2 Russian Hackers Accused Of Using Malware Attacks To Steal Millions From Local Entities

PITTSBURGH (KDKA) - Two Russian hackers who allegedly stole millions from local entities have been identified by the FBI and a massive award is out for any information about them.

A federal jury unsealed a 10-count indictment against alleged Russian hackers Maksim Yakubets and Igor Turashev on Thursday.

According to the indictment, Yakubets and Turashev had multiple victims in Western Pennsylvania, including two banks, a school district and four companies. Specifically The Sharon School District, JWF Industries of Johnstown, Penneco Oil of Delmont, First National Bank, First Commonwealth Bank and 84 Lumber.

The alleged crimes date back to the attack on the Sharon School District's bank account to the tune of $999,000 in December of 2011. The attempt was spotted in time to stop the payment from making it to Ukraine and the school district did not lose any money.

84 Lumber was one of the more recent victims being hit in January of this year but a statement from the company says "no information was taken from 84 Lumber."

The hackers allegedly stole millions of dollars, with the most recent hack happening in March of this year.

(Photo Credit: FBI)

The most successful attack in our region came on the Friday before Labor Day in 2012 against Penneco Oil.

Chief Operating Officer Ben Wallace says, "We didn't know we were a victim of an international bank robbery scheme when it occurred."

Wallace says the company executives of Penneco were at lunch on that Friday when, "Our controller and treasurer looked at his phone and said 'I just got thousands of emails.' And the emails continued, kept scrolling up and up and up. He got 70,000 emails in 24 hours."

Meanwhile at the same time back at the office, "Every phone line we owned was ringing and when they picked up the phone no one was there. It was just a hum."

Knowing they were under some form of an attack Wallace says, "I turned off our email services and we went home for the Labor Day Weekend."

But when they got back to work on Tuesday, Wallace says the phone call came from First Commonwealth Bank: "They said 'did you perhaps initiate a large wire transfer to Russia on Friday?' and we said 'absolutely not.'"

Not only had the cyber thieves transferred money, they first moved money between accounts before making the big transfer of $3.5 million dollars.

"First Commonwealth has been excellent handling this," Wallace says. "First Commonwealth alerted Citibank and Citibank was able to alert the bank in Russia so the money never left the account in Russia."

Because the loss had come from a cyber attack that wasn't Penneco's fault, First Commonwealth made the decision to make Penneco whole again by returning the money. The bank then went after the Russian bank and with the help of attorneys were able to get the money back.

Wallace says as soon as they knew they'd been hit, the call went out to the FBI.

Agents were in their office within 45 minutes, and it wasn't long before they determined what had happened.

Wallace says weeks before the attack, a phishing email came into Penneco Oil.

He says, "specifically the controller opened the email not thinking anything of it, saw it was nothing and closed it. What that email did was install keylogging software on his computer so every keystroke was recorded by someone overseas. They obtained his account password, his login information and his security questions."

With that information, pulling off the cyber heist was just a matter of timing and with all the right log-in information, it looked legitimate.

These days Wallace warns everyone he can. "I tell everybody that I speak to, if you get something from the internet, it's fraud until you prove it isn't."

A $5 million reward -- which the Department of Justice says is the largest for a cyber criminal to date -- was offered today for any information leading to the arrest or conviction of Yakubets.

Assistant Attorney General Brian Benczkowski says Yakubets allegedly led a "decade-long cybercrime spree." He accuses Yakubets of using "two of the most damaging pieces of financial malware ever used," resulting in losses of tens of millions of dollars.

The malware, dubbed "Bugat" would automate the theft of confidential and personal financial information.

Yakubets was also indicted in Lincoln, Nebraska.

Watch KDKA News at 5 and 6 for John Shumway's report

Read more
f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.