FBI Charges Woman With Writing Code For 'Trickbot' Ransomware Gang (justice.gov) 38
Slashdot reader Charlotte Web summarizes a Department of Justice press release: The U.S. Department of Justice says "millions" of computers around the world were infected with the Trickbot malware, which was used "to harvest banking credentials and deliver ransomware."
In February they arrested a 55-year-old woman in Miami, Florida, saying she and her associates "are accused of infecting tens of millions of computers worldwide, in an effort to steal financial information to ultimately siphon off millions of dollars through compromised computer systems," according to Special Agent in Charge Eric B. Smith of the FBI's Cleveland Field Office. In October ZDNet was calling Trickbot "one of today's largest malware botnets and cybercrime operations."
Yesterday that woman — Alla Witte, aka "Max" — was arraigned in federal court in Cleveland, Ohio. According to the indictment, Witte worked as a malware developer for the Trickbot Group and wrote code related to the control, deployment, and payments of ransomware.
From the Department of Justice announcement:
The ransomware informed victims that their computer was encrypted, and that they would need to purchase special software through a Bitcoin address controlled by the Trickbot Group to decrypt their files. In addition, Witte allegedly provided code to the Trickbot Group that monitored and tracked authorized users of the malware and developed tools and protocols to store stolen login credentials... Witte and her co-conspirators allegedly worked together to infect victim computers with the Trickbot malware designed to capture online banking login credentials and harvest other personal information, including credit card numbers, emails, passwords, dates of birth, social security numbers and addresses. Witte and others also allegedly captured login credentials and other stolen personal information to gain access to online bank accounts, execute unauthorized electronic funds transfers and launder the money through U.S. and foreign beneficiary accounts...
If convicted, Witte faces a maximum penalty of 30 years in prison for conspiracy to commit wire and bank fraud; 30 years in prison for each substantive bank fraud count; a two-year mandatory sentence for each aggravated identity theft count, which must be served consecutively to any other sentence; and 20 years in prison for conspiracy to commit money laundering.
The indictment alleges that "beginning in November 2015, Witte and others stole money and confidential information from unsuspecting victims, including businesses and their financial institutions in the United States, United Kingdom, Australia, Belgium, Canada, Germany, India, Italy, Mexico, Spain, and Russia through the use of the Trickbot malware." The AP reports the group is now accused of targeting high-reward victims which included hospitals, schools, public utilities, and governments, as well as real estate and law firms and country clubs.
Interestingly, this case is part of the U.S. Department of Justice's "Ransomware and Digital Extortion Task Force," with its Criminal Division working with the U.S. Attorneys' Offices and prioritizing the disruption, investigation, and prosecution of ransomware "by tracking and dismantling the development and deployment of malware, identifying the cybercriminals responsible, and holding those individuals accountable for their crimes," according to the department's statement. "The department, through the Task Force, also strategically targets the ransomware criminal ecosystem as a whole and collaborates with domestic and foreign government agencies as well as private sector partners to combat this significant criminal threat."
"These charges serve as a warning to would-be cybercriminals," said Deputy Attorney General Lisa O. Monaco, "that the Department of Justice, through the Ransomware and Digital Extortion Task Force and alongside our partners, will use all the tools at our disposal to disrupt the cybercriminal ecosystem."
In February they arrested a 55-year-old woman in Miami, Florida, saying she and her associates "are accused of infecting tens of millions of computers worldwide, in an effort to steal financial information to ultimately siphon off millions of dollars through compromised computer systems," according to Special Agent in Charge Eric B. Smith of the FBI's Cleveland Field Office. In October ZDNet was calling Trickbot "one of today's largest malware botnets and cybercrime operations."
Yesterday that woman — Alla Witte, aka "Max" — was arraigned in federal court in Cleveland, Ohio. According to the indictment, Witte worked as a malware developer for the Trickbot Group and wrote code related to the control, deployment, and payments of ransomware.
From the Department of Justice announcement:
The ransomware informed victims that their computer was encrypted, and that they would need to purchase special software through a Bitcoin address controlled by the Trickbot Group to decrypt their files. In addition, Witte allegedly provided code to the Trickbot Group that monitored and tracked authorized users of the malware and developed tools and protocols to store stolen login credentials... Witte and her co-conspirators allegedly worked together to infect victim computers with the Trickbot malware designed to capture online banking login credentials and harvest other personal information, including credit card numbers, emails, passwords, dates of birth, social security numbers and addresses. Witte and others also allegedly captured login credentials and other stolen personal information to gain access to online bank accounts, execute unauthorized electronic funds transfers and launder the money through U.S. and foreign beneficiary accounts...
If convicted, Witte faces a maximum penalty of 30 years in prison for conspiracy to commit wire and bank fraud; 30 years in prison for each substantive bank fraud count; a two-year mandatory sentence for each aggravated identity theft count, which must be served consecutively to any other sentence; and 20 years in prison for conspiracy to commit money laundering.
