Bulletproof Hosting Admins Admit Guilt
An Active Cyber-Crime Safe Haven Has Been Running for More than 7 Years Under the US Authorities’ Sight.
The small organization has been led by four East European nationals that pleaded guilty to conspiring to cyber-crime activities and “engage in a Racketeer Influenced Corrupt Organization (RICO) arising from their providing ‘bulletproof hosting’ services between 2008 and 2015”.
The hosting services have been used by cybercriminals across the globe to distribute malware and attack financial institutions and private persons across the United States.
Official documents released to the public show that Russian nationals Aleksandr Grichishkin, Andrei Skvortsov, as well as the Lithuanian Aleksandr Skorodumov, and Pavel Stassi of Estonia founded the bulletproof hosting organization and have been active members the entire time.
According to a US Department of Justice (DOJ) press release the group rented IP addresses, servers, and domains to cybercriminal clients that later used these resources to disseminate malware attacks and gain access to victims’ computers in order to form botnets meant to steal banking credentials and use them in various frauds.
According to DOJ
the malware hosted by the organization included Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit, which rampantly attacked U.S. companies and financial institutions between 2009 and 2015 and caused or attempted to cause millions of dollars in losses to U.S. victims.
Another service provided by the nefarious organization was to help their client evade detection by the law enforcement officers and continue undeterred their criminal activities. The defendants actively monitored for their clients
sites used to blocklist technical infrastructure used for crime, moving “flagged” content to new infrastructure, and registering all such infrastructure under false or stolen identities.
According to Nicholas L. McQuaid – Acting Assistant Attorney General of the Justice Department’s Criminal Division –
every day, transactional organized cybercriminals deploy malware that ravages (n. the US) our economy and victimizes our citizens and businesses . The criminal organizations that purposefully aid these actors — the so-called bulletproof hosters, money launderers, purveyors of stolen identity information, and the like — are no less responsible for the harms these malware campaigns cause, and we are committed to holding them accountable. Prosecutions like this one increase the costs and risks to cybercriminals and ensure that they cannot evade responsibility for the enormous injuries they cause to victims.
Fraud over the internet has had a major economic impact on our community, and all over our nation and the world. An essential part of reducing the fraud involves vigorously investigating and prosecuting individuals such as these ‘bulletproof hosters’ who enable the fraudsters in victimizing people over the internet.
Court filings go to show on record that Grichishkin and Skvortsov were founding members of the organization and its owners.
Skvortsov was also responsible for the marketing actions of the criminal organization and was the main point of contact for all of the companies’ clients.
Heimdal™ Threat Prevention - Network
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
On the other hand, Grichishkin was the organization’s day-to-day leader and oversaw its personnel. On the technical side, the organization was supervised by Skorodumov who also acted as a lead systems administrator.