Four Eastern European nationals have pleaded guilty to conspiring to engage in a Racketeer Influenced Corrupt Organization (RICO) arising from their providing ‘bulletproof hosting’ services between 2008 and 2015, which were used by cybercriminals to distribute malware and attack financial institutions and victims throughout the United States.
According to court documents, Aleksandr Grichishkin, 34, and Andrei Skvortsov, 34, of Russia; Aleksandr Skorodumov, 33, of Lithuania; and Pavel Stassi, 30, of Estonia, were founders and/or members of a bulletproof hosting organization. The group rented Internet Protocol (IP) addresses, servers, and domains to cybercriminal clients, who used this technical infrastructure to disseminate malware used to gain access to victims computers, form botnets, and steal banking credentials for use in frauds. Malware hosted by the organization included Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit, which rampantly attacked U.S. companies and financial institutions between 2009 and 2015 and caused or attempted to cause millions of dollars in losses to U.S. victims. A key service provided by the defendants was helping their clients to evade detection by law enforcement and continue their crimes uninterrupted; the defendants did so by monitoring sites used to blocklist technical infrastructure used for crime, moving ‘flagged’ content to new infrastructure, and registering all such infrastructure under false or stolen identities.
According to court filings and statements made in connection with their guilty pleas, Grichishkin and Skvortsov were founding members of the organization and its proprietors. Skvortsov was responsible for marketing the organizations criminal business and served as a point of contact for important and/or disgruntled clients, and Grichishkin was the organizations day-to-day leader and oversaw its personnel. Skorodumov was one of the organizations lead systems administrators, and at some points, its only systems administrator. In this role, he configured and managed the clients domains and IP addresses, provided technical assistance to help clients optimize their malware and botnets, and monitored and responded to abuse notices. Stassi undertook various administrative tasks for the organization, including conducting and tracking online marketing to the organizations criminal clientele and using stolen and/or false personal information to register webhosting and financial accounts used by the organization. (Source: U.S. Department of Justice)