Bulletproof hosting admins plead guilty to running cybercrime safe haven

Four individuals from Eastern Europe face 20 years in prison for Racketeer Influenced Corrupt Organization (RICO) charges after pleading guilty to running a bulletproof hosting service as a safe haven for cybercrime operations targeting US entities.

The bulletproof hosting service was founded by Russian citizens Aleksandr Grichishkin and Andrei Skvortsov, who hired Lithuanian Aleksandr Skorodumov and Estonian Pavel Stassi as the organization’s system admin and administrator, respectively.

Grichishkin and Skvortsov were the ones overseeing marketing, personnel management, and client support, while Skorodumov and Stassi were responsible for keeping all systems running and helping clients behind malware and botnet operations to optimize their “services.”

A safe haven for malware operations

According to a DOJ press release published today, their service provided multiple cybercrime-affiliated clients with the infrastructure needed in malicious campaigns running between 2008 and 2015.

“The group rented Internet Protocol (IP) addresses, servers, and domains to cybercriminal clients, who used this technical infrastructure to disseminate malware used to gain access to victims’ computers, form botnets, and steal banking credentials for use in frauds,” the DOJ said.

“Malware hosted by the organization included Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit, which rampantly attacked U.S. companies and financial institutions between 2009 and 2015 and caused or attempted to cause millions of dollars in losses to U.S. victims.”

Other services provided by their bulletproof hosting service included registering new infrastructure using false or stolen identities to help clients circumvent law enforcement efforts to block their attacks.

A key service provided by the defendants was helping their clients to evade detection by law enforcement and continue their crimes uninterrupted; the defendants did so by monitoring sites used to blocklist technical infrastructure used for crime, moving “flagged” content to new infrastructure, and registering all such infrastructure under false or stolen identities. — DOJ

Responsible for millions of dollars in losses

“Over the course of many years, the defendants facilitated the transnational criminal activity of a vast network of cybercriminals throughout the world by providing them a safe-haven to anonymize their criminal activity,” said FBI Special Agent in Charge Timothy Waters.

“This resulted in millions of dollars of losses to U.S. victims. Today’s guilty plea sends a message to cybercriminals across the globe that they are not beyond the reach of the FBI and its international partners, and that anyone who facilitates or profits from criminal cyber activity will be brought to justice.”

All four defendants pleaded guilty to one count of RICO conspiracy in February, March, and May 2021.

Stassi, Skorodumov, Grichishkin, and Skvortsov will receive their sentence on June 3, June 29, July 8, and Sept. 16.

Each of the four defendants faces a maximum penalty of 20 years in prison that a federal district court judge will set after considering Sentencing Guidelines and other statutory factors.

The FBI investigated the case with assistance from law enforcement partners from the United Kingdom, Germany, and Estonia.