Russian hackers accused of stealing millions - Cyber Hack: Evil Corp Ep1, BBC World Service podcast
By BBC World Service
Key Concepts
- Evil Corp: A sophisticated cybercriminal organization accused of stealing hundreds of millions of dollars and working for the Russian state.
- Maksim Yakubets: Alleged leader of Evil Corp, indicted in the US for cybercrimes, and on the FBI's most wanted list.
- Zeus Malware: Malicious software used by hackers to gain control of computers and steal money.
- Jabber Zeus Crew: A faction of cybercriminals using the Zeus malware, named after the Jabber messaging service they used for communication.
- Money Mules: Individuals recruited by cybercriminals to receive and transfer illicit funds, often unknowingly participating in criminal activity.
- Packet Sniffer: A network tool used to monitor online traffic, allowing for the interception and reading of data packets.
- Cybercrime Prosecution Challenges: The significant labor, expense, and high threshold for aggregated losses required for law enforcement to pursue cybercrime cases.
- Lawrence Baldwin: A cybersecurity legend and network engineer who founded myNetWatchman, dedicated to disrupting cybercriminals.
- Brian Krebs: An independent investigative reporter known for exposing cybercriminals through his blog, krebsonsecurity.com.
Maksim Yakubets and the Display of Stolen Wealth
The transcript begins by contrasting Moscow's underground street racing scene, characterized by beat-up Ladas, with a more brazen form of street racing by the super-rich. These individuals, protected by their status, speed through the city openly. Maksim Yakubets is presented as an example, driving a neon yellow and grey camouflage Lamborghini. His crew's social media presence, featuring flashy cars, cash, and even a pet lion cub, highlights their ostentatious lifestyle.
A significant event discussed is Yakubets's extravagant wedding in 2017, held at an exclusive golf course north of Moscow, costing an estimated $1 million for the venue alone. The event was lavish, with a pavilion decorated like an imperial palace, VIP guests, and performances by Russian pop icons. However, attendees were required to sign Non-Disclosure Agreements (NDAs), and wedding planner images revealed a curious shyness from Yakubets, with his face often obscured or in shadow. This bashfulness is linked to his alleged criminal activities, particularly the vanity license plate on his Lamborghini, "вор" (vor), meaning "thief" in Russian.
Yakubets is indicted in Pittsburgh, Pennsylvania, for his alleged role as the leader of a cybercriminal gang. The FBI has placed him on its most wanted cybercriminals list, offering a reward of up to $5 million for information leading to his arrest or conviction, a reward level comparable to that for war criminals and terrorists. The transcript suggests his outlandish wedding was a display of stolen wealth, accumulated through audacious and sophisticated cybercrimes committed globally.
The Search for Maksim Yakubets and Family Involvement
The narrative follows Joe Tidy, the BBC's cyber correspondent, and Sarah Rainsford, the former BBC Moscow correspondent, as they investigate Evil Corp. Tidy's pursuit of Yakubets leads him to his father, Viktor Yakubets, in Moscow. Viktor denies his son's wealth and dismisses the wedding cost as exaggerated, expressing upset over US and UK accusations.
A significant twist occurs in October 2024 when the British government accuses several of Yakubets's family members, including his father, brother Artem, and cousins Kirill and Dmitri, of being implicated in the criminal empire. Wedding photos, previously seen as a family album, are re-contextualized as a potential police lineup, revealing the alleged involvement of close relatives in the criminal enterprise. The group is described as running operations from the back of an Italian restaurant, viewing themselves as the "new mafioso."
The Genesis of Cybercrime: The Zeus Malware and Early Investigations
The focus shifts to the origins of cybercrime, tracing back to the early days of the internet and the rise of broadband. Lawrence Baldwin, a network engineer, observed the increasing security risks as the internet became more connected. Witnessing constant attack attempts on firewalls, he was driven to understand the attackers' goals, leading him to quit his job and found a cybersecurity firm, myNetWatchman. Baldwin is described as a "dark hero of the internet" who infiltrates criminal organizations.
