A ‘Game of Thrones’ thief and a dam hacker: These are the FBI’s 41 most-wanted cyber criminals

The FBI's most wanted cybercriminals.

caption
The FBI’s most wanted cybercriminals.
source
Jenny Cheng/Business Insider

The FBI has 41 suspects on its “Cyber’s Most Wanted” page, an identity parade of some of the most skilled hackers in the world.

Their crimes range from state-sponsored espionage to holding episodes of “Game of Thrones,” and even hacking into a US dam. Although it is a distinct possibility that the hacker got the wrong dam.

Scroll on to read more about each of the suspects and the crimes they committed. They are not ranked in any particular order.


Behzad Mesri, held HBO to ransom

caption
Behzad Mesri.
source
FBI

Mesri is an Iran-based hacker otherwise known as “Skote Vahshat” who allegedly hacked HBO’s “Game of Thrones” and obtained unaired episodes, scripts, and plot outlines. He demanded a ransom of $6 million in Bitcoin. He also stole unaired episodes of “Ballers,” “Curb Your Enthusiasm,” and “The Deuce.”


Danial Jeloudar, stole a vast amount of credit card numbers

caption
Danial Jeloudar.
source
FBI

Jeloudar is wanted for identity theft and fraud after he and his associate, Arash Amiri Abedian, allegedly used malware to steal a vast amount of credit card numbers and other personal information, and then used that information to extort money, goods, and services from victims.

Jeloudar tried to extort a California-based online merchant, threatening to disclose its customers’ credit card details and other personal information unless it made him a payment in Bitcoin.


Arash Amiri Abedian, stole and passed on bank details

caption
Arash Amiri Abedian.
source
FBI

Along with Danial Jeloudar, Abedian is wanted for alleged identity theft and fraud. Between 2011 and 2016, Abedian used malware to capture people’s credit card details and other personal information.

In February 2012, Abedian sent Jeloudar approximately 30,000 names and numbers, which he said were unauthorized credit card numbers and associated information.


Gholamreza Rafatnejad, founded a company of state-backed hackers

caption
Gholamreza Rafatnejad.
source
FBI

One of the founding “Iranian Mabna Hackers,” Rafatnejad is wanted for alleged state-sponsored cyber-theft. The hackers stole more than 30 terabytes of US academic data and intellectual property over a hacking campaign that lasted more than four years. Rafatnejad allegedly organized the hacking effort, while also coordinating with Iran’s Islamic Revolutionary Guard Corps.


Ehsan Mohammadi, Mabna’s managing director

caption
Ehsan Mohammadi.
source
FBI

Along with Gholamreza Rafatnejad, Mohammadi is alleged to have co-founded the Mabna Institute in 2013, and served as Mabna’s managing director.


The employee hackers of Mabna

source
FBI

Seven men were indicted either as contractors or associates of the Mabna Institute. They are: Seyed Ali Mirkarimi, Abdollah Karima, Mostafa Sadeghi, Sajjad Tahmasebi, Mohammed Reza Sabahi, Roozbeh Sabahi, and Abuzar Gohari Moqadam.


Mohammad Saeed Ajily, stole rocket software

caption
Mohammad Saeed Ajily.
source
FBI

Ajily is wanted for allegedly hacking into a United States government-cleared defense contractor in Vermont, known for making software which supports aerodynamics analysis and design for projectiles. Ajily has allegedly sold the stolen software to Iranian entities, including universities, military, and government entities.


Mohammad Reza Rezakhah, hacked the US munitions list

caption
Mohammad Reza Rezakhah.
source
FBI

Wanted along with Mohammad Saeed Ajily, Rezakhah allegedly stole software from US firms at Ajily’s behest. He is accused of having stolen software deemed a “defense article” on the US Munitions List in October 2012.


Alexsey Belan, recruited by Russian intelligence to hack Yahoo

caption
Alexsey Belan.
source
FBI

Indicted three times for crimes relating to computer intrusions, the FBI offers a reward of up to $100,000 for information leading to the arrest of Latvian-born hacker Alexey Belan.

In 2017, he was indicted for his alleged involvement in a vast a cyber intrusion conspiracy. He is alleged to have stolen subscriber information from at least 500 million Yahoo accounts. He was supposedly paid to do so by two Russian Federal Security Service officers.

His online pseudonyms include “Abyrvaig,” “Fedyunya,” “Magg,” “M4G,” “Moy.Yawik,” and “Quarker.”


