A group of four men have pleaded guilty in the US to conspiring to engage in a Racketeer Influenced Corrupt Organization (RICO) and face 20 years in prison for providing bulletproof hosting services to cybercriminals.

The Department of Justice said Aleksandr Grichishkin, 34; Andrei Skvortsov, 34; Aleksandr Skorodumov, 33; and Pavel Stassi, 30, were founders and/or members of an unnamed bulletproof hosting organization.

According to the DOJ, between 2008 and 2015 the group rented Internet Protocol (IP) addresses, servers, and domains from which cybercriminals conducted attacks, including malware distribution, botnets, and banking trojans. Malware hosted by the organization included Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit.

The group helped their customers evade detection by law enforcement by monitoring sites used to blocklist technical infrastructure used for crime and moving flagged content to new infrastructure, and registering all such infrastructure under false or stolen identities.

Criminals not always bulletproof

FBI_DoJ_badge_Apr 2021_wiki.jpg
– Wikipedia

“Every day, transnational organized cybercriminals deploy malware that ravages our economy and victimizes our citizens and businesses,” said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division.

“The criminal organizations that purposefully aid these actors — the so-called bulletproof hosters, money launderers, purveyors of stolen identity information, and the like — are no less responsible for the harms these malware campaigns cause, and we are committed to holding them accountable. Prosecutions like this one increase the costs and risks to cybercriminals and ensure that they cannot evade responsibility for the enormous injuries they cause to victims.”

The DOJ said Grichishkin and Skvortsov were founding members of the organization, with Skvortsov responsible for marketing and Grichishkin responsible for day-to-day operations.

Skorodumov was one of the organization’s lead systems administrators, configuring and managing clients’ domains and IP addresses, and providing technical assistance to help clients optimize their malware and botnets. Stassi undertook ‘various administrative tasks’ including conducting and tracking online marketing to the organization’s criminal clientele and using stolen and/or false personal information to register webhosting and financial accounts used by the organization.

“Over the course of many years, the defendants facilitated the transnational criminal activity of a vast network of cybercriminals throughout the world by providing them a safe-haven to anonymize their criminal activity,” said Special Agent in Charge Timothy Waters of the FBI’s Detroit Field Office.

“This resulted in millions of dollars of losses to US victims. Today’s guilty plea sends a message to cybercriminals across the globe that they are not beyond the reach of the FBI and its international partners, and that anyone who facilitates or profits from criminal cyber activity will be brought to justice.”

The men were extradited to the US last year. Sentencing of Stassi, Skorodumov, Grichishkin, and Skvortsov has been set for June 3, June 29, July 8, and Sept. 16, respectively. Each defendant faces a maximum penalty of 20 years in prison.