Dridex wielding duo sent down by NCA

News by Max Metzger

A pair of Moldovan nationals have been given a combined sentence of over a decade for laundering the ill-gotten gains of the Dridex trojan

A pair of criminals who laundered millions stolen using the infamous banking trojan Dridex have been sentenced to over a decade of prison time.

Two Romanian citizens, Pavel Gincota, 32 and Ion Turcan, 35,  ran a Dridex and money laundering operation out of their suburban London home before they were arrested after an investigation  by both the National Crime Agency (NCA) and the Metropolitan Police Service (MPS). The pair apparently laundered £2.5 million of profits through more than 220 bank accounts.

Dridex has claimed its share of victims over the years although focused on companies rather than individuals. Like so many pieces of malware, the virus is commonly sent through phishing emails and malicious attached documents. Upon infection the trojan records the banking details of its victims before sending them back to it's masters whereupon they can exploit victims' bank accounts. The NCA claimed last year that up to £20 million had been stolen using the Trojan just from the UK.

Its author, Andrey Ghinkul, also known as Smilex, was arrested last year. That clearly has not stopped the prolific trojan as researchers have spotted new strains attempting to access crypto-currency wallets.

Gincota and Turcan were arrested by the MPS in February 2015 for possession of numerous false identity documents. It was soon discovered that the NCA wasalso investigating the two after being notified of a Dridex infection.

That initial charge grew when, upon a search of Gincota and Turcan's home in Yiewsley West Drayton, officers found even more false documents and electronic devices which, after forensic examination by the NCA, were shown to possess not only the Dridex Trojan but software used to launder their ill-gotten gains.

Both plead guilty to conspiracy to possess false identification and conspiracy to launder money charges. Gincota also was charged with a money laundering offence.

They were sentenced on 4 October at the Old Bailey.  Gincota received five years and eight months and Turcan received seven years.  

Graham Mann, MD Encode Group UK told SCMagazineUK.com that “whilst these sentences are to be applauded, there's no room for complacency. The relative ease with which such criminals operate speaks volumes to the problem. As financial institutions continue to deliver their services online the opportunity for criminal activity grows exponentially.“

Mann added, “Hats off to the NCA but this is unfortunately little more than a token victory in the cyber-war, a war we are losing.”

Over the last several years the world of orthodox criminality has been moving online. Last year, and for the first time, cyber-crime overtook physical crime in the UK, marking a stark new landscape for both lawmakers and lawbreakers.  A report from the University of Cambridge showed that 64 percent of cyber-criminals had convictions for previous, ‘real world' crimes.

“Whilst technology has enabled so many great things in business such as process improvements, global reach and distribution it has also enabled career criminals to expand their armory whilst removing much of the risk associated with organised crime”, Chris Owen, technical lead UK at BeyondTrust told SC.

“If you had the choice of walking into a bank with a gun or sending a couple of e-mails, which would you choose?”, said Owen

Steve Armstrong, MD Logically Secure also gave SC some insight into the reason for this movement, “Traditional criminals are moving their business online because they can simply reach more ‘clients'.  The new tools of the trade are malware frameworks and exploit kits and these are shockingly simple and intuitive to use.  So with everything else moving to online this was inevitable.”

“This was a win,” added Armstrong, “but given the volume of Dridex malware out there these guys have already been replaced by other criminal groups.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews