Thursday, September 30, 2010

New York FBI: 17 Wanted Zeus Criminals

The New York FBI needs your help. Today they announced indictments against thirty-seven cybercriminals involved with Zeus. Ten of these were arrested previously in the recent past. Ten more were arrested today. The other seventeen are "At Large".

I'll let you read for yourself the charges against the many criminals by visiting the FBI's New York Field Office announcement:

FBI New York Press Release

A wanted poster, showing the seventeen "At Large" criminals is available here:

Seventeen Zeus Criminals Wanted by FBI

If you find clues about any of these people make sure to get them to your local FBI office! (Send us a copy too! gar at cis dot uab dot edu)

Wanted: Ilya Karasev

Known aliases: Goran Dobric, Alexis Herris, Fransoise Lewenstadd, Fortune Binot, Diman Karasev

Status: J-1 Visa issued May 2008. Converted to F-1 Visa in December 2008. Terminated January 11, 2010


April 13, 2010 - presented a Belgium passport in the name of Fransoise Lewenstadd to a TD Bank branch to open an account.

April 19, 2010 - presented a Greek passport in the name of "Alexis Herris" to open a TD Bank account.

June 2, 2010 - received $4200 stolen funds into the TD Bank Herris Account. Withdrew $4,000 from a TD Bank branch in Ocean Township, NJ.

July 1, 2010 - presented a foreign passport in the name "Fortune Binot" to open a TD Bank account in Brooklyn, New York

May 3, 2010 - "Herris" opened a Bank of America account. Received $12,300 in unauthorized wire transfer to that account.

May 20, 2010 - "Herris" withdrew $9,000 from Neptune, NJ branch. Made two debit card purchases totaling $3581.40 at a convenience store in Jersey City, NJ. (That's a lot of Doritos!!!)

Several more items are known with BOA withdraws from Little Silver, Little Eatontown, and Red Bank, New Jersey from a Bank of America "Fortune Binot" account.

There was also JP Morgan Chase activity.

Open Source Intelligence:

Facebook Profile

An Ilya Karasev, with many friends in New Jersey, has a Facebook account. In this picture from the account, he looks to be the same person as pictured above.

Other photos on his site include Ilya riding a bus, standing in front of Applebee's Time Square in New York. Ilya attended Volgograd State Technical University, class of 2005, where he majored in "Motor Transport."

Wanted: Dmitry Saprunov

Known Aliases: Lean Marc Garrot, Bazil Kozloff, Milorad Petrovic

Status: Entered the United States on May 19, 2009 on a visa.

A cooperating subject says that Saprunov lives as roommates with fellow co-conspirator Nikolai "Robert" Garifulin in an apartment in Brooklyn, New York. Subject says they recently accessed a safety deposit box, probably at Wachovia Bank. Gariflun recently traveled to Russia to "pay the hackers" carrying $150,000 cash concealed in his luggage.


June 4, 2010 - Saprunov opens a TD Bank account in Manhattan using a foreign passport in the name of "Bazil Kozloff".

June 7, 2010 - Saprunov uses the Kozloff identity to open a Bank of America account in Bronx, New York.

June 11, 2010 - Saprunov opens a TD Bank account in Brooklyn using a passport from Belgium in the name of "Lean Marc Garrot".

June 12, 2010 - Saprunov opens a BOA account in Long Island, New York using the Garrot identity.

June 29, 2010 - $14,000 is wired to the Kozloff BOA account.

July 6, 2010 - just under $14000 is wired to the Garrot BOA Account.

July 6, 2010 - "Garrot" withdraws $13,9450 in four transactions from a teller and three ATM machines in Bradley Beach, New Jersey

Open Source Intelligence:

Facebook Profile:

(from the Facebook album "AVE" (Possibly Avenue New York Club?) by Sergey Palychev.
Also pictured: Alejandro Martinez, Elizaveta Osadchikh, Anastasia Yudintseva, Natalya Vassilyeva

(Interesting note: Ildar Mukhamedov is a friend of both Saprunov and Karasev on facebook, and they are friends of each others.)

