FBI Offers Biggest Ever Reward For Admin Of Gameover Zeus Botnet

A Russian hacker alleged to be the mastermind behind a highly damaging bank-robbing botnet has had the largest ever bounty for cyber crimes placed on his head.

The US State Department and FBI offered a $3m (£1.9m) reward for information leading to the arrest or conviction of Russian national Evgeniy Bogachev.

Zues Gameover

The bounty is because Bogachev has been charged by the US of running the peer-to-peer GameOver Zeus botnet that is alleged to have stolen more than $100m (£65m) from online bank accounts.

In July 2012 researchers said that the botnet had infected more than 675,000 systems, including those at 14 of the top-20 Fortune 500 companies. But the FBI now thinks that the botnet infected more than 1 million computer systems.

“The software was used to capture bank account numbers, passwords, personal identification numbers, and other information necessary to log into online banking accounts,” said the FBI. “While Bogachev knowingly acted in a role as an administrator, others involved in the scheme conspired to distribute spam and phishing emails, which contained links to compromised web sites.”

The Gameover botnet essentially used a private version of the Zeus framework, a collection of software components needed to compromise systems and manage the resulting network of computers. During its reign, Gameover targeted the customers of banks in the United States, Europe and Asia.

The £1.9m bounty on Bogachev has also included the release of a “Wanted poster”, but whether he will be arrested remains to be seen as he is thought to still be within Russia itself.

Bogachev was known online as “lucky12345” and “slavik”, and he has been charged in Pittsburgh, Pennsylvania, with conspiracy, computer hacking, wire fraud, bank fraud and money laundering in connection with his alleged role as administrator of GameOver Zeus.

Financial Rewards

He also faces federal bank fraud conspiracy charges in Omaha, Nebraska regarding his alleged involvement in an earlier variant of Zeus known as “Jabber Zeus.”

The offer of financial rewards for cyber criminals is nothing new however.

Back in 2011, Microsoft offered $250,000 (£161,433) for information leading to the conviction of the Rustock botnet’s operators. That botnet was taken down by Microsoft, but was capable of sending billions of spam emails per day.

Are you a security pro? Try our quiz!