The small organization has been led by four East European nationals that pleaded guilty to conspiring to cyber-crime activities and “engage in a Racketeer Influenced Corrupt Organization (RICO) arising from their providing ‘bulletproof hosting’ services between 2008 and 2015”.
The hosting services have been used by cybercriminals across the globe to distribute malware and attack financial institutions and private persons across the United States.
Official documents released to the public show that Russian nationals Aleksandr Grichishkin, Andrei Skvortsov, as well as the Lithuanian Aleksandr Skorodumov, and Pavel Stassi of Estonia founded the bulletproof hosting organization and have been active members the entire time.
Heinz-Peter Bader / reuters
Four individuals behind a bulletproof hosting site have pleaded guilty to US racketeering charges, the Department of Justice (DoJ) has announced. The service, designed to accommodate criminal activities and help clients evade detection, was founded by Russians Aleksandr Grichishkin and Andrei Skvortsov. The other two parties are Lithuanian Aleksandr Skorodumov and Estonian Pavel Stassi, who worked as admins on the site.
The site provided multiple clients with the infrastructure to gain access to victims’ computers, form botnets, and steal banking credentials for use in frauds between 2008 and 2015, the DoJ wrote. Malware hosted by the organization included Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit, which rampantly attacked U.S. companies and financial institutions between 2009 and 2015 and caused or attempted to cause millions of dollars in losses to U.S. victims.
Four men from Eastern Europe have pleaded guilty to supporting cyber-criminals attacking the United States by providing them with bulletproof hosting services (BPHS).
BPHS are run with a don t ask, don t tell approach and ensure the anonymity of users while allowing them to host malicious activity and content such as malware.
According to court documents, 34-year-old Russian nationals Aleksandr Grichishkin and Andrei Skvortsov, 33-year-old Aleksandr Skorodumov of Lithuania, and Estonian 30-year-old Pavel Stassi were the founders and/or members of an organization offering BPHS.
The group admitted renting out Internet Protocol (IP) addresses, servers, and domains to cyber-criminal clients, who used them to steal banking credentials, spread malware, and form botnets.
Four Plead Guilty to Aiding Cyber Criminals with Bulletproof Hosting
Four Eastern European nationals face 20 years in prison for Racketeer Influenced Corrupt Organization (RICO) charges after pleading guilty to providing bulletproof hosting services between 2008 and 2015, which were used by cybercriminals to distribute malware to financial entities across the U.S.
The individuals, Aleksandr Grichishkin, 34, and Andrei Skvortsov, 34, of Russia; Aleksandr Skorodumov, 33, of Lithuania; and Pavel Stassi, 30, of Estonia, have been accused of renting their wares to cybercriminal clients, who used the infrastructure to disseminate malware such as Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit that were capable of co-opting victim machines into a botnet, and stealing sensitive information.
The four defendants were founders and/or members of a group that rented IP addresses, servers, and domains to their cybercriminal clients, the Department of Justice reported late last week. Criminals used the infrastructure to spread malware and gain access to victim machines, create botnets, and steal banking credentials that they could use to conduct more fraud.
Malware hosted by the group included Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit, which targeted US companies and financial organizations between 2009 and 2015 and caused, or attempted to cause, millions of dollars in losses.
The group also helped their criminal clients evade law enforcement by monitoring websites used to blocklist technical infrastructure used for crime. They moved flagged content to new infrastructure and registered it under false or stolen identities, officials report.