A computer hacker from Moldova charged in an email phishing scheme used to steal millions from a Westmoreland County business and an attempt to steal nearly $1 million from the school district in Sharon appeared Friday in U.S. District Court after being extradited from Cyprus.
U.S. Attorney David Hickton said an FBI plane picked up Andrey Ghinkul, also known as “Smilex,” on Thursday and brought him here to face charges Mr. Hickton’s office filed in the summer.
He said his prosecutors have brought charges against computer criminals in Europe and China, a practice criticized by some who questioned whether overseas defendants would ever appear in the federal court building in Pittsburgh.
This one did, although he fought extradition every step of the way.
U.S. marshals hauled him in handcuffs before a federal magistrate judge Friday afternoon.
“As we are dealing with the dynamic challenge of fighting cybercriminals, whether it’s people who live in Eastern Europe, people are stealing intellectual property in China, notorious cybercriminals who might be in Russia or wherever they may reside, we remain committed here to treating everyone the same,” Mr. Hickton said. “If you are violating the law, it doesn’t matter your status or where you reside — we are going to charge you and try to find you.”
Ghinkul was charged by complaint here in August. A grand jury indicted him in October. He was arrested while on vacation in Cyprus.
Federal agents say he and others operated the Bugat botnet, which used malware to automatically steal confidential information from infected computers by monitoring keystrokes and web browser use.
The malware was distributed to victims through email and was designed to defeat antivirus measures.
Agents said Ghinkul and others used the malware to steal banking credentials. They then used those credentials to initiate electronic fund transfers from victim bank accounts.
The FBI estimated the loss in the U.S. at $10 million.
The victims in Western Pennsylvania were the Sharon City School District and Penneco Oil in Delmont.
Ghinkul and his cohorts tried to electronically transfer $999,000 from the Sharon district’s account at First National Bank in December 2011 to an account in Ukraine by accessing account information through a phishing email opened by a school district employee.
An alert bank employee blocked the transfer, Mr. Hickton said.
But the oil company wasn’t as fortunate. In 2012, agents said, the conspirators transferred about $3.5 million from the company’s account at First Commonwealth Bank to accounts in Russia, as well as an additional $76,000 to an account in Philadelphia.
Torsten Ove: firstname.lastname@example.org