DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Four Individuals Plead Guilty to RICO Conspiracy Involving “Bulletproof Hosting” for Cybercriminals

Posted on May 7, 2021 by Dissent

Four Eastern European nationals have pleaded guilty to conspiring to engage in a Racketeer Influenced Corrupt Organization (RICO) arising from their providing “bulletproof hosting” services between 2008 and 2015, which were used by cybercriminals to distribute malware and attack financial institutions and victims throughout the United States.

According to court documents, Aleksandr Grichishkin, 34, and Andrei Skvortsov, 34, of Russia; Aleksandr Skorodumov, 33, of Lithuania; and Pavel Stassi, 30, of Estonia, were founders and/or members of a bulletproof hosting organization. The group rented Internet Protocol (IP) addresses, servers, and domains to cybercriminal clients, who used this technical infrastructure to disseminate malware used to gain access to victims’ computers, form botnets, and steal banking credentials for use in frauds. Malware hosted by the organization included Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit, which rampantly attacked U.S. companies and financial institutions between 2009 and 2015 and caused or attempted to cause millions of dollars in losses to U.S. victims. A key service provided by the defendants was helping their clients to evade detection by law enforcement and continue their crimes uninterrupted; the defendants did so by monitoring sites used to blocklist technical infrastructure used for crime, moving “flagged” content to new infrastructure, and registering all such infrastructure under false or stolen identities.

“Every day, transnational organized cybercriminals deploy malware that ravages our economy and victimizes our citizens and businesses,” said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division. “The criminal organizations that purposefully aid these actors — the so-called bulletproof hosters, money launderers, purveyors of stolen identity information, and the like — are no less responsible for the harms these malware campaigns cause, and we are committed to holding them accountable. Prosecutions like this one increase the costs and risks to cybercriminals and ensure that they cannot evade responsibility for the enormous injuries they cause to victims.”

“Fraud over the internet has had a major economic impact on our community, and all over our nation and the world,” stated Acting U.S. Attorney Saima S. Mohsin of the Eastern District of Michigan. “An essential part of reducing the fraud involves vigorously investigating and prosecuting individuals such as these ‘bulletproof hosters’ who enable the fraudsters in victimizing people over the internet.”

“Over the course of many years, the defendants facilitated the transnational criminal activity of a vast network of cybercriminals throughout the world by providing them a safe-haven to anonymize their criminal activity,” said Special Agent in Charge Timothy Waters of the FBI’s Detroit Field Office. “This resulted in millions of dollars of losses to U.S. victims. Today’s guilty plea sends a message to cybercriminals across the globe that they are not beyond the reach of the FBI and its international partners, and that anyone who facilitates or profits from criminal cyber activity will be brought to justice.”

According to court filings and statements made in connection with their guilty pleas, Grichishkin and Skvortsov were founding members of the organization and its proprietors. Skvortsov was responsible for marketing the organization’s criminal business and served as a point of contact for important and/or disgruntled clients, and Grichishkin was the organization’s day-to-day leader and oversaw its personnel. Skorodumov was one of the organization’s lead systems administrators, and at some points, its only systems administrator. In this role, he configured and managed the clients’ domains and IP addresses, provided technical assistance to help clients optimize their malware and botnets, and monitored and responded to abuse notices. Stassi undertook various administrative tasks for the organization, including conducting and tracking online marketing to the organization’s criminal clientele and using stolen and/or false personal information to register webhosting and financial accounts used by the organization.

Stassi, Skorodumov, and Grichishkin pleaded guilty in February and March 2021 to one count of RICO conspiracy. Skvortsov pleaded guilty today to the same charge. All four guilty pleas took place before Chief U.S. District Judge Denise Page Hood in the Eastern District of Michigan. Sentencing of Stassi, Skorodumov, Grichishkin, and Skvortsov has been set for June 3, June 29, July 8, and Sept. 16, respectively. Each defendant faces a maximum penalty of 20 years in prison. A federal district court judge will determine each sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

The FBI investigated the case with critical assistance from law enforcement partners in Germany, Estonia, and the United Kingdom.

Senior Counsel Louisa K. Marion of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Patrick E. Corbett of the Eastern District of Michigan prosecuted the case. The Justice Department’s Office of International Affairs provided substantial assistance.

Source: Department of Justice

Related posts:

  • Romanian National Known As “Virus” Extradited For Operating “Bulletproof Hosting” Service That Facilitated The Distribution Of Destructive Malware
Category: Non-U.S.

Post navigation

← IA: Wolfe Eye Clinic victim of Lorenz threat actors
Cyber criminals potentially accessed data of 10,000 people in Brevard School Board breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.