Government charges cybercriminals in scheme to distribute malware.
This month, Chief Judge Denise Page Hood of the U.S. District Court for the Eastern District of Michigan sentenced Aleksandr Grichishkin, 34, of Russia, to 60 months behind bars for providing customers with “bulletproof hosting” services in the six-year span between 2009 and 2015. These services are designed to infiltrate financial institutions with dangerous malware and are extremely popular in the cybercrime community. Grichishkin’s scheme caused viruses to systems throughout the U.S.
More specifically, Grichishkin founded “a bulletproof hosting organization that rented internet protocol (IP) addresses, servers, and domains to cybercriminals who employed this his product to disseminate malware that allowed them to gain access to victims’ computers, form botnets,” and take banking information,” the U.S. Department of Justice (DOJ) said after law enforcement authorities investigated the case. Malware hosted by the organization included Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit were all involved, and these hosting sites attempted to steal millions of dollars. Zeus is very well-known to cybercriminals and allows these criminals to introduce malicious coding that has caused more than $100 million in losses to date.
“Grichishkin also helped clients evade detection by law enforcement and continue their crimes uninterrupted by monitoring sites used to blocklist technical infrastructure used for crime, moving flagged content to new infrastructure, and registering all such infrastructure under false or stolen identities,” according to the DOJ.
Grichishkin pleaded guilty to overseeing a plan to distribute the malware as well as hiring and compensating employees. He regularly instructed other members of the organization on how to resolve abuse notices by, among other methods, moving the affected clients’ data to new, clean domains and IP addresses,” the DOJ stated.
Three other defendants also entered guilty pleas, including Aleksandr Skorodumov and Andrei Skvortsov from Lithuania and Pavel Stassi of Estonia. Their roles within the organization were similar to Grichishkin’s and they were indicted in June and October of this year.
All defendants in the scheme were initially indicted on Racketeer Influenced and Corrupt Organizations Act (RICO) act charges, which passed in 1970 and is a law meant to help eliminate organized crime in the United States. Racketeering activity includes “any act or threat involving murder, kidnapping, gambling, arson, robbery, bribery, extortion, dealing in obscene matter, or dealing in a controlled substance or listed chemical,” according to the RICO law.
The Federal Bureau of Investigations (FBI) handled case with assistance from law enforcement officials in Germany, Estonia, and the United Kingdom. Senior Counsel Louisa K. Marion of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Patrick E. Corbett of the Eastern District of Michigan prosecuted.
“Cybercrime presents a serious and persistent threat to the United States, and these prosecutions send a clear message that ‘bulletproof hosters’ who purposely aid other cybercriminals are responsible, and will be held accountable, for the harms their criminal clients cause within our borders,” said Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department’s Criminal Division.