June 24, 2011

Russian authorities on Thursday arrested Pavel Vrublevsky, co-founder of ChronoPay, the country’s largest processor of online payments, for allegedly hiring a hacker to attack his company’s rivals.

An undated photo of Vrublevsky

Vrublevsky, 32, is probably best known as the co-owner of the Rx-Promotion rogue online pharmacy program. His company also consistently has been involved in credit card processing for — and in many cases setting up companies on behalf of — rogue anti-virus or “scareware” scams that use misleading PC security alerts in a bid to frighten people into purchasing worthless security software.

Russian state-run news organizations are reporting that Vrublevsky was arrested on June 23. Financial Times reporter Joe Menn writes that Vrublevsky was ordered held without bail and a hearing was set for a month’s time.

As I reported earlier this week, Vrublevsky fled the country after the arrest of a suspect who confessed that he was hired by Vrublevsky to launch a debilitating cyber attack against Assist, a top ChronoPay competitor. According to Russian news organizations, the ChronoPay executive wanted to sideline rival payment processing firms who were competing for a lucrative contract to process payments for Aeroflot, Russia’s largest airline. Sources close to the investigation said Vrublevsky was arrested at the Sheremetievo airport outside of Moscow as he returned from a trip to the Maldives.

The arrest comes just 24 hours after authorities seized computers and servers in the United States and seven other countries this week as part of an ongoing investigation of a hacking gang that stole $72 million via scareware scams


38 thoughts on “ChronoPay Co-Founder Arrested

  1. Gian

    I think that all this is just an operation to hide some other “fishes” that are in the ocean making their scam/phishing/illegal operation.

    I hope to be wrong as well I hope that all this kind of people will finish soon in jail.

    I have just a question for Brian: Many websites like Viagra Spam are SCAM or they really send you products?… and if yes, how they process credit cards? Which is the company who accept payments and how is possible that no one really is STILL able to stop them as well to stop all this immense network of fraud coming from Russia?

    1. qka

      Spam vs. Scam?

      What do you call it if they send you a product, but it is not as advertised? Little or no active ingredient, unsafe contaminants, etc.? Or the product might, just might, be as advertised, but you got it without seeing a doctor and it may be unsafe for you to take.

      Receiving and then taking some of these products might be worse than just having your money stolen.

  2. Susan

    Sorry; I asked in the wrong thread about Pavel.

    When did you show him fleeing and when did that other arrest happen? I want to check the timeline I have. Thanks!

  3. T.Anne

    It’s great to see action being taken. It will be more interesting to see if anything happens or if he essentially just gets a slap on the wrist. However, it does seem that overall – action is starting to be taken against online fraud… it’s still baby steps, but I think we’re headed in the right direction!

  4. Janitor

    Brian, is there any hard correlation between PV’s arrest and Trident Tribunal or you are stating it “just in case”?

    1. BrianKrebs Post author

      I am not aware of any connection between the Trident Tribunal thing and Vrublevsky’s arrest. As far as I know they are completely separate events. It’s just that he’s played a big part in that industry, so I thought it was worth mentioning since the two events happened so close together. Perhaps I will add a clarification on that. Thanks for your comment.

    1. BrianKrebs Post author

      Last time I checked Gusev’s blog was getting pretty constantly DDoSsed. That might explain why it’s unreachable.

      1. Janitor

        Gusev’s blog is back online BTW. With a brief entry on Engel’s avowal (June 24).

        Nothing on PV’s arrest so far.

        No user comments either. Quite weird considering a rather busy agenda these latter days.

  5. Gary

    Brian, are you going to miss his near-daily calls? 🙂

  6. dehaul

    It looks like Pavel Vrublevsky didn’t pay off the right guys, or some competitor paid more than he did to get rid of him. I have doubts that this news will affect the illicit money flowing through Russia.

  7. Mark

    It looks like we will not be seeing his constant barrage of self-aggrandizing comments on Russian events in LinkedIn for a while.

  8. Oper207

    Im laughing at his picture he better wipe that grin of his face.

