Four Eastern European nationals face 20 years in prison for Racketeer Influenced Corrupt Organization (RICO) charges after pleading guilty to providing bulletproof hosting services between 2008 and 2015, which were used by cybercriminals to distribute malware to financial entities across the U.S.
The individuals, Aleksandr Grichishkin, 34, and Andrei Skvortsov, 34, of Russia; Aleksandr Skorodumov, 33, of Lithuania; and Pavel Stassi, 30, of Estonia, have been accused of renting their wares to cybercriminal clients, who used the infrastructure to disseminate malware such as Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit that were capable of co-opting victim machines into a botnet, and stealing sensitive information.
The deployment of malware caused or attempted to cause millions of dollars in losses to U.S. victims, the U.S. Department of Justice (DoJ) said in a statement on Friday.
“A key service provided by the defendants was helping their clients to evade detection by law enforcement and continue their crimes uninterrupted; the defendants did so by monitoring sites used to blocklist technical infrastructure used for crime, moving ‘flagged’ content to new infrastructure, and registering all such infrastructure under false or stolen identities,” the DoJ added.
Founded by Grichishkin and Skvortsov, the latter was also responsible for marketing the organization’s criminal business, with Skorodumov and Stassi acting as the lead systems administrator and taking charge of other administrative tasks, including using stolen personal information to register web hosting and financial accounts.
Bulletproof hosting (BPH), also known as abuse-resistant services, is different from regular web hosting in that it allows a content provider more leniency in the kind of data that can be hosted on those servers, thus making it easier to evade law enforcement. Operators of bulletproof hosting services are known to employ a variety of tricks to stay under the radar, while simultaneously acting as a safe haven with the goal of anonymizing cybercrime operations.
Last December, law enforcement agencies from the US, Germany, Netherlands, Switzerland, France, along with Europol’s European Cybercrime Centre (EC3), took down Safe-Inet, a popular virtual private network (VPN) service that was used to facilitate illicit activity.