August 30, 2011

Leaked online chats between the co-owners of the world’s largest pharmacy spam operation reveal the extent to which illicit organizations in Russia purchase political protection, and bribe public officials into initiating or stalling law enforcement investigations.

Last month, there was a leak of more than four years of chat logs seized by Russian police who had arrested and interrogated Dmitry Stupin, allegedly the co-owner of GlavMed and the now-defunct SpamIt, organizations that paid spammers millions of dollars each month to promote fly-by-night online pharmacies.

In the the Jan. 9, 2010 chat between Stupin and Igor Gusev, the alleged other owner of GlavMed and SpamIt, Gusev has just learned that he and his operation are under investigation by Russian authorities (Gusev would be formally charged with illegal business activities in October 2010, forcing the closure of SpamIt). Gusev says he may be able to purchase shelter from the charges by funneling money to key Russian politicians who have influence over investigators.

Specifically, Gusev suggests purchasing a sponsorship of the Volleyball Federation of Russia. The price tag for this is an official sponsorship fee of 10 million rubles (about $350,000 USD), plus $150,000 in cash. The official head of the federation, Nikolai Patrushev, is a powerful man in Russian law enforcement. Patrushev was director of the Russian FSB, the successor organization to the KGB, from 1999 to 2008; he has been secretary of the Security Council of Russia since 2008.

Sources say it is typical for Russian sport leagues and charities to be used as vehicles for funneling money into the pockets of policymakers. One example comes from a book by Lennart Dahlgren, former head of the Russian division of Swedish furniture maker IKEA. In Despite Absurdity: How I Conquered Russia While It Conquered Me, Dahlgren writes of having to pay bribes of 30 million Rubles ($1 million USD) to Russian charities that helped funnel money to bureaucrats and top officials.

In this chat, translated from Russian into English, Gusev mentions that a close friend of his family is a director general of the Volleyball Federation;

Gusev: We have big problems. Register fake mailbox somewhere. I will send you something very important.

Gusev: Let’s move Jabber to a new server and encrypt it. We’ll have a trusted communication channel. Everything is very bad ๐Ÿ™

Gusev: asdas12334@mail.ru / mgadjadtwa2009. check the e-mail.

Gusev: Are you reading?

Stupin: Yes. Do not know what to say.

Gusev: There is nothing to say. We have only two ways: find someone from law enforcement, pay up and be under protection [or] be placed in jail for 7-9 years and do self-analysis. I have one more way out, but I could not decide regarding it in December, because it was very expensive. It is about 10 million rubles officially and 150K under the table.

Gusev: Red [ChronoPay CEO and former business partner Pavel Vrublevsky] is such an asshole. Leaked information about the whole scheme in hopes to get me arrested. Now, everyone is under investigation. Does your brother have any connection “high above”?

Stupin: No.

Gusev: I asked “just in case”. I will try to get sponsorship of Volleyball Federation (Patrushev is its president). Maybe it’s a good idea for you to go somewhere, to Turkey, for example, until we know if we are going to be either squashed or milked. One good thing: nobody has asked about you yet.

Stupin: No, thank you. Who told you about volleyball? It is a public organization, its financial books are open.

Gusev: Close family friend – general director of that association. He helped Russian Standard [popular brand of Russian Vodka] when they were getting squashed.

Stupin: Maybe we’ll give him this money? Federation has open books, if someone wants to take money from it — it is going to be noticed.

Gusev: What am I going to tell Andrei about prosecutors’ office? I do not want to scare him, but he has to be in the loop. Maybe we’ll suggest him to go to Turkey again?

Stupin: Do you think we need to notify him now? Let’s wait, if they summon you – then we’ll tell him, but not now.

Gusev: What if they do not summon me, but will come directly and interrogate me and confiscate the servers?

Stupin: Yes he is waiting for it for several months already.

Gusev: Ok, let’s not do it now. Let’s move Jabber to another domain.

Stupin: Yes, get rid of “despmedia”,ย  close domains, liquidate the firm, and finally make the founder (of the company) from somewhere abroad. Changing location will not give us anything.

Gusev: I removed everyone from the firm, I am alone there. Liquidation is in progress. The office is leased by a company, which I have no relationship with.

Stupin: Very well. I will tell Andrei to get new IPs and domains.

Gusev: Okay.

Stupin: (to andy@im.despmedia.com): Despmedia.com, where is it physically?

Andy: Server is in Russia, but there are several proxies there.

Stupin: Can you let me know what’s going on there?ย  Let me read the message trail. I need to know where the leak of information is. Red, when he wanted to fight with everyone, told our Law Enforcement about the whole idea of on-line pharmacy.ย  Now they are looking who to milk.

Andy: We do not keep Jabber logs. Chat is encrypted, it’s impossible to connect to server without chat client configured with SSL.

Stupin (to Gusev): I had to tell him something… Came out OK, I think.

Gusev: OK.ย  I will use the same story.

Stupin: But it’s the truth.

Gusev: Yes, but omitting the details.

Gusev: Let’s talk less regarding work and money over the phone. Only if it is urgent. I ordered two payments from Despmedia [the legal entity that owns GlavMed and other businesses tied to Gusev]. This is to Volleyball association/FSB. In the morning, please, make sure that money got transferred.

Russian Vice Premier Sergei Ivanov (left) and ChronoPay co-founder Pavel Vrublevsky at a Russian Basketball League game, April 2011.

In May 2011, Gusev told me that he was a paid sponsor of the Russian Volleyball League, hoping to persuade someone to stop the criminal case against him. Gusev is convinced, and other leaked documents confirm his suspicions, that law enforcement interest in his activities was paid for by his former business partner turned competitor Pavel Vrublevsky.

In late 2010, Vrublevsky secured a sponsorship of the Russian Basketball League for his employer, ChronoPay, until recently Russia’s largest processor of online payments. The basketball league is headed by Sergei Ivanov, a former KGB officer who was tapped by Russian President Vladimir Putin as deputy prime minister of Russia.

“All that I wanted was to speak with someone from FSB [who] was making this [case] for Pavel, and to persuade them to stop all this conflict before it’s too late,” Gusev said. “Unfortunately, this didn’t help me very much.”

It apparently didn’t help Vrublevsky much either: the former ChronoPay executive and reputed co-owner of the illicit Rx-Promotion rogue Internet pharmacy program now sits in a Moscow prison, awaiting trial on charges of hiring a hacker to launch Internet attacks against his company’s competitors.


49 thoughts on “Pharma Wars: Purchasing Protection

  1. notimportant

    do you ever get attacked(not physically of course) for doing these investigations? like do they dox you or try to take over you accounts or basically anything to harm you?

    1. BrianKrebs Post author

      Hrm. Well, I’ve had worms and botnet C&Cs named after me (e.g., F***BRIANKREBS). More recently, a thread on a carder forum the members discussed flooding my PayPal donations inbox with fraudulent donations, and sending carded merchandise to my house.

    2. MZ

      There’s no danger in publishing these logs. They were openly available for anyone to download until the hoster took the archive down. Pretty much anybody who is closely following the conflict and speaks Russian has got a a copy by now.

      1. George

        Yes, they may have been available to anyone, but not everyone “publishes” them as Brian does.

  2. notimportant

    that sucks.
    i have always wondered about internet crimes. thanks for blogging about it. keep it us and stay safe.

    1. JCitizen

      He get a lot of what are probably empty threats from someone here on this site all the time. I know because they get to my inbox before he has a chance to delete them.

      The names change, of course. They are fooling themselves if they think they will never be found out.

  3. JS

    I once warned a former employee that the cost of off shoring doesn’t always appear on the spreadsheets.

    I pointed her to published studies; my favorite being
    http://www.transparency.org/policy_research/surveys_indices/cpi

    In explaining to her that the cost of doing “business” outside USA or Western Europe is not transparent and outsourcing programmers, IT support, etc is not exactly straight forward nor highly secure for her needs.

    USA was not immune, its just happens in different ways and she knew that game well and that was just part of the background of business she knew.

    Legit international business can be tainted by such guys as Krebs has uncovered. Often they control secondary business services, collect rents, tariffs and control other “protection” your business or service will need in a foreign land. Trash, secured shipping/receiving, sewage, trusted banking & funds collection, office supplies, etc… things most businesses in the West take for granted.

    Its actually refreshing that most people outside US know this happens. The USA, to its detriment, is just deluded by thinking that money and power isn’t how rights and justice “happens/not happens” in many countries.

    The US has to learn that in business, as well as human rights; its ways of punishment and control of crime simply don’t work outside its boarders.

    What use are all the fiscal and corporate responsibility activities and legislation when audits and culpability can not be enforced by International rule of law because money talks. They don’t teach the MBAs and accountants that in US schools; these then go on to only offer tantalizing spreadsheets showing profit to off shoring.

    1. JCitizen

      Just because it may be reality doesn’t mean we shouldn’t struggle to improve the lot in this world.

  4. SpamIsLame

    > Andy: We do not keep Jabber logs. Chat is encrypted, itโ€™s
    > impossible to connect to server without chat client
    > configured with SSL.

    Forgive me but: el. oh. elll.

    Great reporting, Mr. Krebs.

    SiL

  5. Wladimir Palant

    Thank you Brian, great reading! I particularly like how this uncovers the corruption scheme used by Russian higher-ups.

  6. nobody

    Hi, Brian. I think you are much deeper in this stuff than I, the reason why Pavel sits in jail now is only his conflict with Igor, or guys from FSB want to milk Pavel, Igor and maybe other people related to online biz in Russia?

    1. Aleksey

      Not sure what Brian thinks on this matter, but I have been following the public side of this and my opinion – conflict with Gusev is the only reason why Vrublevsky is in jail, but this doesn’t mean that FSB guys don’t want to milk illegal online pharma biz ๐Ÿ™‚ These guys are great at milking anything and everything given the opportunity. Real experts!

  7. KFritz

    A guess. These are not Russia’s brightest, most discreet, or most savvy criminals. They’re being punished, in part, for stupidity like having this conversation online, instead of over vodka, coffee, whatever in a crowded establishment. Russian cybercrooks who obey the unwritten rules, and don’t draw attention to themselves are doing quite well.

    Peter Gutmann’s paper is several years old now. Is it still relevant?

    http://www.cs.auckland.ac.nz/~pgut001/pubs/malware_biz.pdf

  8. Matt

    Here in the USA, people DO know it goes on. We have a different name for it though, it’s called “Lobbying”. Bribery is illegal, Lobbying is not but they both give lots of money to politicians in exchange for favors.

    1. JCitizen

      True;
      But we can form our own consumer interest, etc. groups to lobby congress too. We can be more powerful that the corporations if we want to, but the best policy is to get involved as a free citizen with the political process. It is dirty business, but someone has to do it.

      Throwing the bums out could be the best vote yet.

      1. TheGeezer

        Sounds good theoretically, however, it requires an informed public which requires at least:
        1. A strong media
        Our media is week. They are so afraid of appearing biased that as Paul Krugman says:
        “I joked long ago, that if one party declared that the earth was flat, the headlines would read ‘Views Differ on Shape of Planet.'”
        2. Free speech
        Our speech may be free in a legal sense but not in a financial one. It is very expensive, especially political ads on major networks.
        And as long as speech is more accessible to people with money, the views of the “informed public” will be skewed toward the views
        of those with money and power.

      1. JCitizen

        Sorry Linuxonian;

        I don’t consider my joining a consumer lobby group to be corruption. I agree that the public should look at lobby influence in Washington and decide what part of it is corruption; and it would probably be an easy decision; but anything we-the-people organize I call public responsibility – not corruption.

    2. Aleksey

      I agree that we can draw parallels between lobbying in the US and certain corrupt practices in Russia. But in this case the arrangements discussed by the criminals have nothing to do with what we know as lobbying.
      You cannot “lobby” a police department or an AG office into opening an investigation, let alone arresting and detaining your competitors or enemies. Keep in mind that in this case the actual guilt of either Gusev or Vrublevsky is irrelevant to their prosecution. They would have had the same serious problems with the law had they been innocent. It would have cost them more probably, because more forgery would be required, but the driver for the prosecution is money and nothing else.

    3. kate

      I agree Matt, which is why I don’t personally have a lot of faith in US democracy. As someone working inside an Australian government, I am aware that Australia is not prefect, but even 20,000km away I can say clearly that the US has big problems.

      1. JCitizen

        @kate:
        A true democracy is always going to be messy. I have faith in the US system despite its foibles.

        @Aleksey:
        Perhaps you can’t lobby a police department, but in many states in the US, you can hire a lawyer to prosecute a crime that the District Attorney otherwise refuses to(perhaps because of corruption or undue influence).
        Attorneys are always game to make a name for themselves and take cases such as these pro bono, as they can build a reputation this way.

        1. Aleksey

          JCitizen, it’s true but the key here is that the police departments or AG’s in the US can only prosecute allegedly guilty parties. In the case of bought criminal prosecution in Russia the guilt of the targeted party is irrelevant. It may be a factor in the pricing, but even if the target is totally innocent, he/she will see the wrath of law enforcement if enough money is paid. It is the very sad truth of the current affairs in Russia today.

  9. Joel Harding

    Great job, Brian! Once again you’ve properly exposed the seedy underside of internet crime… Keep up the great work!

  10. Rick Zeman

    Leaked online chats between the co-owners of the worldโ€™s largest pharmacy spam operation reveal the extent to which illicit organizations in Russia purchase political protection, and bribe public officials into initiating or stalling law enforcement investigations. Shouldn’t that read “…into NOT initiating…” Brian?

    1. BrianKrebs Post author

      No. Both sides in this war paid law enforcement and/or politicians to initiate legal proceedings against the other. More on that in another post.

    2. EdJ

      Rick: There have been investigations that apparently were instigated by one pharma operator in hopes of harming a competitor. Suggest that you read some of Brian’s earlier blog posts on spam wars instead of proofreading this one.

      See, e.g.: http://krebsonsecurity.com/2011/02/pharma-wars/

      1. Rick Zeman

        Gee, thanks for the snarky comment, Ed. I have read Brian’s posts (going back to the early Post days, not that that gives me any more credibility) and there’s a VAST difference between allegations between competitors (see “believes…” in http://krebsonsecurity.com/2011/02/russian-cops-crash-pill-pusher-party/), and “claimed…” in your link, and a statement of fact, which Brian’s above statement is. You even used “apparently” in your post.
        Words have exact meanings. You may call it proofreading; I call it precision.

  11. Mark Giles

    Brian Krebs ranks up there with Nixon’s nemeses, Bob Woodward and Carl Bernstein. As an in-depth journalist he puts the media hacks to shame.

  12. brucerealtor

    So our folks simply don’t do this kind of stuff, or they are smart enough not to use the internet for that purpose?

    That having been said, MOST judges in the USA are not available for bribes and at least one former candidate for the US Supreme Court [whose use of marijuana at Harvard Law School nixed his candidacy] even joked with a Defendant who appeared before him in the US District Court for DC in a criminal case that the ‘extra money’ the Defendant allegedly gave his attorney, ‘was never received’ by the judge. All attorneys present in the courtroom laughed at the judge’s response.

  13. Mac

    > Russian Standard [popular brand of Russian Vodka]
    Brian it’s not only popular brand of Russian Vodka, also this popular russian bank. http://rsb.ru

  14. george

    Thank you Brian,
    I hope the protectors of those criminals (and recipients of their bribes) are losing some sleep wondering whom you will expose next.
    I would love to know more about how those logs become available. Allegedly they leaked from Stupin’s Mac when he was arrested, but was he so naive/feeling invincible to keep years of highly incriminating chat logs (unencrypted? and locally on his laptop) when he was well aware the heat was on ? He seems quite articulate above and a trusted adviser of Gusev. Maybe he collected and gave them in exchange for a lighter treatment ? Secondly, you gave us photos with Pavel, Dmitry and even Cosma. I’m looking forward for one with Igor, Google Images didn’t delivered anything.

  15. BadGuy

    How much Gusev pays you for this articles?
    You always show only one side.

  16. BadGuy

    Ask you friend Gusev how he make a criminal case agains Pavel. How much he pays for this.
    How he works with FSB and betray people from old SpamDot.

    1. oper207

      It sounds like all the misfits are all turning on them selves . And the heat is on past the boiling point of no return . Brian your doing GREAT work bro . ๐Ÿ™‚

  17. DK

    I’m confused. Are we supposed to feel bad for Vrublevsky? You know, the guy who was one of the world’s biggest spam kingpins? Because I missed the part where he WASN’T a scumbag, and DIDN’T deserve to go to prison.

    1. Brian Krebs

      DK — It is for you to decide how to feel about Mr. Vrublevsky. I think you would be hard-pressed to make the case that I have been easy on him or given him a free pass.

      http://krebsonsecurity.com/?s=pavel+vrublevsky&x=0&y=0

      In any case, you may be interested to read a few of the upcoming posts on this topic. But some of the best stuff I will probably save for a longer form publication. Stay tuned!

      1. BadGuy

        Mr. Krebs Likes to write how Bad Guy Vrublevsky hurts his friend Gusev. Can think Gusev is a Good Guy.
        And Mr. Krebs doesn’t understand what really happen.

        1. `()'

          do they have internet connection in russian prison? .. just a thought.