Dmitry Aleksandrovich Dokuchaev and Igor Anatolyevich Sushchin, recruited hackers for Russian intelligence

caption
Dmitry Aleksandrovich Dokuchaev (left) and Igor Anatolyevich Sushchin (right).
source
FBI

Dokuchaev and Sushchin allegedly hired the hacker Alexey Belan, as well as Karim Baratov who was arrested in Canada, to obtain information from at least 500 million Yahoo accounts. The pair directed the conspiracy from about April 2014 up to at least December 2016.


Evgeniy Mikhailovich Bogachev, a.k.a. “Slavik,” the biggest name in cybercrime

caption
Evgeniy Mikhailovich Bogachev.
source
FBI

For years no one knew who the man behind the screen-name “Slavik,” was. Dubbed “Russia’s most notorious hacker” by Wired, Bogachev invented malware named “Zeus,” which the FBI started investigating in 2009. “Zeus” was used to capture bank account numbers and passwords.

A modified version of “Zeus” called “GameOver Zeus” infected over a million computers and was used to steal over $100 million. Bogachev also used “GameOver Zeus” to infiltrate Ukrainian computers for politically sensitive information at the time of the Russian annexation of Crimea.

In 2012, Bogachev was indicted under the screen-name “lucky12345,” and finally he was indicted under his true name in 2014. There is a bounty of up to $3 million for information relating to Bogachev. The FBI also notes that he is, “known to enjoy boating.”


The “Jabberzeus” gang, Slavik’s disciples

caption
The “Jabber Zeus” gang.
source
FBI

All young men in their twenties, Klepikov, Bron, and Penchukov were a group in Evgeniy Bogachev’s (Slavik’s) inner ring of organised cyber-crime.

A variant of Bogachev’s infamous “Zeus” malware, “Jabber Zeus” came with the instant-messaging plug-in Jabber, which allowed the group to coordinate their attacks.

According to a Wired report, Penchukov (“tank”) led the group, Klepikov (“petr0vich”) ran IT management, and Bron (“thehead”) moved the gang’s money internationally.

The FBI raided Penchukov and Klepikov’s homes in 2010, seizing 20 terabytes of data.


Ahmad Fathi, owned a company that DDoSed America

caption
Ahmad Fathi.
source
FBI

Fathi is one of seven Iranian nationals wanted for their alleged involvement in a campaign of distributed denial of service (DDoS) attacks against 46 major US companies from 2011 through to 2013, mostly within the financial sector.

Fathi is the director and owner of a company called ITSecTeam which allegedly worked on the behalf of the Iranian government. As leader of the company, Fathi supervised and co-ordinated ITSecTeam’s potion of the DDoS campaign.


Hamid Firoozi hacked the wrong dam, probably

caption
Hamid Firoozi.
source
FBI

Firoozi was the network manager at ITSecTeam, and allegedly procured and managed computer servers to conduct DDoS attacks on the US financial sector.

Additionally, Firoozi is alleged to have hacked into the systems of the Bowman Dam in Rye, New York. The mayor of the nearby village of Rye Brook told the New York Times he was perplexed as to why state-sponsored Iranian hackers would want to break into such a small, “insignificant” dam. He theorized that the hackers may have confused it with the Bowman Dam in Oregon, which is 245 feet tall and 800 feet long.


Amin Shokohi, got off military service by working for Fathi

caption
Amin Shokohi.
source
FBI

Shokohi was allegedly a hacker for ITSecTeam who helped to build the company’s botnet and wrote malware for the DDoS attacks. He was allegedly rewarded by the Iranian government with credit towards completion of the country’s mandatory military service.


Mohammad Sadegh Ahmadzadegan, says he hacked NASA

caption
Mohammad Sadegh Ahmadzadegan.
source
FBI

Ahmadzadegan is the cofounder of Mersad Company which, along with ITSecTeam, is alleged to have taken part in a campaign of DDoS attacks aimed at the US financial sector. He is alleged to have managed Mersad’s botnet and provided training to Iranian intelligence personnel.

The FBI also claims that Ahmadzadegan was formerly a member of computer hacking groups Ashiyane Digital Security Team (ADST) and Sun Army, and claimed responsibility for hacking NASA’s servers in 2012.


Omid Ghaffarinia, another DDoS attacker and NASA hacker

caption
Omid Ghaffarinia.
source
FBI

Ghaffarinia was a co-founder of Mersad, and is alleged to have created malicious computer code used to infiltrate computer servers and build the company’s botnet.

Like Ahmadzadegan, Ghaffarinia is associated with Ashiyane Digital Security Team (ADST) and Sun Army, and also claimed to hack NASA in 2012.


