The internet has impacted the world in numerous ways, but it isn't always positive. Thanks to technology, we now have the rise of the cybercriminal, and the FBI even has a most wanted list for these criminals. These computer geeks commit illegal activities online and are popularly known as hackers.
The Internet can be the most useful tool in business, school or every-day life. At the same time, the Internet can make someone's life a living hell in the event that one becomes the next victim of a cybercrime. A large percentage of the world's population that uses computers over the Internet are aware of cybercrime and the consequences that they may face if they succumb to a cybercriminals' trap. Others who have no clue as to the dangers they face everyday using the Internet must be educated before it is too late for them.
Cybercrime is on the rise as technology invades every aspect of our daily lives, and the threat it poses to companies, the government and even individuals is significant. With more data stored electronically than ever before, and the rise of online payments and ecommerce, skilled cybercriminals can gain access to sensitive data, steal victim's identities, access their bank accounts -- and then turn around and sell the data in a flash.
To identify and track down the bad guys, the FBI dedicates an entire "Most Wanted" list to cybercrimes.
Here are the FBI's top 13 most wanted cybercriminals still at large.
| # | Name: | Reward: |
| 13. | PLA Unit 61398 | The FBI is not offering a reward |
| 12. | Jabberzeus Subjects | The FBI is not offering a reward |
| 11. | Bjorn Daniel Sundin | $20,000 |
| 10. | Shaileshkumar P. Jain | $20,000 |
| 9. | Farhan Ul Arshad | $50,000 |
| 8. | Noor Aziz Uddin | $50,000 |
| 7. | Peteris Sahurovs | $50,000 |
| 6. | Alexsey Belan | $100,000 |
| 5. | Ahmed Al Agha | $100,000 |
| 4. | Firas Dardar | $100,000 |
| 3. | Nicolae Popescu | $1 million |
| 2. | Evgeniy Mikhaylovich Bogachev | $3 million |
| 1. | Iranian DDoS Attacks | The FBI is not offering a reward |
13. PLA Unit 61398
 |
| (PLA Unit 61398) |
Reward: The FBI is not offering a reward for information on these individuals, but tips can be reported to your local FBI office or the nearest American Embassy or Consulate.
On 19 May 2014 the U.S. Department of Justice announced that a Federal grand jury had returned an indictment of five 61398 officers on charges of theft of confidential business information and intellectual property from U.S. commercial firms and of planting malware on their computers. The five are Sun KaiLiang, Huang Zhenyu, Wen Xinyu, Wang Dong, and Gu Chunhui. Forensic evidence traces the base of operations to a 12-story building off Datong Road in a public, mixed-use area of Pudong in Shanghai. The group is also known by various other names including "Advanced Persistent Threat 1" ("APT1"), "the Comment group" and "Byzantine Candor", a codename given by US intelligence agencies since 2002.
Aliases:
Sun KaiLiang (Sun Kai Liang, Jack Sun), Huang Zhenyu (Huang Zhen Yu, “hzy_lhx”), Wen Xinyu (Wen Xin Yu, “WinXYHappy”, “Win_XY”, Lao Wen), Wang Dong (Jack Wang, "UglyGorilla"), Gu Chunhui ( Gu Chun Hui, "KandyGoo")
Details:
On May 1, 2014, a grand jury in the Western District of Pennsylvania indicted five members of the People’s Liberation Army (PLA) of the People’s Republic of China (PRC) for 31 criminal counts, including: conspiring to commit computer fraud; accessing a computer without authorization for the purpose of commercial advantage and private financial gain; damaging computers through the transmission of code and commands; aggravated identity theft; economic espionage; and theft of trade secrets.
The subjects were officers of the PRC’s Third Department of the General Staff Department of the People’s Liberation Army (3PLA), Second Bureau, Third Office, Military Unit Cover Designator (MUCD) 61398, at some point during the investigation. The activities executed by each of these individuals allegedly involved in the conspiracy varied according to his specialties. Each provided his individual expertise to an alleged conspiracy to penetrate the computer networks of six American companies while those companies were engaged in negotiations or joint ventures or were pursuing legal action with, or against, state-owned enterprises in China. They then used their illegal access to allegedly steal proprietary information including, for instance, e-mail exchanges among company employees and trade secrets related to technical specifications for nuclear plant designs. Sun, who held the rank of captain during the early stages of the investigation, was observed both sending malicious e-mails and controlling victim computers.
