The FBI Cyber’s Most Wanted list contains 73 entries including individuals, government-affiliated organisations and organised crime groups from around the world including Russia, Ukraine, China, Iran and Sweden.
We look at the different types of cases pursued by the FBI, and the main cybercrime types targeted.
Key cyber activities
Specific cyber activities that these fugitives are wanted for include:
- The installation of malicious software disseminated through phishing emails, used to capture victims’ online banking credentials and steal money from their accounts.
- Bank fraud.
- Computer fraud.
- Identity theft.
- Money laundering.
- Trade secret theft.
- Economic espionage.
- Creation of false social media profiles and spreading disinformation.
- Wire fraud.
- Distributed denial of service attacks.
In one case, four Chinese nationals were members of the 54th Research Institute, a component of the People’s Liberation Army, the armed forces of the People’s Republic of China.
It is alleged that these individuals hacked into the protected computers of a major U.S. consumer credit reporting agency, obtaining sensitive identifying information for nearly half of all American citizens and personally identifiable information belonging to nearly a million citizens of the United Kingdom and Canada.
Another group worked for a Chinese science and technology development company and acted in association with the Chinese Ministry of State Security. The group is alleged to have conducted global intrusions into computer systems aiming to steal intellectual property, confidential business and technological information from more than 45 commercial and defence technology companies located in at least 12 countries including Brazil, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland, the United Arab Emirates, the United Kingdom, and the United States.
There are multiple cases involving Russian military intelligence officers charged with a computer hacking conspiracy involving gaining unauthorised access into the computers of U.S. persons and entities involved in the 2016 U.S. presidential election, stealing documents from those computers, and staging releases of the stolen documents to interfere with the 2016 U.S. presidential election.
A number of cases involved Iranian cyber actors working on behalf of the Islamic Revolutionary Guard Corps (IGRC), conspiring to commit computer intrusions targeting United States Government Agents. This involved using malicious code, fictitious and imposter online personas and accounts to gain unauthorised access to protected computer networks.
In another case, a group of seven individuals who worked for private security computer companies in Iran conspired to conduct a coordinated campaign of distributed denial of service attacks against the United States financial sector and other U.S. companies. They performed work on behalf of the Iranian Government, including the Islamic Revolutionary Guard Corps.
Individual cyber actors and organised crime groups
Multiple individuals from around the world are wanted by the FBI for their involvement with computer malware that infected tens of thousands of computers in both North America and Europe, resulting in financial losses in the tens of millions of dollars.
While individual cyber actors are wanted by the FBI, in many cases it is apparent that there are links between fugitives on the list who have collaborated in a criminal enterprise. Those involved at all levels of the criminal activity are wanted by the FBI, from leaders of malware conspiracies who oversaw and managed the development, maintenance, distribution, and infection of the malware, to people in supporting roles involving system administration, management of internal control panels, and oversight of the botnet operations.
In one case, two Swedish cybercriminals worked together to cause internet users in more than 60 countries to purchase more than one million bogus software products, resulting in consumer loss of more than $100 million. This involved deceiving internet users into believing that their computers were infected with “malware” or had other critical errors in order to encourage them to purchase “scareware” software products that had limited or no ability to remedy the purported defects.
In another case, two Iranian nationals are wanted for allegedly launching ransomware attacks which encrypted hundreds of computer networks in the United States and other countries. To date, the criminal enterprise has received over $6 million in ransom payments from victims across several sectors, including critical infrastructure, healthcare, transportation, and state/ local governments.