Two Romanian residents are about to face prison time for a particularly large digital crime spree. A federal jury has found Radu Miclaus and Bogdan Nicolescu guilty for a scheme that stole credit card data and other sensitive info by hijacking over 400,000 computers located primarily in the US. The duo reportedly developed custom malware in 2007 that would pose as a legitimate organization (such as the IRS, Norton or Western Union) and infect PCs when users opened an attachment. From then on, the perpetrators stole data and money by injecting fake websites (such as bogus eBay auctions), mining cryptocurrency in the background and amassing contact information that could be used to infect more targets.
The malware would also turn off antivirus protection, and even blocked users from visiting law enforcement websites.
The crooks made off with "millions of dollars," according to the Department of Justice.
Sentencing isn't due to take place until August 14th, but the penalties could be stiff. Miclaus and Nicolescu were convicted of 21 counts that included wire fraud, identity theft, money laundering and counterfeit service mark trafficking. Although it's doubtful this will do much to deter other online thieves, it's a notable victory when many foreign cybercriminals are unlikely to face punishment.