12. Jabberzeus Subjects
 |
| (Jabberzeus Subjects) |
Reward: The FBI is not offering a reward for information on these individuals, but tips can be reported to your local FBI office or the nearest American Embassy or Consulate.
Caution:
These individuals (Ivan Klepikov, Alexey Bron, Vyacheslav Penchukov), thought to be located in Russia and Ukraine, are wanted for their involvement in a wide-ranging racketeering enterprise and scheme that installed, without authorization, malicious software known as “Zeus” on victims’ computers. The malicious software was used to capture bank account numbers, passwords, personal identification numbers, and other information necessary to log into online banking accounts. These subjects were then able to coordinate unauthorized transfers of funds from victims’ accounts.
These individuals were charged by a federal grand jury in the District of Nebraska in August of 2012 with Conspiracy to Participate in Racketeering Activity; Bank Fraud; Conspiracy to Violate the Computer Fraud and Abuse Act; Conspiracy to Violate the Identity Theft and Assumption Deterrence Act; and Aggravated Identity Theft.
11. Bjorn Daniel Sundin | Reward: $20,000
 |
| (Bjorn Daniel Sundin) |
Reward: The FBI is offering a reward of up to $20,000 for information leading to the arrest and conviction of Bjorn Daniel Sundin.
Alias: David Sundin
Remarks: Sundin has ties to Sweden and the Ukraine.
Caution:
Bjorn Daniel Sundin (August 7, 1978), along with his co-conspirator, Shaileshkumar P. Jain, is wanted for his alleged involvement in an international cybercrime scheme that caused internet users in more than 60 countries to purchase more than one million bogus software products, resulting in consumer loss of more than $100 million. It is alleged that from December 2006 to October 2008, through fake advertisements placed on legitimate companies’ websites, Sundin and his accomplices deceived internet users into believing that their computers were infected with “malware” or had other critical errors in order to encourage them to purchase “scareware” software products that had limited or no ability to remedy the purported defects.
Sundin and his co-conspirators allegedly deceived victims, through browser hijacking, multiple fraudulent scans and false error messages, into purchasing full paid versions of software products offered by their company, Innovative Marketing, Inc. The proceeds of these credit card sales were allegedly deposited into bank accounts controlled by the defendant and others around the world, and were then transferred to bank accounts located in Europe. When customers complained that their purchases were actually fraudulent software, call center representatives were allegedly instructed to lie or provide refunds in order to prevent fraud reports to law enforcement or credit companies.
On May 26, 2010, Sundin was indicted in Chicago, Illinois, by a federal grand jury for the United States District Court, Northern District of Illinois. He was indicted for wire fraud, conspiracy to commit computer fraud and computer fraud. That same day, a federal warrant was issued for Sundin’s arrest.
10. Shaileshkumar P. Jain | Reward: $20,000
 |
| (Shaileshkumar P. Jain) |
Reward: The FBI is offering a reward of up to $20,000 for information leading to the arrest and conviction of Shaileshkumar P. Jain.
Alias: Sam Jain
Remarks: Jain is a United States citizen who has ties to Brazil, Canada, India and the Ukraine.
Caution:
Shaileshkumar P. Jain (February 10, 1970), along with his co-conspirator, Bjorn Daniel Sundin, is wanted for his alleged involvement in an international cybercrime scheme that caused internet users in more than 60 countries to purchase more than one million bogus software products, resulting in consumer loss of more than $100 million. It is alleged that from December 2006 to October 2008, through fake advertisements placed on legitimate companies’ websites, Jain and his accomplices deceived internet users into believing that their computers were infected with “malware” or had other critical errors in order to encourage them to purchase “scareware” software products that had limited or no ability to remedy the purported defects.
Jain and his co-conspirators allegedly deceived victims, through browser hijacking, multiple fraudulent scans and false error messages, into purchasing full paid versions of software products offered by their company, Innovative Marketing, Inc. The proceeds of these credit card sales were allegedly deposited into bank accounts controlled by the defendant and others around the world, and were then transferred to bank accounts located in Europe. When customers complained that their purchases were actually fraudulent software, call center representatives were allegedly instructed to lie or provide refunds in order to prevent fraud reports to law enforcement or credit companies.
