Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Rise and Fall of the Bayrob Malware Gang (zdnet.com)

Posted by EditorDavid on from the multi-million-dollar-botnet dept.

Three Romanians ran a complicated online fraud operation -- along with a massive malware botnet -- for nine years, reports ZDNet, netting tens of millions of US dollars, but their crime spree is now over. But now they're all facing long prison sentences.

"The three were arrested in late 2016 after the FBI and Symantec had silently stalked their malware servers for years, patiently waiting for the highly skilled group to make mistakes that would leave enough of a breadcrumb trail to follow back to their real identities."

An anonymous Slashdot reader writes: The group started from simple eBay scams [involving non-existent cars and even a fake trucking company] to running one of the most widespread keylogger trojans around. They were considered one of the most advanced groups around, using PGP email and OTR encryption when most hackers were defacing sites under the Anonymous moniker, and using multiple proxy layers to protect their infrastructure. The group operated tens of fake websites, including a Yahoo subsidiary clone, conned and stole money from their own money mules, and were of the first groups to deploy Bitcoin crypto-mining malware on desktops, when Bitcoin could still be mined on PCs.

The Bayrob group was led by one of Romania's top IT students, who went to the dark side and helped create a malware operation that took nine years for US authorities and the FBI to track and eventually take down. Before turning hacker, he was the coach of Romania's national computer science team, although he was still a student, and won numerous awards in programming and CS contests.

54 comments

  1. At least his pension .. by Anonymous Coward · · Score: -1

    .. is secure. More than yours.

  2. Yaaay haxx0rz! by Anonymous Coward · · Score: -1

    Dey b haxxenin! Wif de HAXXXXXXX!!!!1!

    That's another Useful Post from Useful Editor EditorDavid!

  3. Hint for future malware writers... by Anonymous Coward · · Score: 2, Interesting

    hackers, and other criminals:

    Ensure your collegiate performance is dead average, because after this they will be keeping a file on you if you are top 10-25 percent. Better yet don't go to school at all so they won't have a public record of homework submissions they can mine to look for patterns matching up in your malware code either.

    These apply to anyone who teetering on the bring. If you might EVER do a criminal act, you need to start preparing now, because otherwise by the time you do, you won't be able to get away and you will find either imprisoned or permanently conscripted by people you will have even less desire to find yourself working for.

    Gone are both the days of anonymity and the wild west attributes of the internet. The gentrification has begun and soon there will be no shady corners to hide around.

    1. Re:Hint for future malware writers... by nukenerd · · Score: 1

      Bullshit. That's not how they were tracked down. RTFA

  4. Using PGP is now "advanced"? by gweihir · · Score: 5, Informative

    I would have considered that standard procedure. At work, it is completely standard for anything confidential.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Using PGP is now "advanced"? by Anonymous Coward · · Score: 0

      I would have considered that standard procedure. At work, it is completely standard for anything confidential.

      I was thinking the same thing. Actually it was more like "Son, I was using PGP before you were a sperm in your Dads left nut."

      Still remember Phil Z. speaking at DEFCON 11, over fifteen years ago. Funny guy. Humor helped make up for the logistical nightmare that was the Alexis Park Hotel.

    2. Re:Using PGP is now "advanced"? by houghi · · Score: 1

      None of the places I have worked uses pgp. And how many public anouncements have you seen that have a pgp signature?

      Most companies think 'zip' is encryption.

      --
      Don't fight for your country, if your country does not fight for you.
    3. Re:Using PGP is now "advanced"? by Anonymous Coward · · Score: 1

      None of the places I have worked uses pgp. And how many public anouncements have you seen that have a pgp signature?

      Most companies think 'zip' is encryption.

      To be fair, most people are idiots when it comes to crypto or security. That said, popular zip programs have 256-bit AES encryption, and since I'm forced to use encryption schemas that are FIPS compliant, it qualifies.

