They pleaded guilty: Aleksandr Grichishkin, Andrei Skvortsov, Aleksandr Skorodumov and Pavel Stassi were accused by the US Department of Justice of running a “bulletproof” hosting service used by criminals to launch cyber attacks between 2009 and 2015.
What is a “bulletproof” service?
Bulletproof hosting services, or “bulletproof” in French, offer a private online infrastructure. The operators of these services are notorious for generally turning a blind eye to the use that is made of leased domains.
There is no respect for copyright, and confidentiality is emphasized. Bulletproof offers thus target the needs of cybercriminals looking for an infrastructure to host malicious software, establish command and control (C2) servers and store illegal content, in particular malware or child pornography.
However, if operators close their eyes to the transgressions of their customers, justice does not do the same. In this case, the group is thus accused of conspiring to participate in an organization influenced by racketeering and corruption (RICO).
A service that helped its clients escape law enforcement
According to the US Department of Justice, the group leased servers and domains that were used in cyber attack campaigns, including against US businesses and financial organizations.
Among the hosted malware were Zeus and SpyEye Trojans, Citadel and Credential Thieves, as well as the Blackhole exploit kit – used in drive-by downloads to deliver payloads to victims. by the bulletproof hosting provider.
“One of the main services provided by the defendants was to help their clients escape detection by law enforcement and prosecute their crimes without interruption. To do this, the defendants monitored the sites used to block the technical infrastructures used for the crimes, moved the “flagged” content to new infrastructures and registered all these infrastructures under false or stolen identities “, indicate the prosecutors.
Defendants face up to 20 years in prison
The four defendants pleaded guilty to the count of an organization influenced by racketeering and corruption in federal court. They each face up to 20 years in prison. The penalties will be set individually between June and September.
In this investigation, the FBI was supported by German, Estonian and British law enforcement agencies.
In December 2020, as part of Operation Nova, law enforcement in several countries seized three virtual private network (VPN) services used by cybercriminals. VPNs were featured on underground forums as a means to hide the location and identity of ransomware operators, Magecart attackers, and phishing scammers.