On May 26, 2010, Jain was indicted in Chicago, Illinois, by a federal grand jury for the United States District Court, Northern District of Illinois. He was indicted for wire fraud, conspiracy to commit computer fraud and computer fraud. That same day, a federal warrant was issued for Jain’s arrest.
9. Farhan Ul Arshad | Reward: $50,000
 |
| (Farhan Ul Arshad) |
Reward: The FBI is offering a reward of up to $50,000 for information leading to the arrest of Farhan Ul Arshad.
Aliases: Farhan Arshad, Farhan Ul, Farhan Ularshad
Remarks: Farhan Ul Arshad was last known to be in Malaysia, but may also travel to the United Arab Emirates, Canada, Germany, the United Kingdom, and/or Pakistan. He speaks Urdu and English.
Caution:
Farhan Ul Arshad (July 22, 1973) is wanted for his alleged involvement in an international telecommunications scheme that defrauded unsuspecting individuals, companies, and government entities, to include large telecom companies, in both the United States and abroad. Between November of 2008 and April of 2012, Farhan Ul Arshad is alleged to have compromised computer systems and conducted the scheme which ultimately defrauded victims of amounts in excess of $50 million. The international scheme involved members of a criminal organization that extended into Pakistan, the Philippines, Saudi Arabia, Switzerland, Spain, Singapore, Italy, and Malaysia, among other nations.
On June 29, 2012, a federal arrest warrant was issued for Farhan Ul Arshad in the United States District Court, District of New Jersey, Newark, New Jersey, after he was indicted for Conspiracy to Commit Wire Fraud; Conspiracy to Gain Unauthorized Access to Computers; Wire Fraud; and Unauthorized Access to Computers.
8. Noor Aziz Uddin | Reward: $50,000
 |
| (Noor Aziz Uddin) |
Reward: The FBI is offering a reward of up to $50,000 for information leading to the arrest of Noor Aziz Uddin.
Aliases: Noor Aziz, Noor Aziz Aziz Uddin, Aziz Uddin
Remarks: Noor Aziz Uddin was last known to be in Saudi Arabia, but may also travel to the United Arab Emirates, Italy, Malaysia, and/or Pakistan. He speaks Urdu and English.
Caution:
Noor Aziz Uddin (January 2, 1963) is wanted for his alleged involvement in an international telecommunications scheme that defrauded unsuspecting individuals, companies, and government entities, to include large telecom companies, in both the United States and abroad. Between November of 2008 and April of 2012, Noor Aziz Uddin is alleged to have compromised computer systems and conducted the scheme which ultimately defrauded victims of amounts in excess of $50 million. The international scheme involved members of a criminal organization that extended into Pakistan, the Philippines, Saudi Arabia, Switzerland, Spain, Singapore, Italy, and Malaysia, among other nations.
On June 29, 2012, a federal arrest warrant was issued for Noor Aziz Uddin in the United States District Court, District of New Jersey, Newark, New Jersey, after he was indicted for Conspiracy to Commit Wire Fraud; Conspiracy to Gain Unauthorized Access to Computers; Wire Fraud; Unauthorized Access to Computers; and Identity Theft.
7. Peteris Sahurovs | Reward: $50,000
 |
| (Peteris Sahurovs) |
Reward: The FBI is offering a reward of up to $50,000 for information leading to the arrest of Peteris Sahurovs.
Remarks: Sahurovs is thought to be in Rezekne, Latvia. He may also visit Kiev, Ukraine. He is known to use the following screen names: "PIOTREK," PIOTREK89" and "SAGADE."
Caution:
Peteris Sahurovs (March 30, 1989) is wanted for his alleged involvement in an international cybercrime scheme that took place from February of 2010 to September of 2010. The scheme utilized a computer virus that involved the online sale of fraudulent computer security programs that defrauded Internet users of more than $2 million.
It is alleged that in February of 2010, Sahurovs contacted an online newspaper claiming to work for an online advertising agency that represented a hotel chain that was seeking to place advertisements on the paper's website. Sahurovs utilized fraudulent references and bank accounts to deceive the newspaper into believing he represented a legitimate advertising agency.
