Tech

Blackhole exploit kit creator Paunch sent behind bars

Local media says a group of hackers have been issued severe sentences for a string of online banking attacks.

Written by Charlie Osborne, Contributing Writer April 15, 2016 at 4:13 a.m. PT

The hacker behind the Blackhole exploit kit has reportedly been sentenced to seven years in prison.
Symantec

The hacker behind the infamous Blackhole and Cool exploit kits has been sentenced to seven years in prison.

This week, the Zamoskvoretskiy Moscow court sentenced seven hackers to between five-and-a-half and eight years in prison for cybercrime offenses. According to local news outlet Tass (translation), Dmitry Fedotov, aka "Paunch," is among those convicted.

'Paunch' is the creator of the Blackhole exploit kit, which was available to cyberattackers on a rental scheme for years. The exploit kit was frequently updated with fresh web-based vulnerabilities used to poke holes in victim systems, steal credentials and spy upon targets.

The hacker was arrested by Russian law enforcement in 2013, bringing updates to the exploit kit to a halt.

Back in 2013, Jerome Segura, security researcher at MalwareBytes, said the arrest of Paunch would be "a major event in the exploit kit business, one that could trigger a chain reaction leading to more arrests and disruption."

Security

Now, it appears the case is finally closed.

Fedotov was sentenced to seven years in prison for his crimes. In addition, six of his co-conspirators, Sergey Shumarin, Ilya Bragin, Valery Gorbunov, Vladimir Popov, Artem Palchevsky and Roman Kulakov were given prison terms ranging between five-and-a-half and eight years, to be served in a penal colony.

The group has been charged with crimes including the illegal access of computer systems, fraud and hacking websites in order to deliver malware payloads to unwitting and innocent visitors.

Exploit kits were served to victims through these websites and malware was then used to compromise their systems and steal information including account and user credentials.

The cybercriminals were able to access and steal funds belonging to legal entities and business figures through compromised online banking accounts and fraudulent money transfers.

Prosecutors estimate the group made off with over 25 million rubles, which equates to roughly $376,000 dollars.

In related news, this month researchers discovered the implementation of a new zero-day Adobe Flash exploit in the Magnitude exploit kit, which targets Windows users for the purpose of installing rootkits on vulnerable systems. Since the arrest of Paunch, Magnitude has risen in popularity as a substitute.