Gameover for Slavik - The Cybercrime Kingpin Behind the Zeus Malware
Evgeniy Bogachev unmasked
A 30-year old shaven headed Russian with a fondness for boating on the Black Sea is the man being sought by law enforcement agencies around the world as the mastermind behind the Gameover Zeus malware network which has just been disrupted by Operation Tovar.
While Operation Tovar has disrupted the operation of Gameover, it is expected that Evgeniy Mikhailovich Bogchev and his gang of cybercriminals will have the malware back up and running within weeks.
The operation took an unprecedented level of cooperation between law enforcement agencies from 11 countries as well as multiple private security companies, giving us some idea of just how important the man behind Gameover is.
Slavik unmasked
Evgeniy Bogchev was born on the 28 October 1983, but by the time he reached his 25th birthday he was a celebrity on the underground cybercrime world - though no one knew his real name.
Bogchev is known by a lot of names.
Best known on underground forums as Slavik, he is also known as Monstr, IOO, lucky12345, Pollingsoon, and Nu11.
However, following a two-and-a-half-year FBI investigation, Bogachev's real world identity has been revealed linking him not only to the creation and operation of the Gameover Zeus botnet and malware network, but also to the creation of the original Zeus Trojan which first surfaced back in 2007 when Bogachev was only 24.
In 2010 it was widely reported that the creator of Zeus had retired from developing it, and that he had handed over the source code for the malware to a rival - the creator of SpyEye - who then merged the two codes.
Back to the drawing board
However rather than retiring Bogachev looks to have gone back to the drawing board and created a new piece of malware with a sophisticated and decentralised, peer-to-peer command and control infrastructure rather than centralised points of origin - making a takedown of the botnet more difficult.
Bogachev also changed his business model, and rather than selling the new tool to all-comers, he strictly controlled the use of Gameover.
The FBI investigation has revealed that Bogachev ran a tightly knit group of cybercriminals based primarily in Russia and Ukraine who are responsible for distributing Gameover and the pernicious Cryptolocker ransomware.
Along with the successful disruption of the Gameover botnet, the FBI has charged Bogachev with conspiracy, computer fraud, wire fraud, bank fraud and money laundering.
He has also been placed on the FBI's Most Wanted list with a reward on offer for information that leads to his arrest.
Boating on the Black Sea
While the 30-year-old cybercrime kingpin's current whereabouts are not known, he has a postal address in the western Russian town of Anapa located on the northern coast of the Black Sea. With a population of around 60,000, the town is best known for being totally demolished by the Nazis during World War 2.
According ot the detailed personal information listed on the FBI's most-wanted list, Bogachev is 5'9" in height, weighs about 180lbs, has brown eyes and has brown hair - though he typically keeps his head shaved.
The description goes on to say that Bogachev is known to enjoy boating and may travel to locations along the Black Sea coast. He also owns property in Krasnodar, which is in the same administrative areas as Anapa
In the FBI's description of him on their most wanted list, Bogachev is said to work in the Information Technology field, which is likely an ironic addition by the FBI agents.
© Copyright IBTimes 2024. All rights reserved.