Baldwin's investigation into the Zeus malware began in the summer of 2009. He discovered a group of cybercriminals using this malware to steal money from victims across the US, including an auto body shop, a plastics company, a Native American tribe, and an order of Franciscan nuns. A tip from a colleague provided a sample of the Zeus code, revealing a reference to a server used for communication. Using a packet sniffer, Baldwin intercepted unencrypted chat communications between the criminals, revealing their activities and bank details.
Challenges in Prosecuting Cybercrime and Lawrence Baldwin's Solo Efforts
Baldwin's initial attempts to share information with law enforcement proved frustrating, as he found that 99 out of 100 times, nothing happened. He learned that prosecuting cybercrime is "massively labor intensive" and "extremely expensive." The reality is that only cases involving tens of millions or even hundreds of millions of dollars are seriously pursued, despite official thresholds being lower. This gap between what hackers can do and what law enforcement can handle allows criminal empires to flourish.
Feeling a sense of obligation to the victims, primarily small businesses that couldn't afford losses, Baldwin decided to act independently. He aimed to "milk this intel for everything it had to disrupt what they were doing" and simultaneously leverage his knowledge of law enforcement constraints to aid their efforts. His first step was to warn potential victims directly, as contacting all 18,000 small banks in the US was impossible. He would calmly inform them of the suspected fraud and urge them to contact their banks immediately.
Brian Krebs Joins the Investigation and the "Jabber Zeus Crew"
Brian Krebs, an investigative reporter for krebsonsecurity.com, joined Lawrence Baldwin in investigating the Zeus malware. Krebs, who had begun learning Russian due to the volume of Russian-based cybercrime, was contacted by Baldwin with a tip about eavesdropping on hacker conversations. Together, they aimed to expose the pervasive threat to small businesses.
Krebs also began warning companies he saw mentioned in the hacker chats, emphasizing the need to contact their banks. He observed that most small business owners were unaware of their vulnerability, and many banks were encountering Zeus for the first time, recognizing it as a "game changer."
The Zeus malware operated by creating a backdoor into infected computers, allowing hackers to steal passwords and control the machines. Its success led to a flood of stolen data, overwhelming even the criminals. To manage this, a faction known as the "Jabber Zeus crew" emerged. They programmed their malware to alert them via the Jabber messaging service when an infected computer logged into a bank.
The Bullitt County Heist and the Use of Money Mules
A specific case study detailed is the hacking of Bullitt County, Kentucky. The Jabber Zeus crew infected the county treasurer's computer, gaining access to the county's bank account. They redirected one-time passcodes to an email address they controlled, enabling continuous access. They then added fake employees to the county payroll, who were actually money mules recruited online. These money mules received payroll payments, withdrew cash, and wired it overseas, primarily to Ukraine. The payments were kept just under $10,000 to avoid increased scrutiny. Over a week, more than $400,000 was stolen before the fraud was detected.
Brian Krebs investigated some of these money mules, discovering they were often victims themselves, unaware of their involvement in a scam. They were typically young women who thought they were helping a company move money abroad. One woman stopped the transfer after becoming suspicious, while another proceeded and was later held accountable by the bank.
The Impact of Exposure and the Revelation of Personal Lives
Krebs's reporting on the Bullitt County heist, published in The Washington Post, quickly reached the Jabber Zeus hackers, including "Aqua" and "Tank." They expressed anger and frustration at being exposed, acknowledging that "the entire USA knows about Zeus." This exposure confirmed to Lawrence and Brian that Aqua and Tank were indeed key figures.
Further digging into their Jabber communications revealed mundane details about their lives, including chatter about lunch, cars, holidays, and, significantly, the birth of their children. This personal information provided a crucial lead, as baby names and parent registrations are official records. The transcript concludes by hinting at a larger cavalry, including the FBI, preparing to act on this information, setting the stage for the next episode.
Chat with this Video
AI-PoweredHi! I can answer questions about this video "Russian hackers accused of stealing millions - Cyber Hack: Evil Corp Ep1, BBC World Service podcast". What would you like to know?