A bulletproof hosting service for cyber-criminal activities was being operated by the Russian individuals along with the two eastern European citizens who are now being charged.
Bulletproof hosting is a private service that is mainly provided by some hosting firms who let their customers post and upload whatever they want to, without any consideration of the nature of their activities. Their postings or engagements are never taken down despite complaints or reports.
Bulletproof hosting services are usually used by cybercriminals, Spammers, threat actors, blackhat hackers, and sellers of online gambling or illegal pornography. All of them can easily bypass the laws and terms of services of the internet or the area in which they are, and without any hurdle, they are able to seek the infrastructure to host illegal content, malware, malicious servers, and pornography.
Bulletproof hosting service was collectively operated by four individuals. Aleksandr Grichishkin and Andrei Skvortsov are the Russian individuals who founded the service and further employed Lithuanian Aleksandr Skorodumov and Estonian Pavel Stassi from Estonia as the organization’s system admin and administrator in the tenure of 2009 to 2015.
They all are responsible for running a bulletproof hosting service as a safe haven for cybercriminal activities and illegal malware. Russian individuals were involved in the marketing, management, and client support whereas the European group was running and operating the system, dealing with clients behind the malware, and also exploiting operations to improve their business.
The group is now being charged with Racketeer Influenced Corrupt Organization (RICO) and would have to face 20 years in prison.
It is been observed that the cybercrime operations carried out through this bulletproof hosting were targeting US entities. The US Department of Justice (DoJ) released a press statement in which it’s been stated that between 2008 to 2015 malicious campaigns which targetted US companies and financial organizations, the infrastructure was provided this service group.
The malware including Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit, was hosted by the organization. The Doj said;
“Malware hosted by the organization included Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit, which rampantly attacked U.S. companies and financial institutions between 2009 and 2015 and caused or attempted to cause millions of dollars in losses to U.S. victims.”
The group further helped and assisted their customers in the continuation of their crime without any disturbance from law authorities by hiding under the false provided identities, remaining safe haven due to the services of the group. DoJ said;
“A key service provided by the defendants was helping their clients to evade detection by law enforcement and continue their crimes uninterrupted; the defendants did so by monitoring sites used to blocklist technical infrastructure used for crime, moving “flagged” content to new infrastructure, and registering all such infrastructure under false or stolen identities,”
The DoJ also highlighted that because of the services of the group the victims suffered great losses over the years. “This resulted in millions of dollars of losses to U.S victims.” They further clarified that no matter what or in which corner of the world you are, if you’re a cybercriminal or a facilitator or profit maker of the cybercriminal activity, you’re gonna end up in the capture of the FBI. They stated that this incident is evidence of it and sends a warning to the rest of the hidden criminals.
The case has been investigated by the FBI with assistance from law enforcement agencies in Germany, Estonia, and the UK.
All four individuals would face the 20 years penalty in prison and they are expected to receive their sentence in June, July, and September, after the regards of all the legal laws and measures.