Moldovan man charged in Pittsburgh over $25M in computer hacker losses
The victims of a vast international computer hacking scheme thought they might never see a defendant brought to trial in Pittsburgh.
But the FBI on Thursday sent an airplane to Cyprus and returned with Andrey Ghinkul, 30, of Moldova, who has been accused of conspiring to run a hacking scheme that stole an estimated $25 million through phishing malware that stole victims’ personal and bank information. He attended an initial appearance hearing Friday at the federal courthouse, Downtown.
“As we are dealing with the dynamic challenge of fighting cyber criminals … we remain committed here to treating everyone the same,” U.S. Attorney David Hickton told reporters. “If you are violating the law, it doesn’t matter your status or where you reside, we are going to charge you and try to find you.”
Ghinkul maintains his innocence, his lawyer, Arkardy Bukh of New York City, told the Tribune-Review. Ghinkul will be represented by a public defender until the court approves Bukh’s representation in the case.
The government has a high burden of proof to show that Ghinkul was the hacker operating the computer behind the attacks, Bukh said.
“The typical defense in those cases is that the government will have to face an uphill battle in proving that this is the guy,” Bukh said. “… The typical defense is that someone used the name as a shield to frame someone else.”
Ghinkul has been charged with conspiring with others to distribute malware — known variously as Dridex, Cridex or Bugat — to steal personal and banking information from infected computers around the world.
Hackers could then use the stolen credentials to authorize fraudulent wire transfers worth millions of dollars from victims’ bank accounts.
Local victims of the hacking schemes include Penneco Oil Co. in Delmont and the Sharon City School District, prosecutors have said.
Criminals transferred more than $3.5 million from Penneco’s bank account to accounts in Krasnodar, Russia, and Minsk, Belarus, on Aug. 31, 2012, and Sept. 4, 2012, according to court documents.
“They informed us early on that the likelihood of physically apprehending the perpetrators was very low,” said Ben Wallace, Penneco’s chief operating officer. “We appreciate their diligence and hard work.”
Separately, hackers targeted Sharon City schools on Dec. 16, 2011, trying to move $999,999 from the district’s bank account to an account in Kiev, Ukraine, prosecutors said. A diligent bank employee thwarted the theft by calling the district’s business manager for confirmation of the large transfer.
“We had every confidence that at some point they would be tracked down, but as the years went by, you kind of wondered where that’s going to go,” said Michael Calla, superintendent of Sharon City schools.
The FBI estimates that losses from the scheme in the United States are about $10 million, while worldwide losses are close to $25 million. Those are conservative estimates, Hickton has said.
In recent years, Hickton has shifted federal priorities to indicting computer hackers no matter where they live, bringing charges against military officers in China and computer programmers in Russia and other Eastern European countries. He has vowed all along to bring them to justice in Pittsburgh.
“Fairly, there has been a discussion and a debate of the question of whether our work will lead to arrests,” Hickton said. “… I remain committed to bringing individuals to justice in this building where we can and that we will work very hard at this.”
Ghinkul was arrested in Cyprus while on vacation in August and extradited to the United States this week, after fighting his case all the way to the Cyprus supreme court.
“It was a long battle in Cyprus, which unfortunately our client lost, so he will face justice in the United States,” Bukh said.
Other high-profile hacking defendants who have been indicted in foreign countries — including five members of China’s People’s Liberation Army — remain at large.
Andrew Conte is a member of the Tribune-Review investigations team.