The criminals behind the GameOver ZeuS Botnet didn\u2019t just steal $100 million from banks -- they also spied on several countries on behalf of Russia, according to a Black Hat presentation Wednesday by an FBI agent and two other security experts.\n\nThese countries included Ukraine, Turkey, Georgia, and OPEC members, according to FBI special agent Elliott Peterson.\n\nThe gang, which called itself Business Club, had two leaders, one of whom was Evgeniy Bogachev who is still uncaught. The FBI is offering a $3 million reward for information leading to Bogachev\u2019s arrest.\n\nTwo security companies -- CrowdStrike and Fox-IT -- helped in the investigation.\n\n\u201cWe track the top 200 criminals in the world who are responsible for 80 percent of the 7-figure cyberfraud in the world,\u201d said Fox-IT product director Eward Driehuis.\n\nAccording to Driehuis, Bogachev has been on the company\u2019s radar since 2006.\n\n\u201cWe have analysts doing investigations and building trust relations with the criminals,\u201d he said. \u201cWe invest a lot of time in order to get as close to them as we can.\u201d\n\nInvestigators also try to surround the criminals with their own infrastructure, such as virtual private networks.\n\nHe declined to talk in more specifics about either the technology or the identities used by the investigators.\n\nThe Business Club criminal group was particularly secretive.\n\n\u201cThis club was a highly, highly trusted environment and was very difficult to get into,\u201d he said. \u201cAnd the infrastructure was well protected and well obfuscated. They were keeping it as tight as possible.\u201d\n\nAccording to Peterson, the Business Club was composed of mostly Russians and Ukrainians, and partnered with more than 20 other groups who provided third-party services.\n\nThe first version of the Zeus botnet appeared in 2005 and was sold as a crimeware kit. A second version of Zeus came out in 2009, then was followed by Murofet and Licat in 2010 and finally the peer-to-peer GameOver Zeus in 2011.\n\nThe focus was on corporate banking, with additional attacks specific to affiliates. Individual operators often deployed other malware, such as CryptoLocker.\n\nHowever, unusually for a financial botnet, the network was also used for espionage aimed at countries of political or economic interest to Russia, including the Ukraine, Georgia, Turkey and the OPEC states.\n\nIn Georgia, a former Soviet Republic located on the Black Sea, the group targeted intelligence agencies and other government agencies. Intelligence information was also the group\u2019s focus in the Ukraine, which became a target during the recent conflict with Russia.\n\nGovernment agencies were also the target in Turkey, but the group also looked at information related to the conflict in Syria.\n\nAccording to Michael Sandee, Fox-IT\u2019s principal security expert, the Russian government may have allowed Bogachev to get away with his financial crimes because he was involved in espionage activities on its behalf.\n\n\u201cThis of course remains speculation, but perhaps it is one of the reasons why he has as yet not been apprehended,\u201d Sandee said in a detailed report about the Business Club\u2019s methods and operations.