Sahurovs provided electronic files containing the fictitious hotel advertisements to the newspaper, which began running the advertisements on its website. He then replaced the hotel advertisements with a file containing a malicious computer code, or malware, which infected the computers of people who visited the website and required them to purchase antivirus software for $49.95 to regain control of their computers. If the users did not purchase the software, their computers immediately became inundated with pop-ups containing fraudulent "security alerts," and all information, data and files stored on the computers became inaccessible.
Sahurovs allegedly conducted the same fraudulent advertising and infection scheme against numerous online businesses.
On May 17, 2011, Sahurovs was indicted by a Federal Grand Jury in the United States District Court, District of Minnesota, for wire fraud, conspiracy to commit wire fraud, and unauthorized access to a protected computer. The same day, a federal warrant was issued for Sahurovs' arrest.
6. Alexsey Belan | Reward: $100,000
 |
| (Alexsey Belan) |
Reward: The FBI is offering a reward of up to $100,000 for information leading to the arrest of Alexsey Belan.
Aliases: Aleksei Belan, Aleksey Belan, Aleksey Alexseyevich Belan, Aleksey Alekseyevich Belan, Alexsei Belan, Abyr Valgov, "Abyrvaig", "Fedyunya", "Magg", "M4G", "Moy.Yawik"
Remarks: Belan has Russian citizenship and is known to hold a Russian passport. He speaks Russian and may travel to Russia, Greece, Latvia, the Maldives, and Thailand. He may wear eyeglasses and dye his brown hair red or blond. He was last known to be in Athens, Greece.
Caution:
Between January of 2012, and April of 2013, Alexsey Belan (June 27, 1987) is alleged to have intruded the computer networks of three major United States-based e-commerce companies in Nevada and California. He is alleged to have stolen their user databases which he then exported and made readily accessible on his server. Belan allegedly stole the user data and the encrypted passwords of millions of accounts and then negotiated the sales of the databases.
Two separate federal arrest warrants for Belan have been issued. One was issued on September 12, 2012, in the United States District Court, District of Nevada, Las Vegas, Nevada, after Belan was charged with obtaining information by computer from a protected computer; possession of fifteen or more unauthorized access devices; and aggravated identity theft. The second warrant was issued on June 6, 2013, in the United States District Court, Northern District of California, San Francisco, California, after Belan was charged with two counts of fraud in connection with a computer and two counts of aggravated identity theft.
5. Ahmed Al Agha | Reward: $100,000
 |
| (Ahmed Al Agha) |
Reward: The FBI is offering a reward of up to $100,000 for information leading to the arrest of Ahmed Al Agha.
Aliases: Ahmad Al Agha, Ahmad 'Umar Agha, Ahmed 'Umar Temer, Ahmed Temer Agga, "Th3 Pr0", "The Pro"
Remarks: Al Agha is known to wear prescription eyeglasses. He is believed to be residing in Damascus, Syria.
Caution:
Ahmed Al Agha (January 10, 1994) is wanted for his alleged involvement in the Syrian Electronic Army (SEA), a group of individuals who allegedly commit hacks in support of the Syrian Regime. It is alleged that, between September of 2011 and January of 2014, Al Agha committed dozens of cyber attacks against United States government agencies, media organizations, and private organizations under the SEA banner while using the online nickname, "Th3 Pr0". On June 12, 2014, a criminal complaint was filed in the United States District Court, Eastern District of Virginia, Alexandria, Virginia, charging Al Agha with conspiring to violate numerous laws related to the commission of computer intrusions.
4. Firas Dardar | Reward: $100,000
 |
| (Firas Dardar) |
Reward: The FBI is offering a reward of up to $100,000 for information leading to the arrest of Firas Dardar.
Aliases: Firas Nur Al Din Dardar, Firas Nural Din Dardar, Firas Nour Alden Dardar, Feras Firas Nur-al-Din, Firas Derdar, Firas Drdr, Feras Dardar, "The Shadow", "Ethical Dragon", "Ethical Spectrum"
Remarks: Dardar is known to be a smoker. He is believed to be residing in Homs, Syria.
