Threat Management, Incident Response, TDR

Extradition suspended for Gozi virus co-conspirator

The European Court of Human Rights (ECHR) has suspended the extradition of a 28-year-old Latvian man accused of co-authoring and co-distributing the notorious Gozi virus.

On Wednesday, Latvian ministers voted seven to five, with one abstention, to approve extradition of Deniss Calovskis to the United States, according to the Associated Press (AP). Calovskis' attorneys appealed to the ECHR and the extradition was suspended the next day, according to Germany-based DW news.

Many in Latvia opposed the extradition because a guilty sentence could put Calovskis away for 67 years, which was deemed to be excessive. Calovskis will remain in Riga Central Prison, where he has been since his arrest in December 2012.

The Gozi virus was a sophisticated trojan that preyed on targeted banking customers to steal their login credentials and other private information. The spokesman for Prime Minister Valdis Dombrovski told ministers prior to the vote that there was sufficient evidence to link Calovskis to the crimes, according to AP.

The Gozi virus first appeared on the scene in 2005, and earlier this year federal prosecutors said the trojan had infected at least 100,000 computers worldwide, including 25,000 in the United States, and racked up tens of millions of dollars in losses.

Federal prosecutors announced that alleged Gozi virus creator Nikita Kuzmin, 25, of Russia, was arrested in New York in November 2010 and pleaded guilty to hacking and fraud charges six months later. In 2009, he was alleged to have sold the Gozi source code for $50,000 a pop, plus a percentage of profits.

Calovskis was hired to develop injection code, which was used to alter webpage appearances on banking sites to confuse infected consumers. Mihai Paunescu, 28, of Romania, was picked up in Romania in January and is charged with renting servers to hide Gozi's communications. He faces up to 60 years jail time in the U.S. indictment.

In order to gain access to bank accounts, victims of Gozi were often prompted to share personal information, including mother's maiden name, Social Security number, driver's license details and PIN code.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.