A federal jury on Thursday convicted two Romanian nationals of aggravated identity theft and wire fraud, among other charges, for a scheme to use malware to steal credit card information and then sell that data on underground websites.
A 12-day trial found Bogdan Nicolescu and Radu Miclaus guilty on 21 counts. In addition to wire fraud and identity theft, they were convicted on money laundering and counterfeit charges.
The men were accused of infecting and controlling over 400,000 computers, most of which were in the U.S., as part of the long-running fraud scheme that included cryptocurrency mining. The scheme also involved robbing people of millions of dollars by duping them into making fraudulent purchases on supposed auction sites.
Prosecutors described a methodical enterprise that used stolen credit card numbers to rent server space, register domains, and pay for virtual private network services.
Nicolescu and Miclaus, who are both in their 30s and from the Romanian capital of Bucharest, developed proprietary malware over a decade ago, and distributing it with emails purporting to be from the IRS, Norton Antivirus, and Western Union, prosecutors said. The defendants took the credit card information and user names and passwords from the infected computers, and disabled antivirus tools and blocked access to law enforcement websites, prosecutors said.
The malware pulled email addresses from an infected computer, which were then used to distribute it further, according to a Department of Justice press release. By forcing compromised computers to register new email accounts, the men allegedly sent tens of millions of malicious emails.
Nicolescu and Miclaus are due to be sentenced on Aug. 14. They were arrested in Romania in September 2016 and extradited to the U.S. in December 2016, according to a DOJ spokesperson.
Thursday’s conviction follows the bust of a Romanian cybercrime ring that prosecutors say defrauded people of millions of dollars.