Account Takeover Fraud , Cybercrime , Fraud Management & Cybercrime
FBI Alleges Russian Man Laundered Cybercriminals' Money
Suspect Who Was Arrested Turned Cash Into Bitcoin for Gang, Authorities SayThe FBI has arrested a Russian national for allegedly helping an international cybercriminal gang launder its money by turning cash into bitcoin and other cryptocurrencies, according to court documents filed by the investigating agents.
See Also: OnDemand: Assuming control | Can AI reach Autonomous Levels?
Maksim Boiko, 29, was arrested by FBI agents on March 28 in Miami and is in federal custody; he’s expected to be transferred to Pittsburgh in the coming weeks, according to the Pittsburgh Post-Gazette.
When he's arraigned in federal court in Pittsburgh, Boiko will be charged with money laundering, according to court documents. That carries a maximum sentence of 10 years in prison.
In the court documents, FBI agents accuse Boiko, who goes by the online name "gangass," of being a "significant cybercriminal" who provided other criminals with services, such as access to bank accounts around the world and converting cash into bitcoin and other virtual currencies.
FBI agents allege that Boiko worked with a cybercriminal group called "QQAAZZ," which has been in operation since at least 2015, according to the court papers. Agents suspect this gang works with other cybercriminals to help launder money that is stolen from victims' bank accounts using malware and other malicious tools, according to the documents.
In January, the U.S. Department of Justice indicted five Latvian nationals on charges of providing money laundering services for cybercriminals as part of QQAAZZ. One of the men indicted, Aleksejs Trofimovics, is alleged to have run a virtual currency exchange website that was seized by law enforcement in 2017, the court documents note.
Money Laundering Alleged
Boiko and his wife entered the U.S. on Jan. 19 in Miami, according to court documents. Boiko was carrying about $20,000, and when he was interviewed by agents with U.S. Customs and Border Protection, he claimed the money came from investments in bitcoin and Russian rental properties, according to the court papers.
The FBI was monitoring Boiko's Instagram account, and agents eventually were granted a search warrant for his iCloud account, which contained photographs of Boiko posing with substantial sums of U.S. dollars and foreign currencies, the documents show.
In their affidavit, FBI agents allege that the photographs are "evidence of Boiko's unexplained wealth, are inconsistent with the practices of a legitimate business operation and are consistent with the allegations set forth herein that Boiko has engaged in illegal money laundering activities with significant cybercriminals for the past several years."
The FBI alleges that Boiko laundered some stolen funds through bank accounts in China. The FBI also says that Boiko had an account on BTC-e, a now defunct cryptocurrency trading platform, and received $387,964 worth of deposits and had withdrawn 136 bitcoin - worth about $848,000.
Boiko used Jabber, a secure and encrypted messaging platform, to communicate with other cybercriminals, the FBI alleges. In one case, Boiko used Jabber to communicate with a cybercriminal known as "Moneybooster" about other money laundering operations, according to the court documents.
Cybercrime Group
The QQAAZZ cybercrime group comprises individuals from more than a dozen countries, including Georgia, Bulgaria and Latvia, according to the court papers.
The group registered dozens of shell companies it used to open corporate bank accounts at financial institutions in several countries, including the U.K., Portugal, Spain, Germany, Belgium, Turkey and the Netherlands, according to the court papers. These accounts are used to receive and launder stolen money, the FBI alleges.
FBI agents found the name "Boiko Maksim Sergeyevich" while searching the iCloud account of a QQAAZZ member group, which agents allege establishes Boiko's connection with the gang. In addition, screenshots from Boiko's iCloud account show conversations with "salazar001@xmpp.jp," a Jabber account the FBI says is used by QQAAZZ.