      I've deployed PGP twice now in two different companies. Not just PGP desktop either. Those who aren't idiots understand the value-add, and in one case, we were asked to by our customer who wisely wanted to communicate securely.

    4. Re:Using PGP is now "advanced"? by Anonymous Coward · · Score: 0

      Not only that, they go through SEVEN PROXIES!!!

    5. Re:Using PGP is now "advanced"? by houghi · · Score: 2

      Persons are smart, people are stupid. That has nothing to do with crypto or security. There is plenty I have no clue about. One of the issues with security is calling the users stupid and idiots, instead of seeing what is possible to do what is needed.

      However instead of adding GPG as an opt out in email and shoving that down peoples throat, the IT people rather had topposting and HTML as a priority.

      PGP (and GPG) could have been a standard in email a LONG time ago. How many emails do you get from companies that include one? I have not gotten one. Just a nice HTML with links to hopefully their website and some general information how they care about my security.

      They (google) are forcing HTTPS down our throat, because then the competition is a bit easier blocked. Not so with email, because then they can't read it.

      Security is low on the priority ladder and if thingsgo wrong, the victim gets blamed. Mopst "security measurements" are just there as to reflect responsability. "You used the same letter as in one of your other 200 passwords. You are at fault." Could as well said that I am guilty, because I wore aa short skirt.

      Please understand this is not directed at you, but at IT in general. Too few try to do the right thing and understand that the end user is part of the system, not just something outside of it.

      --
      Don't fight for your country, if your country does not fight for you.
    6. Re:Using PGP is now "advanced"? by Anonymous Coward · · Score: 0

      No.
      "A person is smart. People are dumb, panicky and dangerous animals, and you know it!" - Agent K "Men In Black"

    7. Re:Using PGP is now "advanced"? by Anonymous Coward · · Score: 0

      I remember Phil Z. speaking in '95

    8. Re:Using PGP is now "advanced"? by gweihir · · Score: 1

      Not everybody is terminally incompetent with regards to security. But many are, sure. That does not make competent use "advanced" though.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    9. Re:Using PGP is now "advanced"? by gweihir · · Score: 1

      The tor "onion" network mode goes through 6 proxies. So what? This is some pretty old state-of-the art.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  5. Romainian == Gypsy by Anonymous Coward · · Score: -1

    "Romanian" is politically correct European euphemism for gypsies. Yes, the same filthy gypsies that you see hanging around airports and train stations in Europe, waiting to steal your luggage, laptop, or pick your pocket. Gypsies are inbred genetic scum, inbreeding century after century to produce the perfect genetic criminal without a trace of empathy for their fellow man. The are unreformable, and adept at every form of criminal activity imaginable: prostitution, gambling, welfare fraud, home services scams, check forgery, and burglary.

    1. Re:Romainian == Gypsy by St.Creed · · Score: 4, Informative

      Loads of Romanians are not part of the ethnic group of gypsies or "Roma". And it's been racists like you who have contributed to a lot of the problems with the ones that are gypsies, or Roma. Members of those groups are doing quite well in a lot of countries. But they are thoroughly marginalized in Romania and other Eastern European countries where they are living below subsistence level and are forced to be criminals just to survive. As this has been going on for centuries, it's become a vicious cycle: they are discriminated against for being criminal when distrust and exile forced them into it in the first place. Or vice versa - who can tell after centuries?

      --
      Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
    2. Re: Romainian == Gypsy by Anonymous Coward · · Score: 0

      Yet they are Aryan.

    3. Re:Romainian == Gypsy by Anonymous Coward · · Score: 1

      "Romanian" is politically correct European euphemism for gypsies. Yes, the same filthy gypsies that you see hanging around airports and train stations in Europe, waiting to steal your luggage, laptop, or pick your pocket. Gypsies are inbred genetic scum, inbreeding century after century to produce the perfect genetic criminal without a trace of empathy for their fellow man. The are unreformable, and adept at every form of criminal activity imaginable: prostitution, gambling, welfare fraud, home services scams, check forgery, and burglary.

