Kazanjyan and Konovalov accused of creating complex transnational cybercrime network
Story with the arrest of two Tbilisi residents, Alexander Konovolov and Marat Kazanjyan, accused of creating a "complex transnational organized cybercriminal network", is still unfolding in Georgia. According to the Prosecutor General’s Office and the Ministry of Internal Affairs, Alexander Konovalov, who lives with his mother in the poorest district of Georgian capital, Varketili, has managed to create an international network of hackers that have stolen about $100 million from users of internet banking services.
Konovalov’s right hand is Marat Kazanjyan, who was also arrested and sent to the Gldani detention center. In total, the group consisted of dozens of people living in several states, including Russia, Ukraine, Moldavia and Bulgaria. Some were exposed and brought to justice in 2016-2019, but leaders of this group managed to escape justice all this time. Perhaps it's because no one knew Alexander Konovolov and Marat Kazanjyan personally. They started to talk to people online and chatting with colleagues under pseudonyms None1 and Phantom.
According to the Georgian Ministry of Internal Affairs, the damage done by Konovalov’s group to a number of Western banks is so significant that the FBI has instructed the most experienced and qualified specialists to search for them. Suddenly, traces led to a poorly furnished apartment with no signs of luxury in Varketili.
Technology used by criminals is simple: Konovalov and Kazanjyan, with the help of accomplices, used “Trojan” program called Goznym, which was sent to millions of computers around the world, and then global network of hackers began so-called fishing, stealing logins and passwords of internet banking services from tens of thousands of bank account holders. With the help of stolen data, criminals transferred money to fake accounts, and then cashed them through US banks. In total, over 41,000 people worldwide - from Canada to Australia - fell victims to criminals.
What led to Konovolov and Kazandzhyan is associated with events of 2016, when the FBI and European intelligence services got the first clue: one of participants of this global network of hackers was arrested in Bulgaria. He was immediately extradited to the United States. He said he would love to tell the true names of None1 and Phantom, but he simply didn't know them. However, American investigators were able to use information he gave to obtain important data that led experts to Tbilisi.
Konovolov and Kazanjyan were sentenced to preliminary detention by the Tbilisi court. They are charged under four different articles of the Criminal Code of Georgia. Both deny their guilt. They know that they won't be extradited them to the United States, since Georgian legislation prohibits extradition of citizens to another state.
Residents of Georgia are beginning to understand why many of them have received messages from their banks over the past few months about the need to be especially vigilant about risk of hacker attacks on bank accounts. Apparently, management of the largest Georgian banks already knew that traces of transnational organized cybercriminal network lead to Georgia.