Latvia unhappy about US extradition of Gozi Trojan creator

Severe US sentencing behind reluctance

Latvia's Foreign Affairs Minister has expressed unhappiness at US attempts to extradite the alleged co-creator of the Gozi data-stealing Trojan, citing the disproportionate severity of sentence he might receive if found guilty.

In January, the US Department of Justice (DOJ) publically indicted Deniss Calovskis, along with alleged accomplices Mihai Ionut Paunescu and Nikita Kuzmin, for their roles in using Gozi to infect 1 million PC, including 40,000 based in the US, stealing tens of millions of dollars.

Russian national and non-programmer Kuzmin was said to have come up with the idea for the malware while Latvian Calovskis customised it to attack bank websites; Romanian Paunescu was said to have organised the 'bulletproof' (i.e criminal) hosting servers.

Now, in a website statement, Latvian Minister of Foreign Affairs Edgars Rinkevics has expressed his unhappiness that Calovskis, arrested in December 2012, could face a 60-year stretch under US laws.

"In my view, such a penalty is disproportionate to the amount, and so far no-one has been able to conclusively dispel my fears that it might be otherwise," he said in a statement translated from Latvian by the BBC.

He also question whether the crimes Calovskis was accused of had actually taken place on US soil and suggested that if found guilty he should be able to serve his sentence in Latvia.

In Internet malware terms, Gozi is ancient history. The three men are said to have started the project in 2005 as part of a pioneering example of banking malware, which these days is a mainstream threat category. Gozi was first spotted by security vendors in late 2006 or early 2007 when its appearance caused some alarm.

Once up and running, the creators are alleged to have leased the software at $50,000 (plus a cut of profits) a time to more experienced Internet criminals who used to for campaigns against specific banks.

The main vector was booby-trapped PDFs and keylogging, exfiltrating the stolen credentials back to servers.

The DOJ position remains that Internet cybercriminals should no longer be able to feel they are beyond the reach of global law.

"Cyber criminals believe that their online anonymity and their distance from New York render them safe from prosecution. Nothing could be further from the truth, as today's charges demonstrate," said Southern District of New York attorney, Preet Bharara in last January's indictment presentation.

As to the severity of US sentencing guidelines, the DOJ would doubtless also argue that in the absence of effective international prosecution of cybercriminals, US law should act as a worldwide deterrent.

Join the CSO newsletter!

Error: Please check your email address.

Tags BBCPersonal TechsecurityUS Department of JusticeDepartment of Justice

More about BBC Worldwide AustralasiaDepartment of JusticeDOJUS Department of Justice

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts