Bulgarian man pleads not guilty in US cybercrime case

December 22, 2016 by Joe Mandak

A Bulgarian man pleaded not guilty Thursday to federal charges that he used sophisticated malware designed to steal banking credentials and other confidential information from infected computers of two western Pennsylvania companies and two California firms.

The U.S. Attorney's Office in Pittsburgh alleges Krasimir Nikolov, 44, of Varna, Bulgaria, gained access to online bank accounts by transmitting malware over Avalanche, a worldwide cybercrime network dismantled last month by federal and foreign authorities. Nikolov is one of at least five people arrested so far worldwide in the Avalanche investigation.

He appeared for arraignment Thursday on charges of conspiracy, unauthorized access of a computer to obtain financial information, and four counts of bank fraud. Although he speaks some English, he was aided by a translator. He also waived his right to a detention hearing, meaning he'll remain jailed until he stands trial.

Prosecutors allege in an indictment that Nikolov gained access to the of Nord-Lock Inc. in Carnegie and Protech Asphalt Maintenance of New Castle, as well as a golf equipment company in San Diego and a furniture company in Chula Vista, California.

They say he tried to transfer $378,500 from Nord-Lock's PNC Bank account to a bank in Bulgaria, but the company caught onto the scheme and notified PNC Bank, which recalled the transfer so the company didn't lose any money. Similar attempts to transfer $243,000 from Protech's accounts, in February and April also failed, prosecutors allege.

The indictment also says Nikolov unsuccessfully attempted to transfer $118,000 from the accounts of Foresight Sports, the San Diego company, in May, and nearly $738,000 from California Furniture Collections' in Chula Vista from March to May.

In each instance, the companies' computers were infected when an employee clicked on a link or opened an attachment in an email that was designed to look like a legitimate business communication.

Defense attorney Stephen Begler said after the arraignment that it's "too early to determine what course we're going to take" in defending against the charges.

"I'm hoping they have the right guy for their sake," Begler said, referring to federal authorities. "They went all the way to Bulgaria to get him."

The Avalanche takedown was announced Dec. 1 in Europe before federal prosecutors in Pittsburgh revealed the ties to western Pennsylvania at an FBI news conference a few days later. Acting U.S. Attorney Soo Song said Avalanche participants like Nikolov infected at least 500,000 business and personal computers in nearly 190 countries and caused hundreds of millions of dollars in losses since 2010.

The European Union police agency said the sweep was "unprecedented in its scale" and included the seizure of 39 computer servers and hundreds of thousands of internet domains used by Avalanche. The takedown remained secret for months before it was revealed by law enforcement.

Nikolov was indicted under seal in October. The indictment was unsealed Dec. 13.

Explore further: Prosecutor's office paid bitcoin ransom in cyberattack

Related Stories

Prosecutor's office paid bitcoin ransom in cyberattack

December 5, 2016

A state prosecutor's office in Pennsylvania was among hundreds of thousands of victims of a now-shuttered international cybercrime operation, paying nearly $1,400 in a bitcoin ransom to free up its infected computer network, ...

European man held until hearing in phishing scam

February 27, 2016

An Eastern European man was ordered held Friday until a detention hearing on charges he ran an international email phishing scheme that enabled him and others to steal banking information from U.S. companies.

Moldovan phishing scheme took $3.5M from drilling accounts

October 14, 2015

A man from the eastern European country of Moldova ran an email phishing scheme that enabled him and others to steal banking information from U.S. companies, including $3.5 million taken from the accounts of a western Pennsylvania ...

Global police smash huge online crime network (Update)

December 1, 2016

In one of the biggest takedowns to date, police across the globe have smashed a massive criminal network providing online services including malware attacks that infected half a million computers worldwide, Europol said Thursday.

Recommended for you

The wet road to fast and stable batteries

December 14, 2017

An international team of scientists—including several researchers from the U.S. Department of Energy's (DOE) Argonne National Laboratory—has discovered an anode battery material with superfast charging and stable operation ...

US faces moment of truth on 'net neutrality'

December 14, 2017

The acrimonious battle over "net neutrality" in America comes to a head Thursday with a US agency set to vote to roll back rules enacted two years earlier aimed at preventing a "two-speed" internet.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.