Dear Columbia we are going to need you to extradite Mihai Ionut Paunescu -thanks America - updated with 1999 & 2010 MLAT
You can only be a fugitive for so long - Paunescu GOZI VIRUS, Zeus Trojan and Spyeye Trojan - the Trifecta of Banking Trojans
per the Associated Press:
Colombian officials say they have arrested a Romanian hacker who is wanted in the U.S. for distributing a virus that infected more than a million computers from 2007 to 2012.
Mihai Ionut Paunescu faces computer intrusion and banking fraud charges in New York, where prosecutors say he was part of a ring of criminals that developed and spread the “Gozi” virus and other forms of malware that were used to steal money from bank accounts.
Former US Attorney Preet Bharara, March 2013 Presser
Mihai Ionut Paunescu, a/k/a "Virus," a Romanian national who allegedly ran a "bulletproof hosting" service that enabled cyber criminals to distribute the Gozi Virus, the Zeus Trojan and other notorious malware, and conduct other sophisticated cyber crimes, was arrested in Romania in December 2012.
U.S. V. Nikita Kuzmin
U.S. v. Nikita Kuzmin Complaint Circa 2010
U.S. v. Nikita Kuzmin Information circa 2015
U.S. V. Deniss Calovskis
U.S. v. Deniss Calovskis Fourth Superseding Indictment
I mean you do understand that all roads do lead back to Silk Road - right ? Oh you’d like to doubt my assertion? That’s fine - here’s my rebuttal by way of the Government’s filing
MEMORANDUM in Opposition by USA (SDNY-ECF link to Document 26) as to Ross William Ulbricht re 19 FIRST MOTION to Dismiss Challenging the Face of the Indictment..
Exhibit A -SDNY-ECF Link
Exhibit B -SDNY-ECF link
Exhibit C -SDNY-ECF link
U.S. V. Mihai Ionut Paunescu
U.S. v. Mihai Ionut Paunescu Complaint
U.S. v. Mihai Ionut Paunescu Indictment
This goes without saying Justice always gets justice - it doesn’t matter how long it takes - remember that earlier this month after ten freaking years Doyon was arrested so YES the wheels of justice actually do grind slowly but they grind and that’s something you need to remember. Irrespective of some folks saying “spare me the wheels of justice grind slowly” my retort spare me your bullshit mobs gotta mob. Because what consistently takes the mob down? Here honey I’ll spell it out for you T-A-X-E-S yes it’s always taxes.
Apologies I momentarily digressed - back to Paunescu -who’s likely sitting in a holding in “Bienvenido a Bogotá” but it’s curious -see the March 2013 DOJ-OPA
According to this March 2013 DOJ-OPA - which reads in part:
Mihai Ionut Paunescu, a/k/a "Virus," a Romanian national who allegedly ran a"bulletproof hosting" service that enabled cyber criminals to distribute the Gozi Virus, the Zeus Trojan andother notorious malware, and conduct other sophisticated cyber crimes, was arrested in Romania in December 2012.
So how did Mihai Ionut Paunescu turn up in Columbia in June 2021? Because I can’t find any reporting (but it’s also possible I’m beat tired) that he escaped custody - I mean I’m sure he did but it’s interesting that the local Columbian Media reported that he was taken in to custody at the International Airport in Bogota Columbia but the local Columbian newspapers haven’t stated if he was boarding an international flight —because I’d like to know where he planned on flying to and when he arrived in Columbia. But again I am in awe of our FBI —it doesn’t matter how long it takes them - eventually they will catch the criminal and that makes me very grateful to the countless men and women of the FBI.
I had originally posted this in the comments but felt it was important enough to update the main article. For those who are unaware - YES the United States of America has a “in force” Treaty colloquially known as a MLAT with Romania;
May 26, 1999
https://www.state.gov/wp-content/uploads/2019/02/13037-Romania-Judicial-Assistance-May-26-1999.pdf
AMENDMENT 2007 - “into force” February 1, 2010
I know that in 2013 the charges he faced have a maximum allowable >60 years but I can’t find any filing that shows a Romanian Court refused to extradite him. All of which is moot because he’s sitting in a cell in Bogota. I’m also 99% certain we’ve already commenced extradition from Columbia. But the primary question remains;
…how and when was he allowed to leave Romania?