      No, you are wrong. Gipsys is more of a life style, a culture and a tradition. There are gipsies in many countries. Romanian people are not gipsies. Gipsies are a minority in Romanian, and the the Romanians don't like them anymore than you do.

      The Bayrob gang are an elite group of Romanians, they are not gipsies. Gipsies could never accomplish what these Romanians have.

    4. Re:Romainian == Gypsy by Applehu+Akbar · · Score: 4, Interesting

      The Roma name was applied when they were falsely thought to have originated in Romania. Though at the time, during the Cold War, that nation was unable to object, today's Romania wants no more to do with them than does any other part of Europe.

      The English word comes from an even earlier era, when they were falsely thought to have come from Egypt.

    5. Re:Romainian == Gypsy by Anonymous Coward · · Score: 0

      Let us deconstruct this:

      "Romanian" is ...

      Go to a dictionary:

      Romanian = citizen of the country of Romania
      Romany = gypsy, gypsies

      Yes, there are Romanian Romany. But there are Romany with many other nationalities as well.

      ...politically correct...

      No, neither correct, nor politically correct.

      ...European euphemism ...

      WTF is an "European euphemism"? Last time I checked Europe consisted of 50 sovereign states with at least that many official languages. Although some may share some elements of language, there is no such thing as "European euphemism". So no, plain no.

      ...for gypsies. [rest of rant deleted]

      Aaaand now you show that you just are a plain racist troll. Why don't you go and hide under a stone where you belong.

    6. Re:Romainian == Gypsy by Anonymous Coward · · Score: 0

      Romania = Land of the Romans because Romania was a former Roman province (aka Dacia)
      Roma, aka Romany gypsies = A tribe of migratory people that came from India's Roma province, also known as Sinti.

      Do you see the difference, you fucking ignorant racist?

      Furthermore, gypsies only account for 5% of the Romanian population, and they're far more gypsies in Hungary, the former Yugoslav states, and Bulgaria.

      Mr. Internet tough guy! Can't even Google some shit before insulting people.

    7. Re:Romainian == Gypsy by Anonymous Coward · · Score: 1, Interesting

      are forced to be criminals just to survive.

      Its a choice, Finland ran a small experiment on them giving them jobs; utter failure, they didn't show up for work after a few days

    8. Re:Romainian == Gypsy by cbraescu1 · · Score: 4, Informative

      Members of those groups are doing quite well in a lot of countries.

      LOL! Please tell me 2/two countries where Gypsies integrated / "do quite well" by any standard. That means the majority of the population taking a job, going through the education system, etc.

      But they are thoroughly marginalized in Romania and other Eastern European countries where they are living below subsistence level and are forced to be criminals just to survive

      Nobody is forcing anyone in Eastern Europe to be criminal, that's a ridiculous claim. So many Gypsies in Eastern Europe live in poverty because those countries are, by European Union standards, quite poor themselves. A lot of people there live in poverty - some of them are Gypsies.

      --
      Catalin Braescu
      Ofaly.com
    9. Re:Romainian == Gypsy by Anonymous Coward · · Score: -1

      In my country gypsies finding it easier to live from expedients, selling stuff or trying to get handouts from the government than working.

      Nevertheless, we are a very *LIBERAL* country. In here, the problem was not Roma/Gipsy discrimination was just they never wanted to integrate, and are set on their ways.

      Just recently they started taking their children to hospitals and to vaccination programs because otherwise the government handouts are cut.

    10. Re:Romainian == Gypsy by Anonymous Coward · · Score: 0

      so you pick a story about a romanian crime syndicate to make this stand? are you retarded? I'm not using it as a slur. I'm asking if you have a major learning disability that prevents you from seeing how dumb of a location you have chosen to make your stand

    11. Re:Romainian == Gypsy by nukenerd · · Score: 1

      "Romanian" is politically correct European euphemism for gypsies.

