The US, through its Departments of Justice and State, and the UK, through its National Crime Agency (NCA), announced the unsealing of criminal charges in Pittsburgh, Pennsylvania, and Lincoln, Nebraska, against Maksim V. Yakubets, aka online moniker, “aqua,” 32, of Moscow, Russia, related to two separate international computer hacking and bank fraud schemes spanning from May 2009 to the present. A second individual, Igor Turashev, 38, from Yoshkar-Ola, Russia, was also indicted in Pittsburgh for his role related to the “Bugat” malware conspiracy.
The State Department, in partnership with the FBI, announced a reward of up to $5 million under the Transnational Organized Crime Rewards Program for information leading to the arrest and/or conviction of Yakubets. This represents the largest such reward offer for a cyber criminal to date.
Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division, U.S. Attorney Scott W. Brady for the Western District of Pennsylvania, U.S. Attorney Joseph P. Kelly for the District of Nebraska, FBI Deputy Director David Bowdich, Principal Deputy Assistant Secretary James A. Walsh of the State Department’s Bureau of International Narcotics and Law Enforcement Affairs (INL), and Director Rob Jones of the Cyber Crime Unit at the United Kingdom’s National Crime Agency (NCA) made the announcement.
“Maksim Yakubets allegedly has engaged in a decade-long cybercrime spree that deployed two of the most damaging pieces of financial malware ever used and resulted in tens of millions of dollars of losses to victims worldwide,” said Assistant Attorney General Benczkowski. “These two cases demonstrate our commitment to unmasking the perpetrators behind the world’s most egregious cyberattacks. The assistance of our international partners, in particular the National Crime Agency of the United Kingdom, was crucial to our efforts to identify Yakubets and his co-conspirators.”
“For over a decade, Maksim Yakubets and Igor Turashev led one of the most sophisticated transnational cybercrime syndicates in the world,” said U.S. Attorney Brady. “Deploying ‘Bugat’ malware, also known as ‘Cridex’ and ‘Dridex,’ these cybercriminals targeted individuals and companies in western Pennsylvania and across the globe in one of the most widespread malware campaigns we have ever encountered. International cybercriminals who target Pennsylvania citizens and companies are no different than any other criminal: they will be investigated, prosecuted and held accountable for their actions.”
“The Zeus scheme was one of the most outrageous cybercrimes in history,” said U.S. Attorney Kelly. “Our identification of Yakubets as the actor who used the moniker ‘aqua’ in that scheme, as alleged in the complaint unsealed today, is a prime example of how we will pursue cyber criminals to the ends of justice no matter how long it takes, by tracking their activity both online and off and working with our international partners to expose their crimes.”
“Today’s announcement involved a long running investigation of a sophisticated organized cybercrime syndicate,” said FBI Deputy Director Bowdich. “The charges highlight the persistence of the FBI and our partners to vigorously pursue those who desire to profit from innocent people through deception and theft. By calling out those who threaten American businesses and citizens, we expose criminals who hide behind devices and launch attacks that threaten our public safety and economic stability. The actions highlighted today, which represent a continuing trend of cyber-criminal activity emanating from Russian actors, were particularly damaging as they targeted U.S. entities across all sectors and walks of life. The FBI, with the assistance of private industry and our international and U.S. government partners, is sending a strong message that we will work together to investigate and hold all criminals accountable. Our memory is long and we will hold them accountable under the law, no matter where they attempt to hide.”
“Combatting cybercrime remains a top national security priority for to the United States,” said INL Principal Deputy Assistant Secretary of State Walsh. “The announcements today represent a coordinated interagency effort to bring Maksim Yakubets to justice and to address cybercrime globally.”
“This is a landmark for the NCA, FBI and U.S. authorities and a day of reckoning for those who commit cybercrime,” said NCA Director Jones. “Following years of online pursuit, I am pleased to see the real world identity of Yakubets and his associate Turashev revealed. Yakubets and his associates have allegedly been responsible for losses and attempted losses totalling hundreds of millions of dollars. This is not a victimless crime, those losses were once people’s life savings, now emptied from their bank accounts. Today the process of bringing Yakubets and his criminal associates to justice begins. This is not the end of our investigation, and we will continue to work closely with international partners to present a united front against criminality that threatens our prosperity and security.”
Fausto Oliveira, Principal Security Architect, says, “This sends a clear message from the DOJ to cybercriminals that there is a commitment to prosecute them across borders, and to ensure that crime does not pay. It also assures the public that this type of crime is not forgotten and that there are active task forces worldwide seeking to detect and apprehend these criminals. The reward angle may tempt some other threat actors or casual connections to denounce them as a way to either take down the competition or obtain some financial gain. The main challenge for the DOJ is if the indicted persons have escaped to a territory that does not have an extradition agreement, in those cases it becomes hard, if not impossible, for the suspects to be brought in front of a judge. It is also worthwhile to mention that there is a secondary victim involved in this type of crime, the money mules. These are persons that are often unaware that they are being used to launder money, selected from at risk social profiles and end up on the radar of the authorities or coerced by gangs to continue to work in this illicit activity. To show the scale of this problem, yesterday Interpol announced that they had tracked 3883 money mules, double the amount of 2018. This rise is worrying and demonstrates that there is concentrated activity by criminal gangs to continue to commit this type of crime.”
Chris Morales, head of security analytics, says, “On one hand, the federal government needs to recognize an effort in prosecuting cyber criminals who target US business and interests. The announcement highlights the scale of cybercriminal activities and the people who operate cybercriminal organizations. On the other, we are dealing with cyber criminals in a foreign country that does not extradite its own citizens unless they want to. If they are indeed found to reside in Russia, it is likely that the Yakubets might never be brought to trial in the US. Perhaps not impossible, but highly unlikely. It could be achieved through diplomacy if considered that important. The alternative is through the US government finding its own way to bring the defendants to the United States against their will, forcibly.”