Although you probably have not heard of Nikita Kuzman or the Gozi malware he created, Kuzman has dramatically changed the world in which we live. Kuzman, a Russian with degrees earned in computer science at two major Russian universities invented the Gozi malware which was unleashed on an unsuspecting public in 2007. This malware was among the first to be able to steal bank account related data including usernames and passwords from the infected computers of its victims and then use this information to steal money from the victims’ accounts. Gozi infected more than a million computers throughout the world and was used to steal tens of millions of dollars from individuals, companies and even government agencies such as NASA. However, what distinguishes Kuzman from other cybercriminals who have created similar types of malware is that Kuzman then created the business model for implementing the use of the malware by leasing the use of Gozi to less sophisticated cybercriminals, who would pay Kuzman a fee of $500 per week for the use of the Gozi malware which would send the stolen information to computers controlled by Kuzman who would, in turn, provide the data to the criminals spreading the malware so long as they paid their weekly leasing costs.
According to Troels Oerting, the head of Interpol’s European Cybercrime Centre, there are only about a hundred cybercriminal masterminds like Guzman in the world today. The proliferation of small and large scale computer crimes perpetrated against individuals, companies and government agencies is primarily accomplished by less accomplished cybercriminals who have purchased or leased the malware from innovators such as Kuzman who initiated this business model. And like any business, the criminals who do create this malware also routinely provide tech support and updates for a price.
Kuzman was recently sentenced in the U.S. District Court for the Southern District of New York to various computer crimes and was required to pay a financial penalty of $6,934,979. The prison sentence imposed was a mere 37 months of time served pending his trial. The reason for this light sentence is that Kuzman because of his continuing cooperation with federal investigators regarding others charged with similar crimes.
An important element of the story about the Gozi malware and other similar types of malware is that regardless of how sophisticated the malware is, it is useless until it is downloaded on to the computers of its intended victims and this is generally done not through complex software or technology, but rather by luring unsuspecting victims into clicking on links and downloading attachments in socially engineered phishing emails. And just as the malware itself has gotten more sophisticated over the years, so have the psychologically compelling spear phishing emails used to spread the malware. Malware tainted phishing emails formerly addressed to “Dear Customer” now come addressed to you by name and often contain sufficient personal information to cause victims to trust the emails and click on the tainted links. The lesson is clear. Trust me, you can’t trust anyone. Never click on a link or download an attachment until you have absolutely confirmed that the email or text message sent with a link or attachment is legitimate.