      Not in the UK. Here the euphemism is "The travelling community" even though they only travel when they are moved on by a court order. I say "euphemism", but the word "community" is now so over-used for any crap that it acts negatively with me, but perhaps that's just me. I believe the gypsies (the true ones, not general drop-outs), call themselves "Romany".

    12. Re:Romainian == Gypsy by Anonymous Coward · · Score: 0

      Well, Sweden elected a gypsy to the EU Parliament, offcourse i wouldnt call her integrated since she married off her underage daughter due to clan-politics, amongst other sordid affairs. Tho scandals and politicians go hand in hand, so one could call that a success story!

    13. Re:Romainian == Gypsy by Anonymous Coward · · Score: 0

      Shit, and here I thought pikeys came from Ireland.

    14. Re:Romainian == Gypsy by Anonymous Coward · · Score: 1

      lies, gypsies are integrated in 2 countries

      imaginary country 1
      and
      imaginary country 2

      pd, fuck gypsies

    15. Re:Romainian == Gypsy by St.Creed · · Score: 1

      So many Gypsies in Eastern Europe live in poverty because those countries are, by European Union standards, quite poor themselves.

      That is a common misunderstanding, touted by the government and other parties responsible, to excuse their own behaviour.

      "The World Bank report indicates that Roma in Romania are "poor, vulnerable and socially excluded" (28 Feb. 2014, 5). A report produced by the European Union Agency for Fundamental Rights (FRA) and the United Nations Development Program (UNDP) that "draws on the results of the UNDP/World Bank/ European Commission regional Roma 2011 survey [4]", reports that approximately 81 percent of Roma are at risk of poverty compared to approximately 41 percent of non-Roma (EU and UN 2012, 24).

      The US Department of State's Country Reports on Human Rights Practices for 2014 indicates that Roma face systemic discrimination by society, which affects them in the areas of education, housing, health and employment (US 29 June 2015, 1).

      Amnesty International (AI) reports that the actions or lack of actions by local authorities have resulted in segregation of Roma on a wide scale (18 June 2013). Lunca states that "policy makers have not hesitated to enforce social exclusion by physically separating the Roma from the rest of the population" (FXB Center 8 Apr. 2015).

      Sources report that there is systemic segregation of Roma children in the area of education (ERRC 16 Feb. 2012; WHO 2013, 2). The European Commission indicates that 26 percent of Roma encountered segregation in mainstream schools (EU 2 Apr. 2014, 3)."

      The list goes on.

      Source: https://www.refworld.org/docid...

      --
      Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
    16. Re:Romainian == Gypsy by St.Creed · · Score: 1

      Ah yes. Nice of you to leave out her name. But here is the more detailed information: https://en.wikipedia.org/wiki/...
      Readers here can now verify your claims.

      --
      Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
    17. Re:Romainian == Gypsy by CronoCloud · · Score: 1

      Most "Travellers" in the UK are probably Irish Travellers, not Romany "gypsies".

    18. Re:Romainian == Gypsy by denzacar · · Score: 1

      Nobody is forcing anyone in Eastern Europe to be criminal, that's a ridiculous claim. So many Gypsies in Eastern Europe live in poverty because those countries are, by European Union standards, quite poor themselves. A lot of people there live in poverty - some of them are Gypsies.

      Poverty IS the major cause of crime.
      There's no better proof of that than observing exact same practices as done by the poor and by the rich.
      In the case of the poor it's a crime.
      In the case of the rich, at worst it's a "legal issue". At best it's "aggressive and shrewd business practice".

      And that's disregarding the epigenetic burden of generations of poverty (all them fun diseases that weren't really a burden on poor people before all food became cheap processed carbs and fats), inherited psychological trauma and downright segregational injury one might "luck into" by choosing to be born poor.
      Particularly when choosing to be born into a poor country where such health issues will tend to be ignored, untreated or too expensive to treat - for much longer than in the rich countries.

