An Eastern European man was set to face a federal judge in Pittsburgh on Friday on charges he ran an international email phishing scheme that enabled him and others to steal banking information from U.S. companies.
Andrey Ghinkul, 30, is from Moldova. He was arrested in August while on vacation in Cyprus and was extradited to Pennsylvania last week.
Prosecutors plan to ask that he remain jailed until trial, because they say he a risk to flee prosecution.
U.S. victims of the Bugat malware that infected computers of those who opened the phishing emails lost about $10 million, the FBI said. The charges were filed in Pittsburgh partly because the greatest threats involved a bank and a school district in western Pennsylvania. Worldwide, businesses and others have lost at least $25 million, U.S. Attorney David Hickton said.
An employee of Penneco Oil Company Inc. in Delmont opened an email that attacked the computer and enabled Ghinkul and others to attempt bank transfers in the company's name.
The hackers moved nearly $2.2 million from a Penneco account to a bank in Krasnodar, Russia, in August 2012 and moved $1.35 million from a Penneco account to a bank in Minsk, Belarus, in September 2012, authorities said. Another attempted transfer of about $76,000 to a Philadelphia bank account that same month failed, the indictment said.
Penneco's senior vice president, D. Marc Jacobs, said the company learned they'd been hacked after an employee's email went berserk in May 2012. The company's computer consultant referred them to the FBI.
The company's bank, First Commonwealth based in Indiana, Pennsylvania, is now considered the victim in the case because it restored the stolen funds. Any restitution will go to the bank.
The Sharon City School District was also a victim of the scheme. Hackers tried and failed to transfer $999,000 from one of its bank accounts to an account in Kiev, Ukraine, in December 2011, the indictment said.