Sign up to our newsletter
Computer hacking is today a widespread, worldwide phenomenon, involving everyone from ‘script kiddies’ and activists to cyber-crime gangs and nation states. We Live Security looks at some of the world’s most wanted hackers who remain on the run, despite the wanted posters and big bounty signs.
Evgeniy Bogachev is currently right at the top of the FBI’s top most wanted hackers and there’s good reason why – the Russian is widely-believed to be the writer, developer and mastermind behind the Gameover Zeus botnet which, when working in tandem with the CryptoLocker ransomware, infected some 500,000 PCs worldwide.
Zeus looked to steal bank account numbers, passwords and other personal details, while it was also used to distribute CryptoLocker – the ransomware used to take over computers, encrypts files and demand a ransom in exchange for their decryption and safe return.
These two combined made for a powerful force – it’s believed that Bogachev was able to steal around $100 million prior to law enforcement disrupting the infrastructure behind Zeus and CryptoLocker.
Bogachev, known as “lucky12345” or “slavik” online, had other team members helping to conduct spam and phishing emails as the initial hook for victims. He was first indicted by a federal grand jury in Nebraska in August 2012 under charges of conspiracy to participate in racketeering activity, bank fraud, conspiracy to violate the Computer Fraud and Abuse Act, conspiracy to violate the Identity Theft and Assumption Deterrence Act, and aggravated identity theft. Just last year, he was finally indicted under his real name.
United States is offering a $3 million reward for information leading to the arrest or conviction of Bogachev, as reported by We Live Security here.
People’s Liberation Army Unit 61398 (China)
Last May, a grand jury in the Western District of Pennsylvania indicted what is believed to be five members of the People’s Liberation Army (PLA) Unit 61398, widely believed to be China’s prolific cyber-army.
The group was charged with 31 criminal counts, including; conspiring to commit computer fraud; accessing a computer without authorization for the purpose of commercial advantage and private financial gain; damaging computers through the transmission of code and commands; aggravated identity theft; economic espionage; and theft of trade secrets.
It is alleged that, between 2006 and 2014, Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu and Gu Chunhui – all allegedly officers in the PLA Unit 61398 – were involved in a hacking conspiracy to compromise the computer networks of six American companies during times when the firms were engaged in negotiations, joint ventures or legal action with, or against, state-owned enterprises in China.
It is alleged that the Chinese hackers used their illegal access to steal proprietary information including, email exchanges between company employees and, more crucially, trade secrets relating to technical specifications for nuclear plant designs.
All five are charged with one count of conspiracy to commit computer fraud, eight counts of unlawfully trying to access information for commercial advantage, 14 counts of trying to secretly damage protected computers, six counts of identity theft, one count of economic espionage, and one count of trade secret theft. The US companies involved include Westinghouse, SolarWorld, the US Steel Corp, Allegheny Technologies, Alcoa and the US Steelworkers’ Union.
If captured, each of the five faces a maximum sentence of 217 years in prison.
Alexsey Belan, a Russian national, is wanted for his alleged role in the hacking of three US-based companies between January 2012 and April 2013.
He is understood to have hacked into the computer networks of three major e-commerce companies in Nevada and California, stealing their user databases and sending them onto his own server. He also allegedly stole user data and the encrypted passwords of accounts, before selling the databases (presumably on the dark web).
Two separate federal arrest warrants for Belan have been issued dating back to September 2012, and they see the Russian charged with obtaining information by computer from a protected computer; possession of fifteen or more unauthorized access devices; and aggravated identity theft. The second warrant, issued in the following June, came after Belan was charged with two counts of fraud in connection with a computer and two counts of aggravated identity theft.
The FBI is offering a reward of up to $100,000 for information leading to the arrest of Belan, who is also considered an international flight risk.
Ercan Findikoğlu is suspected of stealing $60 million in card fraud and faces a possible 247 years in jail.
At one stage number two on the FBI’s most wanted list, Findikoğlu, 33, stands accused of participating in numerous cybercriminal operations, most notably the hacking of the EnStage and ElectraCard payment card processors in India.
He and his team allegedly managed to alter the prepaid debit cards and remove the withdrawal limits. These cards were then distributed to his cyber-criminal gang around the globe along with stolen pin to orchestrate a coordinated withdrawing spree. The withdrawals were so successful that the group was believed to have stolen $45 million through around 140 ATMs in New York alone.
Findikoğlu, first charged by the FBI in 2008, had previously run similar payment scams against cards from a bank in the UAE.
Yet despite being arrested by German police on an international warrant at Frankfurt airport in December 2013, he is yet to be extradited to the US. While a lower German court initially ruled that the police could extradite, Findikoglu appealed to the German supreme federal court, which overturned the decision. It said that there was no guarantee Findikoglu would not receive a disproportionate sentence if extradited to the US.
Andrey Nabilevich Taame
Syrian national Andrey Nabilevich Taame allegedly played a role in “Operation Ghost Click”, a malware scheme which infected more than four million computers in over 100 countries between 2007 and 2011.
The malware, ‘DNS Charger’, enabled hackers to modify browser settings on Windows to redirect traffic to advertising sites with malicious ads. The virus was first detected on NASA’s computer network.
Taame’s accomplices were arrested in November 2011 but Taame, who was born in Syria, remains on the run.
Farhan Ul Arshad
Farhan Ul Arshad is wanted for his alleged involvement in an international telecommunications scheme which defrauded individuals, companies and governments across the world, for almost four years and for millions of dollars.
Between November of 2008 and April of 2012, Arshad is believed to have compromised computer systems and conducted the scheme which ultimately defrauded victims of amounts in excess of $50 million. The international scheme involved members of a criminal organization that extended into Pakistan, the Philippines, Saudi Arabia, Switzerland, Spain, Singapore, Italy, and Malaysia, among other nations.
In June 2012, a federal arrest warrant was issued for Arshad , a Pakistan national working as a telecoms manager, in a United States District Court after he was indicted for conspiracy to commit wire fraud; conspiracy to gain unauthorized access to computers; wire fraud; and unauthorized access to computers.
FBI is offering reward of up to $50,000 for information leading to his arrest. Arshad was last known to be in Malaysia.
Author Karl Thomas, ESET