Four Eastern European nationals pled guilty to Racketeer Influenced Corrupt Organization (RICO) conspiracy charges for overseeing various “bulletproof hosting” services between 2008 and 2015, according to a statement released by the Department of Justice on Friday. In layperson’s terms, a bulletproof service is a system offering an online infrastructure with essentially no strings attached, meaning they can be used for all manner of illegal and illicit dealings ranging from malware bundles to child pornography trafficking.
According to the DOJ, individuals from Russia, Estonia, and Lithuania “rented Internet Protocol (IP) addresses, servers, and domains to cybercriminal clients, who used this technical infrastructure to disseminate malware used to gain access to victims’ computers, form botnets, and steal banking credentials for use in frauds.”
As reported by ZDNet, these services hosting malware including the Zeus and SpyEye Trojans, Citadel Trojan and credential stealer, and the Blackhole exploit kit, all of which ended up costing American victims millions of dollars in losses, collectively. The four men could each face upwards of 20 years in prison when they reach their sentencing within the next few months.
Run like any average business — As the DOJ describes, the four convicted men ran their shady services like your typical IT company. Founded by Aleksandr Grichishkin and Andrei Skvortsov, the former worked as the de facto “day-to-day leader and oversaw its personnel,” while the latter marketed their business and headed customer support claims for “important and/or disgruntled clients.” Meanwhile, Aleksandr Skorodumov generally oversaw systems operations, while Pavel Stassi “undertook various administrative tasks for the organization” including marketing to criminals and using stolen and fraudulent personal information to maintain webhosting and finances.
Operation Nova — In late 2020, law enforcement agencies cooperating between the U.S., Germany, France, Switzerland, and the Netherlands executed “Operation Nova,” which successfully seized three VPN service sites run by Grichishkin and his partners. Until the domains were seized by Europol, the websites offered rates ranging between $1.30/day and $190/year to users on underground Russian and English-speaking cybercrime forums. In exchange for these subscriptions, the four men worked on “ignoring or fabricating excuses in response to abuse complaints made by their customer's victims; moving their customer accounts and/or data from one IP address, server, or country to another to help them evade detection; and not maintaining logs (so that none are available for review by law enforcement),” according to a DOJ press release at the time.
While the recent convictions are a blow to bulletproof services, don’t think your data is suddenly impervious. Malware problems remain rampant online, from Call of Duty cheat codes to fake Clubhouse apps on Android, so stay frosty, friends.