Watcha Got?

More will be added as time allows. If you have something you'd like to share, send it in!

Go Go, Maltego!!

Wanted: Lilian Adam

Known Aliases:

Wanted: Marina Oprea

Known Aliases:

Wanted: Kristina Izvekova

Known Aliases:

Wanted: Sofya Dikova

Known Aliases:

Wanted: Artem Tsygankov

Known Aliases:

Wanted: Catalina Cortac

Known Aliases:

Wanted: Ion Volosciuc

Known Aliases:

Testimony from State Department DSS Agent

Wanted: Artem Semenov

Known Aliases: Valentin Kulakov, Alexey Michinnik, Arvind Shah, Fred Teschemacher, Tokin Waaran, David Warren

Entered the country June 1, 2009 on a J1 Visa, stating that he was a full-time student at Kazan State University of Technology.

Arrested December 17, 2009 by NYPD at a Manhattan branch of Bank of America, trying to open an account in the name of Nicholas Congleton. Arraigned on December 18th. Failed to appear in court on February 22, 2010.

On January 15, 2010, Customs agents intercepted a package from the Republic of Moldova destined for Artem shipping new passports to him. The passports were from the Federal Republic of Yugoslavia and were issued in the names of Petar Stojanovic and Victor Rajkov.

A collaborating witness testified that Artem recruited Almira and Julia (below) to work for him. The CW says that the two were provided with tickets to fly from New York City to Las Vegas on August 25, 2010.

Wanted: Almira Rakhmatulina

Known Aliases: Natalia Davidova, Irina Sergeeva

On June 6, 2010 Almira entered the country traveling on a J1 Student Visa stating that she was a full-time student at Omsk State University.

On July 16, 2010, Almira opened a TD Bank account in the name of Natalia Davidova using a Greek passport in that name. On July 17th, the same passport was used to open a Wachovia Bank account in New York City.

On July 20, 2010, Almira opened a TD Bank account in the name of Irina Sergeeva, using the same Brooklyn street address that she used with the Natalia Davidova account. A Greek passport for the Sergeeva alias was used as proof of identity.

A balance check of that account was made using an ATM in Las Vegas, Nevada on September 17, 2010.

Wanted: Julia Shpirko

Known Aliases: Ekaterina Kaloeva, Ekaterina Smirnova

On June 6, 2010, Shpirko entered the country traveling on a J1 Student Visa stating that she was a full-time student at Omsk State University.

On or about July 20, 2010, Shpirko opened a TD Bank account was opened in Manhattan in the name of Ekaterina Smirnova.

Wanted: Yulia Klepikova

Known Aliases:

Wanted: Maxim Panferov

Known Aliases:

Wanted: Nikolai Garafulin

Known Aliases:

Wanted: Dorin Codreanu

Known Aliases: Savvas Paian

On April 21, 2010, Dorin opened a Chase account using a Greek passport in the name Savvas Paian.

On May 11, 2010, the Chase-Paian account received $10,246 from a victim in Illionois.

On May 18, 2010, Dorin opened a TD Bank account using the same identity, but making it a business account in the name "Savvas Import Group LLC".

Open Source Intelligence:

Savvas Import Group, LLC is a "fruit and vegetable" importer, using the address "1612 Kings Highway Apartment 48, Brooklyn, NY 11229-1210", according to
Manta puts their phone number as 347.530.9785 begin_of_the_skype_highlighting              347.530.9785      end_of_the_skype_highlighting

That phone number also belongs to "Brooklyn Fruit Vegetable Growers Shippers" and "Neptune Fruit Vegetable Growers Shippers" which both have the same street address as well.

On June 3, 2010, the

Wanted: Stanislav Rastorguev

Known Aliases:

No comments:

Post a Comment

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.