Caution:
Firas Dardar (March 3, 1989) is wanted for his alleged involvement in the Syrian Electronic Army (SEA), a group of individuals who allegedly commit hacks in support of the Syrian Regime. It is alleged that, between September of 2011 and January of 2014, Dardar committed dozens of cyber attacks against United States government agencies, media organizations, and private organizations under the SEA banner while using the online nickname, "The Shadow". On June 12, 2014, a criminal complaint was filed in the United States District Court, Eastern District of Virginia, Alexandria, Virginia, charging Dardar with conspiring to violate numerous laws related to the commission of computer intrusions.
Additionally, Dardar is also suspected of being responsible for a series of cyber extortion schemes targeting a variety of American and international companies. A separate criminal complaint charging Dardar with these cyber extortion schemes was filed on September 29, 2015.
3. Nicolae Popescu | Reward: $1 million
 |
| (Nicolae Popescu) |
Reward: The United States Department of State’s Transnational Organized Crime Rewards Program is offering a reward of up to $1 million for information leading to the arrest and/or conviction of Nicolae Popescu.
Aliases: Niculae Popescu, Nicolae Petrache, Nae Popescu, "Nae", "Stoichitoiu"
Remarks: Popescu speaks Romanian. He may have travelled to Europe.
Caution:
Nicolae Popescu (February 6, 1980) is wanted for his alleged participation in a sophisticated Internet Fraud scheme where criminal enterprise conspirators, based in Romania and elsewhere in Europe, posted advertisements on Internet auction market sites for merchandise for sale. Such advertisements contained images and descriptions of vehicles and other items for sale, but those items did not really exist. Conspirators posing as sellers then negotiated via e-mail with unsuspecting buyers in the United States. These "sellers" sent fraudulent invoices, that appeared to be from legitimate online payment services, to the victim buyers, with instructions for payment to bank accounts held by other conspirators in the United States. These conspirators opened United States bank accounts under false identities using fraudulent passports made in Europe by other conspirators. When victims wired money to an account identified on the false invoices, the conspirator associated with that account would be notified and then would withdraw the proceeds and send them via wire transfer to another conspirator based on e-mailed instructions.
A federal arrest warrant was issued for Nicolae Popescu on December 20, 2012, in the United States District Court, Eastern District of New York, Brooklyn, New York, after he was charged by indictment for Conspiracy to Commit Wire Fraud, Money Laundering, Passport Fraud, and Trafficking in Counterfeit Service Marks; Wire Fraud; Money Laundering; Passport Fraud; and Trafficking in Counterfeit Service Marks.
2. Evgeniy Mikhaylovich Bogachev | Reward: $3 million
 |
| (Evgeniy Mikhaylovich Bogachev) |
Reward: The United States Department of State’s Transnational Organized Crime Rewards Program is offering a reward of up to $3 million for information leading to the arrest and/or conviction of Evgeniy Mikhailovich Bogachev.
Aliases: Yevgeniy Bogachev, Evgeniy Mikhaylovich Bogachev, "lucky12345", "slavik", "Pollingsoon"
Remarks: Bogachev was last known to reside in Anapa, Russia. He is known to enjoy boating and may travel to locations along the Black Sea in his boat. He also owns property in Krasnodar, Russia.
Caution:
Evgeniy Mikhailovich Bogachev (October 28, 1983), using the online monikers “lucky12345” and “slavik”, is wanted for his alleged involvement in a wide-ranging racketeering enterprise and scheme that installed, without authorization, malicious software known as “Zeus” on victims’ computers. The software was used to capture bank account numbers, passwords, personal identification numbers, and other information necessary to log into online banking accounts. While Bogachev knowingly acted in a role as an administrator, others involved in the scheme conspired to distribute spam and phishing emails, which contained links to compromised web sites. Victims who visited these web sites were infected with the malware, which Bogachev and others utilized to steal money from the victims’ bank accounts. This online account takeover fraud has been investigated by the FBI since the summer of 2009.
Starting in September of 2011, the FBI began investigating a modified version of the Zeus Trojan, known as GameOver Zeus (GOZ). It is believed GOZ is responsible for more than one million computer infections, resulting in financial losses of more than $100 million.
