirus

A criminal group headed by a Belarusian citizen has created and distributed a malicious software application over the Internet.

Over $18 million has been stolen using the application. The information was released by Ivan Sudnikovich, a major case investigator of the Information Security and Intellectual Property Crimes Section of the Central Investigation Office of the Investigation Committee of Belarus, on 3 October, BelTA has learned.

Ivan Sudnikovich’s team has finished an investigation into crimes committed by the organized criminal group. The crimes include grand theft using computers, malicious blocking of computer data and applications as well as the development, usage and distribution of malicious software.

Four members of the criminal group have been ascertained by the investigators: the head of the group and three active members. They are all citizens of Belarus. “Thanks to the professionally planned and effectively carried out joint operation of the Investigation Committee, the High-Tech Crimes Office of the Belarusian Interior Ministry, the Cyber Crimes Office of the Ukrainian Interior Ministry these persons have been detained and put into confinement under guard,” said Ivan Sudnikovich. The average age of the detainees is 25 years. Some of them have university degrees and some have jobs.

The investigation has revealed that the mastermind of the criminal group has created a dedicated international-level website, a kind of a social network for criminals. He used the website to unite a stable group of credit card fraudsters under his control. The group united over 100 citizens of various countries with the technical expertise of varying degree for committing high-tech crimes. Every carder had a dedicated role as they prepared for and committed their thefts.

According to Ivan Sudnikovich, the criminal group used a distributed chain of web servers to offer a malicious application on the Internet under the guise of an antivirus. Once installed on the victim’s computer the application mimicked the operation of antivirus software, popping false virus found alerts to deceive users. The application offered an option to buy the full version for the users to protect their computers. Deceived and scared users entered their credit card information on the special websites of the criminal team acting under the belief that they were buying legitimate antivirus software from a reliable developer, said the investigator.

Meanwhile, the criminals used the credit card data to steal money from bank accounts of their victims. From January to April 2010 or within four months the criminals performed over 260,000 thefts from the compromised card accounts to amass over $18 million. Over 200,000 citizens in 125 countries were affected, said Ivan Sudnikovich.

In turn, Alexander Sushko, Head of the Information Security and Intellectual Property Crimes Section of the Central Investigation Office of the Investigation Committee of Belarus, noted that the mastermind received the bulk of the money and distributed some among all the criminals involved. “He was detained in Kyiv. There were five expensive cars in his garage, each worth over $100,000. The property has been seized,” said the official. Other members of the criminal group received money depending on their significance. Some would get $600,000.

“The events took place in 2010. This is why not all the stolen property has been seized. In the first months members of the group managed to hide a large part of the stolen assets. Some of the expensive assets, including an apartment in Kyiv, has been seized. The investigation took a year and a half – the longest time the Belarusian legislation allows to keep people under guard. It took so long to investigate the crime due to the large number of victims,” said Alexander Sushko. According to rough estimates, the false antivirus has infected over 500 million computers and devices susceptible to viral infestation. “Many users did not pay money, they reinstalled their operating systems. Other users paid up,” he noted.

The criminal case against the known members of the criminal group has been forwarded to the Prosecutor General’s Office of Belarus. It will be forwarded then to court that will determine the degree of responsibility of each criminal. For their crimes the fraudsters can spend up to 15 years in prison with property forfeiture. The criminal case against the yet unknown guilty persons has been detached into an independent case and the investigation continues.

The quality and objective investigation has been made possible thanks to professional and effective joint actions of the Investigation Committee of Belarus, the Prosecutor General’s Office, the Belarusian Interior Ministry and law enforcement agencies of over 50 countries, including the USA, Germany, Denmark, Poland, Ukraine, and Russia, stressed Alexander Sushko.