    1. oper207

      By the way put make up on him, he looks like “JOEY THE CLOWN” and he was CAPTURED…. NO WAY OUT. A note to this you can run they will get ya . Got it ?

  9. george

    He, he, Pavel it seems it was defeated by the time difference between Maldives and Washington. Let me explain myself: I am addicted to Brian’s column and I’m reading it at least every other day. For a host of different motives (himself being often prominently featured) I’m sure Vrublevsky was also a frequent reader. If he was reading in time
    http://krebsonsecurity.com/2011/06/financial-mogul-linked-to-ddos-attacks/
    which was posted Thursday on 00:07, where is clearly said he is sought for by law enforcement (not to drink coffee together), he would have stayed in Maldives until the islets were covered by raising waters from global warming. But by the time the article was posted, was already high-noon in those parts of the worlds.
    Seriously, anyone can speculate what went wrong (for Pavel). Was he unaware of the arrest warrant ? (unlikely) Has he thought it is less serious ? Is it just a diversion ?

    1. Aleksey

      I think Redeye was very well aware about Engel’s arrest and confession. He was returning home to take care of things in the usual way he handles such problems – find the right people and pay them off. He just did not expect to be arrested right after arrival.

    2. AlphaCentauri

      It’s not like he’s wanted for murder or rape. I don’t know anything about Russian legal penalties for DDoSing business rivals, but given how much worse stuff goes on under the noses of the authorities without raising any eyebrows, I would assume that with a good lawyer, he might only have to pay restitution. He’s married with small children, and I doubt he and his family want to sever all ties with their family and country over a white collar crime indictment.

      1. not-a-sender

        AlphaCentauri, there is a big difference between a ddos and the ddos 🙂 Pavel DDoSed Aeorflot and Assist. Both companies have very powerful owners.

        1. AlphaCentauri

          True, but the question is what statutes he violated and what the maximum penalties are. Russian registrars seem to be under the impression there are no laws regarding internet abuse in Russia at all — I’m sure that’s not really true, but OTOH, they may not yet be designed well enough to take the economic impact of this type of “hooliganism” into account.

          In any case, it’s probably not a life sentence. Since he didn’t challenge the status of anyone in political power, he’s probably going to end up more like Martha Sterwart than Mikhail Khodorkovsky.

          1. not-a-sender

            AlphaCentauri, if Aeroflot owners consider Pavel as an enemy – any sentence might turn into capital punishment 🙂 It’s like stealing a pen from a mafia boss. It gets you in trouble disregarding how expensive the pen is and what laws say about it.

            1. AlphaCentauri

              But if those telephone recordings that were posted last year are legitimate, he also has highly-placed friends at Aeroflot who might be in legal trouble if he cooperated with security trading investigators. It could be complicated.

              1. Not-a-sender

                Highly-placed cannot compete with the one, who placed him there 🙂

  10. Janitor

    @george =)
    With all my profound respect for Brian, do you honestly think that Krebsonsecurity is Pavel’s only news source in regards to his own destiny?

    1. george

      @Janitor,

      Nope, everything I wrote above the line “Seriously, anyone can speculate..” was somewhat tong-in-cheek and hoping just to elicit some speculation from other posters, some of them more “in the know” than others. I’d say that responses from AlphaCentauri and especially Aleksey make a lot of sense and are likely reasons why Pavel decided to return, while the comments from “not-a-sender” might explain why events did not turn the way Pavel was expecting them to.

  11. Janitor

    @dehaul
    It is virtually impossible to pay all the”right guys” at the MVD’s numerous services, set aside the various FSB departments. Their name is legion.

    1. dehaul

      Interesting…

      I am not sure how the law enforcement works in Russia – but there always seems to be reports of corruption. Perhaps these are the only stories that are reported on in the English media.

      Thanks for the response!

      1. not-a-sender

        Russian law endorsement agencies are the biggest crime organizations in the country. But, as I’ve mentioned above, law means nothing here. Pavel attacked the bosses’ interests. It happens to be some law violation as well – but nobody really cares about laws.

