14 DAY TRIAL // Nikita Kuzmin, 28, of Russia, was sentenced yesterday to time served (37 months) and the forfeiture of $6,934,979 as damages caused by his creation, the Gozi banking trojan.
Kuzmin created Gozi in 2007 and marketed it on underground hacking forums using the "76" nickname. The malware was innovative when it was created, being the first that had a MaaS (malware-as-a-service) offering.
Other criminal groups could come to Kuzmin and rent the malware and its infrastructure, dubbed the "76 Service," for around $500 per month.
Kuzmin is the man that created the Gozi banking trojan
The Gozi banking trojan worked by using "Web injects" modules which tapped into Web browser processes on infected computers. These Web injects would overlay fake Web pages when the user would visit a banking portal.
Kuzmin or other criminals would receive the information entered in these fake Web pages on their servers. This included login details and bank account details. The crooks would then use this information to log in in the victim's name and initiate fraudulent transactions.
It's because of banking malware like Gozi that banks started deploying two-factor authentication en mass at the start of the 2010s.
Authorities arrested Kuzmin in the US in 2010. Kuzmin reached a cooperation agreement with the prosecutors and pleaded guilty later in 2011.
Two other hackers were also involved
Besides Kuzmin, US authorities also indicted two other suspects, known collaborators of Kuzmin.
One of them is Deniss Calovskis, a Latvian hacker that created many of Gozi's Web inject modules. Authorities arrested Calovskis in November 2012, and after a long, drawn-out extradition process, he was sent to the US where he recently also received a 21-month prison sentence for time served.
The second suspect that aided Kuzmin is a Romanian national, Mihai Ionut Paunescu, who was arrested in 2012 in Romania, and who is still fighting extradition to the US. Popescu's role in the whole Gozi affair was to provide bulletproof hosting.