US judge sentences duo for roles in running bulletproof hosting service

The hosting service was used to deploy malware payloads including Zeus and the Blackhole exploit kit.

A US judge has sentenced two Eastern European men for operating a bulletproof hosting service leveraged by cybercriminals to deploy malware.

On Wednesday, the US Department of Justice (DoJ) said that Pavel Stassi and Aleksandr Skorodumov, of Estonia and Lithuania, have now been jailed for 24 months and 48 months, respectively. 

The 30 and 33-year-old duo were accused of providing online hosting services that are known as bulletproof -- a popular option for cybercriminals who need a host that will turn a blind eye to criminal activity. 

Bulletproof hosting providers, often found on the Dark Web, may host malware, explicit abuse material, or e-commerce platforms offering illegal wares such as criminal hacking tools, drugs, and weaponry. 

In this case, the bulletproof host was used to store malware payloads including Zeus, SpyEye, Citadel, and the Blackhole exploit kit. 

The DoJ says that between 2009 and 2015, Stassi and Skorodumov, together with co-defendants Aleksandr Grichishkin and Andrei Skvortsov from Russia, rented servers and domains to threat actors. 

The infrastructure was used to host malware utilized in campaigns against financial institutions and other victims, leading to the theft and attempted theft of "millions of dollars" in the United States alone. In addition, the bulletproof host was also used in the creation of botnets. 

Skorodumov acted as a lead system administrator who also provided technical support to customers. Stassi was involved in general admin tasks, marketing, and would use either stolen or false information to register web hosts and to open financial accounts for the scheme. 

Grichishkin and Skvortsov were founding members and day-to-day managers. 

"The defendants also helped their clients evade detection by law enforcement and continue their crimes uninterrupted by monitoring sites used to blocklist technical infrastructure used for crime, moving "flagged" content to new infrastructure, and registering all such infrastructure under false or stolen identities," the DoJ says. 

All four suspects pleaded guilty to one count of Racketeer Influenced and Corrupt Organizations (RICO) conspiracy at the US District Court in the Eastern District of Michigan. Grichishkin and Skvortsov are awaiting their sentence, although they may face far higher penalties of up to 20 years behind bars each. 

"Over the course of many years, the defendants facilitated the transnational criminal activity of a vast network of cybercriminals throughout the world by providing them a safe haven to anonymize their criminal activity," commented Special Agent in Charge Timothy Waters of the FBI's Detroit Field Office. "Cybercriminals may believe they are beyond the reach of the FBI and our international partners, but today's proceeding proves that anyone who facilitates or profits from criminal cyber activity will be brought to justice."

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0