WASHINGTON — Federal agents over the weekend secretly seized control of two computer networks that hackers used to steal millions of dollars from unsuspecting victims. In doing so, the Justice Department disrupted the circulation of two of the world’s most pernicious viruses and turned a 30-year-old Russian computer hacker into a most-wanted fugitive.
The strike, coordinated with the European authorities, was aimed at malware called GameOver Zeus, which is known to steal bank information and send it to overseas hackers, and CryptoLocker, which burrows into computers and encrypts personal data. The hackers then demand a ransom to unlock the files.
“By the time the victims learned that their computers had been infected, it was far too late,” Leslie R. Caldwell, the assistant attorney general in charge of the criminal division, said Monday.
Together, the Justice Department estimates, the two malicious programs have infected between 500,000 and a million computers and cost people more than $100 million in direct and indirect losses.
Authorities had been investigating the two viruses separately, but along the way, they realized that GameOver Zeus was the main vehicle by which CryptoLocker was spread, the Justice Department said.
They also determined that the operations were run by the same man, whom the Justice Department identified as Evgeniy M. Bogachev, of Anapa, Russia. Investigators were hunting for him even before they knew his name. Inside the F.B.I., he has long been one of the government’s most sought-after individual cybercriminals, through his screen name, Lucky12345.
While both pieces of software are distributed through spam emails, they accomplish different things, each highly damaging.
Once inside a computer, GameOver Zeus quietly tracks each keystroke. When the software detects someone logging into a bank account, it records the password. Armed with that information, hackers log in and drain the account. Often they stole more than $1 million from businesses, prosecutors said, with at least one theft exceeding $6 million.
CryptoLocker spreads through emails that look like they are from legitimate businesses, including fake tracking notices from FedEx and U.P.S. Once inside a network, such as a company’s computer system, the virus can spread from one computer to the next. As it spreads, the software locks up computer files behind unbreakable encryption, then demands hundreds of dollars in exchange for the code that unlocks it.