        1. Janitor

          @not-a-sender

          Are you saying that current legal pusuits against PV have been masterminded or in other ways inspired by Aeroflot? Or are these some other bosses your are referring to?

          1. Lighthouse

            I do not think that Aeroflot would care too much about it. They were not harmed directly. He is probably referring to someone related to the banking business who got harmed through Pavels attack.

            1. Janitor

              Well-well, considerinng that it was impossible for the end-users to book tickets through Aeroflot’s site throughout the whole duration of Engel’s DDoS attacks, they can be considered as financially harmful in quite tangible terms to both – Aeroflot and Assist.

              1. Lighthouse

                Oh, I did not know that Engel ddosed the live production site. Then you are of course completely right.

              2. not-a-sender

                Janitor, do you really believe that people will not fly to where they were going to just because they cannot pay online? 🙂 Aeroflot owns many destinations in Russia – so customers don’t have such a big choice usually. Besides – Russians history of e-tickets is way shorter then US customers have.

                That’s not about losses. That’s not about banking system. That’s about castes. Aeroflot people just cannot afford to turn a blind eye on what Pavel did. After it went public – they had to destroy Pavel just to confirm their status. Think about it as about a herd of monkeys. What is supposed to happen if a low rank monkey tries to steal a banana from a high rank monkey? High rank monkey has to beat a crap out of the thief – disregarding the value of the banana itself.

        2. oper207

          Depends on what other agency has a bounty on him ?

  12. Oper207

    Lets put it this way of the heat is on to hang this clown out to dry well he is done . Monies not going to save him .

  13. Rod

    Pavel has been under our scrutiny for a long time. He even talked to us last year after he was hacked by the happy ninjas. His time has come as the time for all the other russian cybercrime offenders is running out. This year has more arrests and success stories than ever! LE has finally picked up the issue after almost 20 years of unhindered activities, it makes me feel pretty good, even though its not going to change much and the big sharks will keep on swimming. One day the political involvement of cybercrime will leak and the media will gawk and go “ahh” and “oohh”….and the criminals are almost all media whores, so look out for some hot stories:-)

  14. Jeff

    Well this guy ladies and Gentlemen is the guy who is a part time operator of allbestlinks.info and ipahere.com Russian Business Network gang, known to now use Blackhat SEO Xrumer tatics to advoid being both reported and taken offline, also making the sites look more “Scamless” than what it really is,

    just thought I give a heads up RBN is the one that is likely behind the TSDD/Storm/ZeuS rootkit creations, something the Russian economy and the Soviets wants us to loose our computers to, for the Cold War.

  15. Igor Entin

    I do not think Mr. Vrublevsky will suffer or do much jail time, since he is a connected at the highest levels of the Russian government. For example, here is a picture of Pavel Vrublevsky (on the right), co-founder of ChronoPay, the country’s largest processor of online payments (currently under arrest) with Russia’s Deputy Prime Minister of the Russian Federation, Sergei Borisovich Ivanov (on the left):

    http://f8.ifotki.info/org/56e50da471e51571d910b656c1f88b70c7309391348273.jpg

    Also, even if Mr. Vrublevsky never sees the light of day, too much money was made and to be made, so somebody else will pick up when Mr. Vrublevsky left off. Furthermore, the corrupt affiliate distribution channels are still there waiting until the payment processing problem is resolved, once that is corrected, it will be business as usual for the Fake AV and Rogue anti-spyware makers…..

    Remember, Mr. Vrublevsky was not arrested for processing payments for Fake AV makers. He was arrested for attacking his competitor with a DDoS attack to block the Aeroflot airline deal. The Russian authorities do care about the millions of victims in the US and the EU that were hijacked by these Fake AV makers and their army of affiliates, thus is only a matter of time before the new king of Fake AVs will rise.

    As long as money can be made, this will never stop, which is good news for the legit AV makers.

    спасибо всем!

Comments are closed.