Bugat-wielding hacker: Yes, I tried to nick $3.2m from US schools, oil biz

Moldovan malware slinger faces up to 15 years in the cooler

Got Tips? 3 Reg comments

A Moldovan miscreant has admitted infecting computers at a US oil company and school district in an attempt to rob the organizations blind.

Andrey Ghinkul pleaded guilty on Wednesday to charges of conspiracy and damaging computers, all stemming from his involvement with the Bugat malware between 2011 and 2012.

Bugat arose from the shadow of the notorious bank-account-raiding ZeuS software nasty. It was one of many pieces of malware that "filled the gap" left when the ZeuS operation was dismantled by crimefighters.

According to the 31-year-old's indictment, Ghinkul, aka Smilex, tried to steal $999,000 from the Sharon school district in Pennsylvania by infecting its Windows systems with Bugat, and an additional $2,158,600 in a several transactions from Penneco Oil.

The transfer from the school district was spotted and cancelled before it could be carried out. The $2m in heists of the oil company were successful at first, but were later uncovered and reversed.

The Bugat malware, aka Cridex aka Dridex, logs keystrokes on infiltrated machines to capture online banking credentials. Those stolen passwords are used to log into the accounts and drain them into criminals' pockets. The FBI busted the crime kit's masterminds two years ago, about a dozen more people involved in the malware's distribution were arrested last year, and two Moldovan nationals were sent down.

Ghinkul, who appeared in a Pennsylvania federal court this week, was cuffed in 2015 while on the run in Cyprus, and was extradited to America. He now faces up to 15 years in prison, a $500,000 fine tops, and deportation. He will be sentenced on July 13. ®

Sponsored: Practical tips for Office 365 tenant-to-tenant migration


Biting the hand that feeds IT © 1998–2020