Image: Lars Kienle
Two Eastern European men were sentenced to prison on Racketeer Influenced Corrupt Organization (RICO) charges for bulletproof hosting services used by multiple cybercrime operations to target US organizations.
They provided cybercrime-affiliated clients with the infrastructure needed to host exploit kits and to run malicious campaigns distributing spam emails and malware for roughly seven years, between 2008 and 2015.
“The group rented IP addresses, servers, and domains to cybercriminal clients who employed this technical infrastructure to disseminate malware used to gain access to victims’ computers, form botnets, and steal banking credentials for use in fraud,” the DOJ said in the sentencing memorandum.
“Malware hosted by the organization included Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit, which attacked U.S. companies and financial institutions between 2009 and 2015 and caused or attempted to cause millions of dollars in losses to U.S. victims.”
For instance, as revealed in court documents, the Federal Deposit Insurance Corporation (FDIC) said SpyEye and Zeus attacks caused roughly $64 million in damages to banks and their corporate clients in 2011 alone, according to estimations based on reported incidents.
The bulletproof hosting service also helped cybercrime gangs register new infrastructure using stolen or false identities that allowed them to circumvent law enforcement efforts to block their attacks.
A key service provided by the defendants was helping their clients to evade detection by law enforcement and continue their crimes uninterrupted; the defendants did so by monitoring sites used to blocklist technical infrastructure used for crime, moving “flagged” content to new infrastructure, and registering all such infrastructure under false or stolen identities. – DOJ
Bulletproof hosting founders waiting sentencing
The bulletproof hosting service was founded by Russian citizens Aleksandr Grichishkin and Andrei Skvortsov, who were also indicted in the same case.
They hired Estonian Pavel Stassi and Lithuanian Aleksandr Skorodumov, who were sentenced to two and four years in prison, respectively, as the organization’s administrator and system admin.
While Skorodumov and Stassi were responsible for keeping systems running and helping malware and botnet operations optimize their “services,” Skvortsov and Grichishkin oversaw marketing, personnel management, and client support.
All four defendants pleaded guilty to one count of RICO conspiracy in February, March, and May 2021. The bulletproof hosting founders also face a maximum penalty of 20 years in prison.
The FBI investigated the case with assistance from law enforcement partners from the United Kingdom, Germany, and Estonia.
“Cybercrime presents a serious and persistent threat to the United States, and these prosecutions send a clear message that ‘bulletproof hosters’ who purposely aid other cybercriminals are responsible, and will be held accountable, for the harms their criminal clients cause within our borders,” said Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department’s Criminal Division.