European man held until hearing in phishing scam

February 27, 2016 by Joe Mandak

An Eastern European man was ordered held Friday until a detention hearing on charges he ran an international email phishing scheme that enabled him and others to steal banking information from U.S. companies.

Andrey Ghinkul, 30, is from Moldova. He was arrested in August while on vacation in Cyprus and was extradited to Pennsylvania last week.

A federal judge set his arraignment and detention hearing for March 2. Prosecutors plan to ask that he remain jailed until trial because they say he a risk to flee prosecution.

U.S. victims of the Bugat malware that infected computers of those who opened the phishing emails lost about $10 million, the FBI said. The charges were filed in Pittsburgh partly because the greatest threats involved a bank and a school district in western Pennsylvania. Worldwide, businesses and others have lost at least $25 million, U.S. Attorney David Hickton said.

An employee of Penneco Oil Company Inc. in Delmont opened an email that attacked the computer and enabled Ghinkul and others to attempt bank transfers in the company's name.

The hackers moved nearly $2.2 million from a Penneco account to a bank in Krasnodar, Russia, in August 2012 and moved $1.35 million from a Penneco account to a bank in Minsk, Belarus, in September 2012, authorities said. Another attempted transfer of about $76,000 to a Philadelphia bank account that same month failed, the indictment said.

Penneco's senior vice president, D. Marc Jacobs, said the company learned they'd been hacked after an employee's email went berserk in May 2012. The company's computer consultant referred them to the FBI.

The company's bank, First Commonwealth based in Indiana, Pennsylvania, is now considered the victim in the case because it restored the stolen funds. Any restitution will go to the bank.

The Sharon City School District was also a victim of the scheme. Hackers tried and failed to transfer $999,000 from one of its bank accounts to an account in Kiev, Ukraine, in December 2011, the indictment said.

"Today's news demonstrates the investment, commitment and resolve of all of us, and especially the FBI, to bring cyber criminals thought to be untouchable to justice here in western Pennsylvania," Hickton said.

Explore further: Moldovan phishing scheme took $3.5M from drilling accounts

Related Stories

Moldovan phishing scheme took $3.5M from drilling accounts

October 14, 2015

A man from the eastern European country of Moldova ran an email phishing scheme that enabled him and others to steal banking information from U.S. companies, including $3.5 million taken from the accounts of a western Pennsylvania ...

US disrupts hacking schemes that stole millions

June 2, 2014

A band of hackers implanted viruses on hundreds of thousands of computers around the world, secretly seized customer bank information and stole more than $100 million from businesses and consumers, the Justice Department ...

Dozens charged in NY in global computer virus scam

September 30, 2010

(AP) -- Hackers in eastern Europe who used computer viruses to steal usernames and passwords teamed up with foreign students who opened bank accounts in the U.S. to snatch at least $3 million from American bank accounts, ...

Bank-stealing malware returns after US crackdown

July 11, 2014

Malicious software used to steal millions from bank accounts has re-emerged a month after US authorities broke up a major hacker network using the scheme, security researchers say.

Recommended for you

Microsoft aims at Apple with high-end PCs, 3D software

October 26, 2016

Microsoft launched a new consumer offensive Wednesday, unveiling a high-end computer that challenges the Apple iMac along with an updated Windows operating system that showcases three-dimensional content and "mixed reality."

Making it easier to collaborate on code

October 26, 2016

Git is an open-source system with a polarizing reputation among programmers. It's a powerful tool to help developers track changes to code, but many view it as prohibitively difficult to use.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.