Advertisement

‘Bulletproof’ hosting operators sentenced for role in aiding spread of Zeus malware, which stole $100 million

Two other men await charges after pleading guilty to RICO conspiracy charges.
(Getty Images)

A federal judge sentenced two men to multi-year prison terms for their role in providing services to cybercriminals, including some big name malware that cost victims millions of dollars in losses, the Justice Department announced Wednesday.

Chief Judge Denise Page Hood of the U.S. District Court for the Eastern District of Michigan gave Pavel Stassi of Estonia 24 months in prison and Aleksandr Skorodumov of Lithuania received 48 months after pleading guilty to one count each of RICO conspiracy. The two men were part of a larger operation providing “bulletproof hosting,”  which involved hosting rented IP addresses, servers, domains and malware to scammers in a way that provided more anonymity and protection from law enforcement than more legitimate hosting providers would provide.

The operation in which Stassi and Skorodumov were members from 2009 to 2015 hosted the Zeus malware, used to steal more than $100 million from victims. It also hosted the Blackhole exploit kit that caused or attempted to cause millions more in losses, according to the DOJ.

Stassi and Skorodumov are two of the four men in the organization who have pleaded guilty to the RICO charges, along with Aleksandr Grichishkin and Andrei Skvortsov.  Stassi and Skorodumov served in administrative roles, DOJ said, while Grichishkin and Skvortsov founded and led the operation. The latter two men await sentences of up to 20 years.

Advertisement

U.S. and international law enforcement have notched some wins over the past couple years against such bulletproof hosting services, despite the fact that they’re often based in countries less likely to aid agencies from other countries.

“Cybercrime presents a serious and persistent threat to the United States, and these prosecutions send a clear message that ‘bulletproof hosters’ who purposely aid other cybercriminals are responsible, and will be held accountable, for the harms their criminal clients cause within our borders,” said Assistant Attorney General Kenneth Polite Jr. of DOJ’s Criminal Division.

Other successes include the DOJ taking down the Russia-based bulletproof hosting service Deer.io and some of its members, and European and U.S. law enforcement combining to shutter Safe-Inet.

Latest Podcasts