Moldovan hacker gets time served, deported
A hacker from Moldova who goes by the handle “Smilex” was sentenced Thursday to time served and will be deported for his role in an overseas phishing scheme using the Bugat malware to steal banking information and drain bank accounts with unauthorized wire transfers.
U.S. District Judge Cathy Bissoon also ordered Andrey Ghinkul to pay $3.5 million in restitution to a Delmont oil company targeted in the scheme.
Assistant U.S. Attorney Shardul Desai said Ghinkul’s part in the conspiracy was to provide servers and infrastructure to the Bugat operators in Russia and eastern Europe, for which he was paid a flat fee.
He had faced a sentencing range of up to 108 months in prison but received a downward departure in a deal with prosecutors. No one will say why, and part of the sentencing was handled at a sidebar conference, but such departures are typically a reward for cooperation.
Asked by the judge if he wanted to say anything, Ghinkul declined.
“No thank you,” he said.
Ghinkul’s 2016 extradition to Pittsburgh from Cyprus, where he was nabbed during a vacation, was hailed by former U.S. Attorney David Hickton as an example of the Justice Department’s determination to haul international cyber criminals into American courts.
Ghinkul, 32, part owner of a gas station company, was indicted in Pittsburgh in 2015 and eventually pleaded guilty to a scheme to steal $3.5 million from Penneco Oil in Delmont and an attempt to steal $1 million from the Sharon City School District.
Prosecutors said Ghinkul and his cohorts used their botnet to send out emails to targets in the U.S. and Europe, hoping someone would open the email. Once opened, the malware infected the target computers and stole confidential banking information automatically.
Ghinkul would then use the pilfered banking credentials to initiate wire transfers.
In the case of Penneco, an unsuspecting employee opened the email. Ghinkul and his cohorts were then able to steal millions. They tried to steal from the Sharon district in the same way, but a bank employee blocked the transfer.
The FBI and law officers in the United Kingdom have since shut down Bugat.