Copious public reporting stated that Paunescu was arrested in Romania circa 2013 (technically he was arrested on or about December 22, 2012) and the Defendant was actively trying to fight his extradition- but from March 2013 to June 2021 it’s like he “vanished” - so I’ll ask again: how did he end up in Bogota Columbia in June 2021?
MIHAI IONUT PAUNESCU, a/k/a "Virus," ran what we now call “Bulletproof Hosting” this provided cyber criminals with infrastructure to carry out their cyber crime-ing (not sure if that’s an official word). PAUNESCU‘S platform allowed for the proliferation of pernicious malware - specifically banking Trojans. His list of accomplishments include:
GOZI VIRUS see KrebsOnSecurity Gozi File
Zeus Trojan
Spyeye Trojan
Both Zeus and Spyeye later morphed into the GameOver Zeus Botnet - which you can disagree with me - but it’s important to understand (or at least in my industry we are always looking for the Higgs-Boson) and sometimes you need to pull the the lens back - like way back to “in the beginning” because once you have the start of something— only then can you take a look at the evolution and ultimately the take down. But there are always parts in between A to Z —the key is identifying if there’s a corollary or correlation.
PAUNESCU other claim to fame was his ability in covering up criminal activity. Meaning if Law Enforcement identified an IP or a list of IPs PAUNESCU would quickly and skillfully switch IPs and/or set up multiple proxies which would (at times) simultaneously ping the IPs from numerous locations—which frustrated Law Enforcement’s efforts to lock, trace and trap. In non legalese or geek talk PAUNESCU game of playing hide and seek was on a whole different level. Keep in mind we are talking circa 2007 thru 2013.,
The Trio of Malware PAUNESCU created and operated also relied on the prolific use of botnets. The DDOS attacks aka “BlackEnergy” crippled victims, financial institutions and ultimately unjustly enriched PAUNESCU and other co-conspirators.
Paragraph 8 further explains the mechanism of BlackEnergy and the impact it had on a whole host of industries.
Also it is worth noting that PAUNESCU monicker “VIRUS” -at times his online persona bordered on pure arrogance — he would email both his victims and “clients” saying things like “I am the Virus answer me” —one person who deserves a ton if not all the credit is Don Johnson - in late 2006 he not only traced but tracked some of PAUNESCU et al activities. I highly recommend you read this circa 2007 CSO article
Because his researched helped the FBI and our international partners lock on to the C2 servers and IPs and ultimately it was enough for the DOJ and FBI to obtain various Court Orders to disrupt this insidious trifecta malware and its many botnets.
PAUNESCU Trio of Banking Trojan virus infected millions of computers in the United States, Germany, United Kingdom, Poland, France, Finland, Italy and Turkey and some financial institutions and including computers belonging to the National Aeronautics and Space Administration (NASA)
The Gozi Virus had a sophisticated way to distribute the virus to victims’ computers;
In one method, the virus would be disguised as a benign .pdf document which, when opened, secretly installed the Gozi Virus on the victim’s computer
Once installed, the Gozi Virus – which was intentionally designed to be undetectable by anti-virus software – collected data from the infected computer in order to capture personal bank account information including usernames and passwords.
Then data would be transmitted to various computer servers controlled by the cyber criminals who used the Gozi Virus.
Based on local reporting from Columbia it appears Columbia Law Enforcement apprehended Mihai Ionut Paunescu - at the El Dorado International Airport. So I’d keep an eye out for the DOJ and State Department announcements. For the record I am going to be super slammed at work and I drafted this article in after 11PM on June 29th but sending out 3 or 4 newsletters in one day seemed a bit like overkill.
Also BOLO for today’s Judiciary Hearing regarding the secret subpoenas see House Judiciary Tweet
Like I said I’m going to be super slammed at work because for some reason someone scheduled two depos for the same day and I can’t clone myself but apparently one of my bosses thinks I can - see you later in the afternoon -Filey
Crazy good reporting Filey! I can’t find anything about how or when he got to Columbia. Just that he’s managed to avoid extradition from Romania to US since 2012. Is it possible he’s been hiding in Columbia for years but now they’ve decided to give him up to gain favor w/ US?
“Paunescu had been arrested in Romania in 2012, but was able to avoid extradition. Colombia’s Attorney General’s office said he was detained at Bogota’s international airport, sporting a thick beard and wearing a red t-shirt.”