Sina Keissar, Mersad employee

caption
Sina Keissar.
source
FBI

Keissar was an employee at Mersad. He allegedly procured computer servers for the company and performed preliminary testing on the company’s botnet.


Nader Saedi, a self proclaimed DDoS attack “expert”

caption
Nader Saedi.
source
FBI

Saedi was an employee at Mersad, and allegedly wrote computer scripts used to locate vulnerable servers. He was apparently a former Sun Army hacker who, “expressly touted himself as an expert in DDoS attacks.”


Nicolae Popescu, sold cars that didn’t exist on eBay

caption
Nicolae Popescu.
source
FBI

Romanian-born Nicolae Popescu is wanted for alleged participation in an eBay car scam, which netted $3 million. Adverts on eBay and other sites showed pictures of non-existent vehicles, and sent invoices to unsuspecting buyers in the US.


Firas Dardar, a.k.a. “The Shadow”

caption
Firas Dardar.
source
FBI

Dardar is wanted for his alleged involvement in the Syrian Electronic Army (SEA), a group which allegedly commits hacks in support of the Syrian Regime.

SEA members allegedly spearphished US government and military organisations, as well as private companies including The Washington Post, The New York Times, and CNN.

Dardar is also suspected of having carried out cyber extortion, hacking into computers and demanding ransom be paid for data. Forbes reported that he amassed more than $500,000 from 14 victims.


Ahmed Al Agha, a.k.a. “Th3 Pr0”

caption
Ahmed Al Agha.
source
FBI

Al Agha is also wanted for his alleged involvement in the Syrian Electronic Army (SEA). Under his internet pseudonym “Th3 Pr0.” He allegedly engaged in spearphishing with Dardar, and then used stolen usernames and passwords to deface websites, redirect domains to sites controlled by the conspiracy, steal email, and hijack social media accounts.


Viet Quoc Nguyen, spammed tens of millions for profit

caption
Viet Quoc Nguyen.
source
FBI

A federal warrant was issued for Viet Quoc Nguyen in October 2012 after he allegedly hacked into at least eight email service providers and stole data containing over one billion email addresses.

Nguyen then allegedly launched spam attacks on tens of millions of people whose email addresses were stolen. These were used to direct traffic to marketing websites, one of which he had an arrangement with to earn revenue off commission.


Shaileshkumar Jain, sold fake security software

caption
Shaileshkumar Jain
source
FBI

Indicted in 2010, Shaileshkumar a.k.a. “Sam” Jain is wanted for alleged involvement in an international bogus software scam.

The scam tricked victims into buying counterfeit anti-virus software by deceiving people into believing their computers had been infected with malware. This “scareware” is alleged to have taken more than $100 million.


Bjorn Daniel Sundin, Jain’s partner in crime

caption
Bjorn Daniel Sundin.
source
FBI

Sundin is alleged to have taken part in the same cyberscam as Shaileshkumar Jain, defrauding people into purchasing bogus anti-virus software or “scareware.”


The Chinese Miliary hacking unit

caption
Sun Kailiang, Huang Zhenyu, Wen Xinyu, Wang Dong and Gu Chunhui of the Chinese People’s Liberation Army (PLA).
source
FBI

Five military hackers from the Chinese People’s Liberation Army (PLA) are alleged to have carried out economic espionage against the US from 2006 to 2014. Unit 61398 allegedly hacked into six American entities to steal information, including those in the nuclear power, metals, and solar industries.

“For too long, the Chinese government has blatantly sought to use cyber espionage to obtain economic advantage for its state-owned industries,” then-director of the FBI James Comey said of the indictment.


Noor Aziz Uddin, hijacked phones to call fake hotlines

caption
Noor Aziz Uddin.
source
FBI

Aziz is wanted for allegedly leading a telecommunications scam, which defrauded people out of more than $50 million.

Aziz had set up a handful of pay-per-minute premium telephone numbers purporting to be chat, adult entertainment, and psychic hotlines, but were all shams.

Then hackers gained access to the telephone networks of businesses and organizations in the United States, and dialled the numbers from there. Unsuspecting businesses were then charged for dialling these premium numbers.

Aziz was arrested in Pakistan but later released in connection to the scheme. The FBI is offering a reward of up to $50,000 for information leading to his arrest.


Farhan Ul Arshad, accomplice to Aziz

caption
Farhan Ul Arshad.
source
FBI

Farhan Ul Arshad is wanted for his alleged involvement in Noor Aziz Uddin’s telecommunications scam. He was last known to be in Malaysia, and the FBI is offering up to $50,000 for information leading to his capture.