      Which is where you should look for that "forcing".
      Much like with those stereotypes of belligerent Irish drunkards and criminals - the real cause for prejudice may actually be older prejudice from centuries ago.

      --
      Mit der Dummheit kämpfen Götter selbst vergebens
    19. Re:Romainian == Gypsy by Anonymous Coward · · Score: 0

      Long time lurker, first time poster.

      I have a question. Who modded this "informative"???? The poster has absolutely no idea what he's talking about, probably grew up with a silver spoon in his mouth and had ZERO interactions with gypsies from Eastern Europe. His perspective seems very skewed, probably because of the high horse he's on.

      Help me understand here. Is he considered "informative" because of the virtue signalling and using terms like "racist" to describe someone who's opinion (based on actual lived experiences) differs from his?

      Source for the confusion I'm experiencing: I actually lived in Eastern Europe surrounded by gypsies. Took me about 30 years to get away from there. The only correct thing in the parent post is the first sentence.

    20. Re:Romainian == Gypsy by Anonymous Coward · · Score: 0

      Loads of Romanians are not part of the ethnic group of gypsies or "Roma". And it's been racists like you who have contributed to a lot of the problems with the ones that are gypsies, or Roma. Members of those groups are doing quite well in a lot of countries. But they are thoroughly marginalized in Romania and other Eastern European countries where they are living below subsistence level and are forced to be criminals just to survive. As this has been going on for centuries, it's become a vicious cycle: they are discriminated against for being criminal when distrust and exile forced them into it in the first place. Or vice versa - who can tell after centuries?

      Who cares! The kid had a bright future he went the wrong path, end of story. How and why everyone brings in race and ethnicity!!

    21. Re:Romainian == Gypsy by GbrDead · · Score: 1

      Absolutely wrong. "Roma" in their own language means "men". The word has nothing to do with the city of Rome/Roma (where Romania's name comes from) - it is just a coincidence.

    22. Re:Romainian == Gypsy by Anonymous Coward · · Score: 0

      And the First Lady??? Hmmmmm?

    23. Re:Romainian == Gypsy by war4peace · · Score: 2

      Disclaimer: Romanian here.
      It's more complicated than this. It is true that Gypsies have been marginalized for a long time. It's not really clear whether the marginalization is a cause or an effect. After studying the subject for quite some time, I am inclined to say it's both - kind of like egg-versus-hen. Nobody could tell which was first.

      The bigger problem is that efforts to integrate Gypsies have failed. Particular success cases do exist, but all of them (from what I have researched) are based on a genuine desire of the subject(s) to integrate into civilized society. Western societies tend to cover both habits/traditions and integration challenges under the same blanket, which is wrong. Let me explain.

      While it's true that it's more difficult for a Gypsy person to leave poverty behind them, this has nothing to do with their unwillingness to shed bad habits. Speaking loudly in public in their own languages, littering all over the place, listening to loud (bad) music, behaving in primitive ways, being verbally and physically aggressive towards other people, being dirty, urinating in public, disrespecting neighbors - all these can't be explained by "I am poor and marginalized". A 50 cent soap is much cheaper than a thousand dollar phone blaring "manele" (https://en.wikipedia.org/wiki/Manele) or the thick, genuine gold-made necklace. When you build a million-dollar house which has no running water or toilet and keep your horses and carriages in the yard, poverty is no excuse.

      Check these Gypsy house images below from the village of Buzescu, Romania:
      https://www.google.com/search?...

      And then tell me they are poor and marginalized. And no, this village is not an exception, it's just the most prominently-displayed.

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    24. Re:Romainian == Gypsy by Anonymous Coward · · Score: 1

      As much as I despise most of Hitler's agenda, he was right about the gypsies. Gypsies deserve to be thrown into the gas chambers and then incinerated. Gypsies cause nothing but pain and misery for non-gypsies. And gypsies are non-reformable. Given the choice of honest work or grifting, and gypsy will always choose grifting. I can say nothing good about a gypsy. Nothing.

