Bulletproof hosting duo jailed over support of cyber-attacks against US targets

Adam Bannister

21 October 2021 at 13:34 UTC

Updated: 25 October 2021 at 07:27 UTC

Attacks leveraging defendants’ infrastructure inflicted heavy financial losses on victims

Two Eastern European men have been sentenced by a US court for providing bulletproof hosting services that served as a springboard for cyber-attacks against US organizations.

Lithuanian national Aleksandr Skorodumov, 33, and Estonian citizen Pavel Stassi, 30, were given 48-month and 24-month jail terms respectively over their roles in a criminal group that ran cybercrime infrastructure over a six-year period.

The organization’s 34-year-old Russian co-founders, Aleksandr Grichishkin and Andrei Skvortsov, are awaiting sentencing and potentially face a maximum jail term of 20 years.

All four defendants pleaded guilty to one count of Racketeer Influenced and Corrupt Organizations (RICO) conspiracy.

Cybercrime services

The so-called bulletproof hosting services – whereby clients are allowed to engage in illegal activities – were used between 2009 and 2015 to distribute malware and mount cyber-attacks against US financial institutions and other targets, resulting in millions of dollars’ worth of losses for victims.

As lead systems administrator for the organization, Aleksandr Skorodumov “configured and managed clients’ domains and IP addresses, provided technical assistance to help clients optimize their malware and botnets, and monitored and responded to abuse notices”, said the Department of Justice (DoJ) in a press release published yesterday (October 20).

Catch up on the latest cybercrime news and analysis

Pavel Stassi’s involvement included “conducting and tracking online marketing to the organization’s criminal clientele and using stolen and/or false personal information to register webhosting and financial accounts used by the organization”.

The defendants also helped clients evade detection by monitoring sites used to blocklist cybercrime infrastructure, shifting ‘flagged’ content to different infrastructure, and registering infrastructure under false or stolen identities, according to the DoJ.

“Over the course of many years, the defendants facilitated the transnational criminal activity of a vast network of cybercriminals throughout the world by providing them a safe-haven to anonymize their criminal activity,” said special agent in charge Timothy Waters of the FBI’s Detroit field office.

“Cybercriminals may believe they are beyond the reach of the FBI and our international partners, but today’s proceeding proves that anyone who facilitates or profits from criminal cyber activity will be brought to justice.”

The FBI was assisted in its investigation by law enforcement agencies in Germany, Estonia, and the UK.

RELATED Dutch police warn DDoS-for-hire customers to desist or face prosecution