The indictment alleges that "beginning in November 2015, Witte and others stole money and confidential information from unsuspecting victims, including businesses and their financial institutions in the United States, United Kingdom, Australia, Belgium, Canada, Germany, India, Italy, Mexico, Spain, and Russia through the use of the Trickbot malware." The AP reports the group is now accused of targeting high-reward victims which included hospitals, schools, public utilities, and governments, as well as real estate and law firms and country clubs.
Interestingly, this case is part of the U.S. Department of Justice's "Ransomware and Digital Extortion Task Force," with its Criminal Division working with the U.S. Attorneys' Offices and prioritizing the disruption, investigation, and prosecution of ransomware "by tracking and dismantling the development and deployment of malware, identifying the cybercriminals responsible, and holding those individuals accountable for their crimes," according to the department's statement. "The department, through the Task Force, also strategically targets the ransomware criminal ecosystem as a whole and collaborates with domestic and foreign government agencies as well as private sector partners to combat this significant criminal threat."
"These charges serve as a warning to would-be cybercriminals," said Deputy Attorney General Lisa O. Monaco, "that the Department of Justice, through the Ransomware and Digital Extortion Task Force and alongside our partners, will use all the tools at our disposal to disrupt the cybercriminal ecosystem."
Re: (Score:2)
You might be aware that the DoJ has a ransomware task force, others might not be.
All the huffery and puffery, and charges.. (Score:1)
Will she do a deal (Score:2)
... and cough up the names of the rest of the gang (assuming she knows them) or will she spend the rest of her life behind bars? Start the clock....
Re: Will she do a deal (Score:2)
Re: (Score:2)
I'm betting it's a trans
Relevant quote: (Score:1)
Re: (Score:2)
So... world record? (Score:2)
World record for the longest jail sentence? The identity theft charges are going to be what, a few tens of millions of years, consecutively?
Soft Target (Score:3)
Cleveland.
When they get the gang in Pyonyang, Novosibirsk, or Changsha let me know.
It Can't Be Her, She's Old (Score:3, Interesting)
Re: (Score:2)
Times change. Much like Jitterbug marketing phones to older people who grew up with Bill Haley and the Comets and weren't old enough to have danced the Jitterbug in clubs when it was popular.
These days, the old card wollopers are in their 60s and 70s.
Re: (Score:2)
Re: (Score:2)
Apparently malware dev is the only IT field without age discrimination. Good to know for the future.
Inspiration to the little girls everywhere (Score:5, Funny)
Re: (Score:1)
Re: (Score:1)
All hail progress! (Score:4, Insightful)
It is so encouraging to see that women are finally breaking the glass ceiling in malware development.
Misogynists!!! (Score:1)
Free speech... (Score:3)
Re: (Score:2)
While you are (probably?) joking, it does actually raise a thorny question. Is heavily criminalizing writing a piece of software, and to be clear I'm not talking about deploying, I'm talking about writing it,something we REALLY want to be sending a woman to prison for the rest of her life for?
Because what we are doing then is imprisoning the gun maker, instead of the gunman. Are we ok with that? Should we round up all he gun store owners and charge them with first degree homicide, because they know full wel
Re: (Score:2)
She wasn't changed with 'writing a piece of software'. She was charged with being part of a criminal gang that was infecting machines and doing identify theft. There is no more 'thorny issue' than there is with the getaway driver being charged in a bank heist.
This isn't a case of someone wrote a piece of software and someone else misused it, she wrote the software specifically for the crime.
Re: (Score:2)
Re: (Score:2)
The scum here is you: You are repeating the tired old lie that atheism indicates amorality. Actual reality shows that atheists neither would want to nor could compete with the religious on murder, rape, child abuse, war, etc.
A warning to cybercriminals (Score:2)
These charges serve as a warning to would-be cybercriminals
The warning is: never operates from outside of Russia.
Re: (Score:2)
And if you blow the whistle on them you better be on a flight to Russia (which won't get grounded by the US, like they did trying to nab Snowden).
A drop in the ocean (Score:3)
The USA demands "opportunity" and "employment" and she got both. The message here is, most of the gang profits from cyber-crime. The US DoJ is proving that ransomware is another business that outsources jobs and associated risk, and prison (for someone) is just the cost of doing business. Not a comforting thought for the tiny fish that is caught but for the 'tiny fish', "opportunity" matters more.
Longest sentence in history? (Score:2)
..""millions" of computers around the world were infected with the Trickbot malware, which was used "to harvest banking credentials and deliver ransomware." ..."a two-year mandatory sentence for each aggravated identity theft count, which must be served consecutively"
So if her malware used the harvested data to pose (digitally) as someone else and stole money and if that counts for aggravated identity theft then is she facing a MULTI-MILLION YEAR sentence? I don't think I've ever heard of something so long
Re: (Score:2)
Ever heard of writer Robert Sheckley?
He wrote a short story in this topic - a multi thousand year sentence of hard labor - to which immortality comes for free.
Re: (Score:2)
She was charged with 19 counts, not 'millions'. Do you really think some prosecutor is going to go to the trouble to put together a case with miilions of counts? Ot that a grand jury would ever be able to consider such a case? Or that a judge would ever stand for a million count indictment? They would have to prove every one of those counts. She wouldn't have to worry about a long sentence, because the trial would never end.