    25. Re:Romainian == Gypsy by Anonymous Coward · · Score: 0

      Roma are scum. "Amnesty International" is no longer legit. It is a Soros funded mouthpiece for rabid socialism. Notice how Amnesty International says NOTHING about persecutions in Muslim countries? Women in Iran are given 30 year prison sentences for refusing to wear a hijab. Christians in Pakistan are routinely murdered for their faith. Muslims indulge in also sorts of horrors from decapitations to honor killings of innocent girls. All in the name of Allah. And yet Amnesty International is completely silent. Crickets chirping. Amnesty International has become in a complete fraud, ignoring horrible violations of Human Rights worldwide. If you violate human rights, and are a member of one off George Soros's favored groups, you will get a free pass.

    26. Re:Romainian == Gypsy by Anonymous Coward · · Score: 0

      Irish travellers are scum too.

  6. They need punished by Anonymous Coward · · Score: 0

    1 finger removed per year of operation. Ill even be kind and let them choose which digit they get to keep.

    1. Re: They need punished by Anonymous Coward · · Score: 0

      Hello Mr Bin Salman, isn't Slashdot blocked in Wahabbi Occupied Hijaz?

    2. Re: They need punished by Anonymous Coward · · Score: 0

      Current legal systems are ineffective,

      Commit a crime, you get your board and food free even a gym membership. And your given the opportunity and learn new tricks from your fellow inmate... how is this a disincentive? Answer It is not. .

      This is not punishment.

      Criminals need punishment, directly related to how much harm they caused.. 9 years and millions hurt.... that's a lot of punishment needed

    3. Re: They need punished by Anonymous Coward · · Score: 0

      How much is "a lot"? How much would be enough by your standards? How much punishmet should you get for being on /. during working hours?

    4. Re: They need punished by Anonymous Coward · · Score: 0

      How much punishment should you get for being a blithering retard ignorant of time zones?

  7. If they empasized on the darker side... by Anonymous Coward · · Score: 0

    ... Romania's got talent would be an epic show

  8. Greed or Why We Can't Have Nice things by Anonymous Coward · · Score: 0

    Make Greed Great Again.

  9. Re: Hint for future conspiracy theorists... by Anonymous Coward · · Score: -1

    Sounds like another crazy h@X0r conspiracy theory to me. The FBI is full of crazy conspiracy theories these days. Russians, Romanians, Al-Qaeda in Outer Space... whatever. Yet they ignore irrefutable scientific facts like AE911Truth Org

  10. Lesson learned by coofercat · · Score: 1

    Okay, so don't do criminal shit for 9 years. Better cut it short at 5 years. Okay, got it.

    In other words, like all crime* - be unexpected, be awesome at it, and do it well enough that you have so much money you never need to do it again.

    * Doesn't include stock trading, banking, insurance - the rules are different there.

  11. The word "Bayrob" in Romanian means... by Anonymous Coward · · Score: 0

    "Bayrob" in English, according to Google Translate.

    So that explains the name.

    1. Re:The word "Bayrob" in Romanian means... by Oswald+McWeany · · Score: 1

      "Bayrob" in English, according to Google Translate.

      So that explains the name.

      Bayrob was founded by a guy named Rob, who liked to sit at the bay.

      --
      "That's the way to do it" - Punch
    2. Re: The word "Bayrob" in Romanian means... by Anonymous Coward · · Score: 0

      sit or shit ?

  12. Re: Hint for future conspiracy theorists... by Anonymous Coward · · Score: 0

    That's nuthin. Congress, the Supreme Court, the White House, the CIA, FBI, NSA and FDA all refuse to investigate the flat-earth deniers. Your tax dollars at work my friend.