World

Russian hacker gets 4 years in US Prison for malware attacks

Bloomberg Manhattan | Updated on November 22, 2019 Published on November 22, 2019

Representative image   -  Getty Images/iStockphoto

He pleaded guilty to conspiracy for using the malware to infect computers, steal login information for online banking accounts and drain the accounts of more than $800,00

A Russian hacker, who admitted to using malicious software known as NeverQuest to steal hundreds of thousands of dollars from online banking accounts, was sentenced to four years in a United States (US) prison.

Stanislov Lisov, 33, also known as Black or Blackf, pleaded guilty in February to conspiracy for using the malware to infect computers, steal login information for online banking accounts and drain the accounts of more than $800,000. He was extradited from Spain to New York in 2017. He had faced as much as five years in prison if convicted at trial.

This type of cyber-crime threatens personal privacy and harms financial institutions, Manhattan US Attorney Geoffrey Berman said in a statement. Lisovs arrest, extradition, conviction, and prison sentence should send an unmistakable message about this offices firm commitment to prosecuting hackers -- domestic and foreign alike.

According to prosecutors, NeverQuest has been used by hackers in attempts to steal millions of dollars out of bank accounts. The software makes it way onto computers through social media websites, phishing emails or file transfers. Once installed, it identifies when the user attempts to log onto a website and sends the credentials to servers used to administer the malware -- which hackers than can use to remotely control the subject computer, log on to bank accounts and transfer money, change credentials or purchase goods.

Lisov was responsible for creating and administrating a network of computers -- or a botnet -- that contained lists with about 1.7 million login credentials that included user names and passwords, from June 2012 to January 2015, prosecutors said. He also personally gathered login information from victims, they said.

Also on Thursday, federal prosecutors in Brooklyn unsealed a complaint charging a Lithuanian man, Vytautas Parfionovas, with money laundering and fraud for allegedly harvesting login information for online banking and brokerage accounts from 2011 to 2018 and using it to steal money. Parfionovas was arrested in Ukraine on October 24 and extradited to the US on Thursday.

Prosecutors said Parfionovas and co-conspirators used several methods to steal the information. In one example, they allegedly obtained login information for email accounts, accessed the accounts and sent messages to financial advisers requesting wire transfers to overseas accounts. In May 2013, the conspirators got $50,000 from an investment account belonging to US victims and directed the funds into accounts and then eventually to an individual in Kharkov, Ukraine.

According to prosecutors, Parfionovas and others also obtained information for securities brokerage accounts and used the accounts to steal money and make trades -- allowing them to make money while causing losses of more than $5.5 million.

Published on November 22, 2019
This article is closed for comments.
Please Email the Editor