Cybersecurity

FBI offers record reward for top cyber crook

The FBI is pulling out all the stops to bring in one of its most wanted cyber criminals.

The agency on Tuesday unveiled a $3 million reward for any information leading to the arrest or capture of Evgeniy Bogachev, the elusive Russian hacker allegedly behind the GameOver Zeus malware, which infected up to 1 million computers worldwide last year and stole banking and other personal information.

{mosads}It’s the largest reward ever offered for a cyber criminal, the FBI said.

“It sends a message,” said Robert Anderson, who leads the FBI’s Criminal, Cyber, Response, and Services Branch, during a roundtable discussion with reporters.

And it represents a new FBI tactic to get hackers into the U.S. court system.

“We’ve really not done something like this,” Anderson said.

“We are using all the tools in the toolbox,” added David Hickton, U.S. attorney for Pittsburgh, where Bogachev was indicted.

Bogachev has allegedly been working on iterations of his Zeus malware since 2007. Millions of computers in the U.S. are thought to be infected, mostly through users clicking on links or attachments in fake emails. Once Zeus has infiltrated a system, it can monitor the computer and steal data.

“He’s a very clever and cunning criminal,” Hickton said.

Since then, Bogachev has worked his way up the FBI’s cyber most wanted list. Joseph Demarest, assistant director of the FBI’s Cyber Division, told reporters his unit is pushing to get Bogachev on the bureau’s overall top 10 most wanted list.

Given the frosty relationship between the U.S. and Russia, where Bogachev is believed to be, Moscow has unsurprisingly not cooperated with bringing the fugitive to the U.S. to stand trial, Demarest said.

“He’s in Russia,” Demarest said bluntly. “He’s not leaving.”

Still, officials are convinced the $3 million bounty could have an effect.

“The blogs of hackers around the world will light up,” Anderson said.  

Demarest pointed to a previous incident where a “rather low” reward helped in the capture of a Mexico-based hacker.

It’s all part of the government’s broader efforts to actually secure convictions against remote hackers, who are nearly impossible to track down or extradite.

The Justice Department last May indicted five members of the Chinese army for hacking, but few expected the individuals would ever see a U.S. courtroom.

Hickton acknowledged it will be hard to get those five hackers to stand trial. But he said the government is considering an “array” of options to achieve justice in other ways, such as sanctions.

“I believe that the future holds that we may find that we will bring them to justice in another form,” he said. “There may be a Treasury consequence for this behavior. there may be a Commerce consequence for this behavior.”