On August 22, 2012, Bogachev was indicted under the nickname “lucky12345” by a federal grand jury in the District of Nebraska on charges of Conspiracy to Participate in Racketeering Activity; Bank Fraud; Conspiracy to Violate the Computer Fraud and Abuse Act; Conspiracy to Violate the Identity Theft and Assumption Deterrence Act; and Aggravated Identity Theft. On May 19, 2014, Bogachev was indicted in his true name by a federal grand jury in the Western District of Pennsylvania on charges of Conspiracy; Computer Fraud; Wire Fraud; Bank Fraud; and Money Laundering. On May 30, 2014, a criminal complaint was issued in the District of Nebraska that ties the previously indicted nickname of "lucky12345" to Bogachev and charges him with Conspiracy to Commit Bank Fraud.
1. Iranian DDoS Attacks
 |
| (Ahmad Fathi, Sina Keissar, Omid Ghaffarinia, Amin Shokohi, Mohammad Sadegh Ahmadzadegan, Hamid Firoozi, Nader Saedi) |
Reward: The FBI is not offering a reward for information on these individuals, but tips can be reported to your local FBI office or the nearest American Embassy or Consulate.
Ahmad Fathi, Aliases: "M3S3C3", "M3HRAN"
Sina Keissar (May 20, 1990)
Omid Ghaffarinia (June 24, 1990), Alias: "PLuS"
Amin Shokohi (Date(s) of Birth Used - July 11, 1989, July 11, 1990, August 5, 1981)
Mohammad Sadegh Ahmadzadegan (Date(s) of Birth Used - October 27, 1992, August 27, 1991), Aliases: Mohammad Sagegh Ahmadzadegan, Sadegh Ahmadzadegan, Sadegh Nitrojen, "Nitrojen26", "Nitr0jen26"
Hamid Firoozi (Date(s) of Birth Used - June 23, 1981, January 1, 1980, August 6, 1981)
Nader Saedi (Date(s) of Birth Used - February 20, 1990), Alias: "Turk Server"
Operation Ababil was a series of cyber attacks starting in 2012, targeting various American financial institutions and carried out by a group calling itself the Cyber fighters of Izz Ad-Din Al Qassam.
The cyber attacks, or more specifically denial of service attacks, were launched by the Cyber fighters of Izz Ad-Din Al Qassam also known as Qassam Cyber Fighters. The group announced the attacks on September 18, 2012 on Pastebin where they criticized Israel and the United States and justified the attacks as a response to the Innocence of Muslims video released by controversial American pastor Terry Jones. Their targets included the New York Stock Exchange as well as a number of banks including J.P. Morgan Chase. The result of the attacks was a limited disruption of the targeted websites. The attacks ended on Oct 23, 2012 because of the Eid al-Adha holiday at which point they offered to speak to the media through e-mail.
Phase Two
On December 10, 2012, the Qassam Cyber Fighters announced[9] the launching of phase two of Operation Ababil. In that statement, they specifically named U.S. Bancorp, J.P. Morgan Chase, Bank of America, PNC Financial Services and SunTrust Bank as targets and identified events such as Hurricane Sandy and the 2012 US Presidential Election as reasons for the delay of phase two. This announcement also mentioned disrespect towards the Prophet Mohammed as motivation and denied the involvement of any nation state. It was during this time that media attention increased with one journalist observing, "Operation Ababil stands out for its sophistication and focus, experts say." and allegations of involvement by Iran also increased. On January 29, 2013, an announcement was made that phase two would come to a conclusion due to the removal of the main copy of the video from YouTube. The announcement also identified additional copies of the movie also hosted on YouTube.
Phase Three
On February 12, 2013, the Qassam Cyber Fighters issued a warning that the other copies of the movie referenced in their January 29 posting should be removed. They followed this with a "serious warning" and then an "ultimatum" after the additional copies of the video were not removed. On March 5, 2013, they announced the beginning of Phase 3 of Operation Ababil on their Pastebin page. This was followed by several of the financial institutions on their target list reporting website disruptions.
Caution:
On January 21, 2016, a grand jury in the Southern District of New York indicted seven Iranian nationals for their involvement in conspiracies to conduct a coordinated campaign of distributed denial of service (“DDoS”) attacks against the United States financial sector and other United States companies from 2011 through 2013. Each defendant was a manager or employee of ITSecTeam or Mersad, private security computer companies based in the Islamic Republic of Iran that performed work on behalf of the Iranian Government, including the Islamic Revolutionary Guard Corps.