December 2016 brought the US government some progress on prosecuting foreign cybercriminals. Last month, three Romanians were extradited to face charges in the US for running a cybercrime ring using custom-built malware and money mules to steal at least $4 million. Chinese authorities also got their hands on one of three Chinese citizens charged by the US with insider trading on confidential information gleaned from the servers and networks of law firms involved in M&A work. The US is seeking the extradition of the apprehended hacker by the Chinese government.

It is reported that the three Romanians were arrested by the Romanian National Police following an eight-year FBI investigation. A 21-count indictment awaited them upon their extradition to Ohio, unsealed on December 17, 2016, charging them with wire fraud, identity theft, money laundering and trafficking in counterfeit goods or services. Known as the Bayrob Group, they allegedly used phishing attacks and malware to rob their victims. Disseminating its Bayrob Trojan through emails made to look like legitimate sources (e.g. Western Union, Norton Antivirus and the U.S. Internal Revenue Service), they prompted the recipient to click on an attached file, which upon clicking released the Bayrob Trojan to roam around their computers. Later versions of the Bayrob Trojan harnessed the infected computer’s processing power to mine for cryptocurrency. Symantec’s security response team, which worked in conjunction with the US government on the investigation, estimates the total losses over eight years to be as much as $35 million, sending 11 million malicious emails and running a botnet composed of 300,000 infected PCs.

Only one of the three Chinese hackers has been taken into custody (currently held by the Chinese government in Hong Kong), the two others remain at large. The US alleges that the three began hacking two US law firms (and targeting five others) in April 2014, installing malware on the firm’s servers to access lawyers’ emails. By surveilling law firm’s emails, they obtained insider information on which they traded. They are alleged to have earned $380,000 on trades of Intermune, a drug company acquired by Roche in 2014; in 2015 they are alleged to have made $1.4 million trading on Altera, bought by Intel, and $841,000 on Borderfree, acquired by Pitney Bowes. All three were charged in the Southern District of New York with conspiracy, wire fraud, computer intrusion and insider trading. Southern District of New York U.S. Attorney Preet Bharara is quoted as stating with respect to the Chinese hackers:

“This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking, because you have information valuable to would-be criminals.”