CLEVELAND, Ohio — It took two mistakes for the FBI and other law enforcement to identify a group of hackers in Romania behind sophisticated malware programs that victimized thousands of people, a federal prosecutor told a jury Monday.
The cybercriminals known as the Bayrob Group did a good job masking their identities, Justice Department senior counsel Brian Levine said Monday during opening statements at a trial in federal court in Cleveland. Their cautiousness allowed them to get away with it for nine years as they ripped off people in Ohio, the United States and the world to the tune of millions of dollars, Levine said.
Bogdan Nicolescu, Tiberiu Danet and Radu Miclaus – the three men the FBI accused of being involved – were arrested in Bucarest, Romania’s capital city, in September 2016 and brought to the U.S. that December on a 21-count indictment.
Nicolescu, a 36-year-old whom prosecutors say led the operation, and Miclaus began both men face prison time if a jury convicts them on charges ranging from wire fraud and money laundering conspiracies, wire fraud and aggravated identity theft.
Prosecutors said in 2016 that victims lost at least $4 millions through sophisticated schemes that resulted in 11 million malicious emails sent to unsuspecting recipients.
The jury was selected Monday, followed by opening statements and testimony in Chief U.S. District Judge Patricia Gaughan’s courtroom.
Danet pleaded guilty in November to eight counts and is expected to testify against his co-defendants.
Levine, who works in the Justice Department’s computer crime and intellectual property section in Washington, said Nicolescu went by the online handle “MasterFraud” and that Miclaus was “Minolta9797.”
The group stole credit card numbers, email addresses and website login information from the hacked computers, he said. Stolen email addresses then received spam messages with malicious attachments that were disguised as, say, a Western Union document, the prosecutor explained.
At its height, the Bayrob group controlled a “botnet,” or a group of computers infected and controlled to send and receive spam messages, that was 400,000 computers strong, Levine said. The computers were infected several ways, including one where the men posted ads on eBay that claimed to sell cars.
When prospective customers sent messages with questions, the Bayrob Group sent pictures in return, Levine said. Those pictures contained malware that allowed the hackers to take over the recipient’s computer.
Once inside, they redirected users a fake eBay page they controlled. When buyers wired money, it went to bank accounts for so-called “money mules” that were unwittingly part of the scheme. Buyers never got their cars. Some lost tens of thousands of dollars and “all they got was infected with a virus,” Levine said.
About 50 residents of Northeast Ohio were defrauded by the group as part of the eBay scheme, the FBI said in 2016. Agents got involved after a woman in Perry, a small village in Lake County, said in 2007 that she lost just under $10,000 through what she thought was a car purchase, Levine said.
Money deposited in U.S. bank accounts was wired to accounts in Europe and, eventually, put into accounts the Bayrob Group controlled.
With such a sophisticated scheme, the mistakes that took them down were actually quite simple, Levine said.
He said the men used America Online and that Miclaus accidentally logged in one day in 2013 with his personal account, instead of the one used in the scheme. As a result, AOL linked the two accounts to the same internet service provider address, Levine said.
The second one was in 2015, when Dinet traveled to Miami to visit friends. While going through customs at the airport, the FBI covertly seized his cellphone and, acting on a search warrant, reviewed it. There they found messages between the three defendants chatting about the computer programs at the heart of the case.
Levine also said three email accounts the men used to discuss the scheme went silent after their arrests. He told the jury that the evidence are like puzzle pieces that can be put together to show a complete picture of the crimes the group committed.
Nicolescu’s attorney Michael Goldberg, however, said some of those pieces “are going to be straight-up lies” and won’t fit.
He said there was no physical link between the data seized by feds, the handle “MasterFraud” and his client. While he doesn’t contest the scheme happened, he said his client, who lived with Miclaus, had nothing to do with it.
Goldberg said the government wants the jury to “take an ocean of data and make you look at it through a pinhole.”
Michael O’Shea, Miclaus’ lawyer, cautioned the jury to weigh all of the charges individually and said the evidence does not show his client is guilty.
The trial is expected to last up to three weeks.
If you would like to comment on this story, please visit Monday’s crime and courts comments section.