          1. Aleksey

            Depends on the prison. There’s plenty of blogs and other communications coming out of lighter-security prisons in Russia, but Lefortovo, the current residence of Pasha “RedEye” Vrublevsky, is way more tight and there’s likely no chance of internet connectivity for inmates there. It’s a shame though, because it would be very interesting to hear his opinions on the latest developments in the Pharma Wars.

          2. oper207

            YEP , MORSE CODE WITH A TIN CAN . OR TWO TIN CANS ATTACHED TOGETHER WITH A STRING SO THEY CAN TALKED TO EACH OTHER . OR BETTER YET PAYS AS YOU GO WIRELESS INTERNET IN WHICH THE TOWER TO FAR AWAY . LOL I had to post it Brian . Best yet how about a pigeon with a note attached to it , homing so it flies to the NSA and other AGENCY’S .

  18. jeremy

    “be placed in jail for 7-9 years and do self-analysis”
    i just find this statement laugh out loud funny, these guys seem to have a sick sense of humour, based on the chats you have been posting

    1. Siberian.

      jeremy, there is a better expression: “They’ll send us to Siberia. To clean up snow. All of it. ”
      It’s in another part of logs.

    2. George

      “self analysis” is a leftover term from the Communist days when the “enemies of the people” were made to confess their “sins”, usually in the front of a meeting (all the co-workers, etc.).

  19. BadGuy

    And Mr. Krebs like to block my comments.
    Noubody pays for investigation of Gusev.
    If Gusev have something inside his head, he can simply hire a good lawyer. Close this case, maybe get suspended sentence. And will be clean.
    But Mr. Gusev decided to pay everybody (you see a bug minus on balance in logs).
    And for FSB such “money-bag” (Gusev) is a joy for their pockets.
    Of course Guys in FSB will tell a lot of tales to Gusev about bad Vrublevsky and how much he pays for investigation.
    Gusev needs an enemy. FSB needs a money. And everybody are happy.
    Do you think in this war your friend Gusev wins?
    No. FSB have won. Now they have both.
    Gusev will pay them all his life. And will never understand what really happen.
    And he will report about other guys with which he worked before.
    Like Docent, Bird and so on.
    Other you can think yourself and find this in logs.

    1. Neej

      Thank you for your contribution however I’m afraid your credibility is very low compared to Brian’s so I don’t know how much good it will do.

      You appear to be quite obviously one-sided in the tone of your comments and also using the pseudonym “BadGuy” causes me, if not others, to infer that you are somehow involved in some of the events described or at the very least are involved in some form of questionable activity related to computer crime in some way.

      All round a rather clumsy attempt at pushing whatever axe you have to grind here. ๐Ÿ˜‰

      Maybe I’m completely wrong but I’m just telling you straight what it looks like friend.

      1. BadGuy

        Brian wants to show wrong things. Maybe he don’t understand this things himself.
        Mr. Gusev had a merchant on his name in Russian bank (on his company).
        He has a millions dollars flow through this merchant and he forget to pay taxes.
        Mr. Gusev has problems in his head. He wanted to protect from who?
        Do you really think Mr. Vrublevsky payed police for investigation?
        Of course – no.
        But Mr. Gusev likes to pay for protection of his back :-). It is a his idea.

        1. Aleksey

          You can tell this BS to people who don’t understand Russian affairs. For anyone who knows how things are done in Russia the notion that someone in MVD suddenly had a spark of consciousness and opened investigation against Gusev just because he was an online criminal is absurd. The same goes for the FSB case against Vrublevsky.

          The criminal investigations of Gusev and later Vrublevsky are a very typical case of business/personal fight conducted through corrupt law enforcement. This is an extremely popular technique in Russia and there are countless examples of it. It is popular because it’s effective (Pasha@Lefortovo can speak to its effectiveness) and one can always find corrupt law enforcement official in Russia who is eager to do it.

  20. AlphaCentauri

    Nobody is saying that Pavel, Igor, Dmitry, Andy or any of the others here are “good guys.”

    But what a colossal waste of talent for them to have created an empire of fraud ready to be seized by law enforcement at any time. These guys should have been creating legit jobs in Russia, instead of justifying their illegal activities by the lack of good tech jobs for Russian programmers.

    Were they stupid to believe that paying off officials would continue to allow them to operate so openly? Sure. It’s obvious to everyone else that Russian internet fraud is holding back the development of legitimate Russian businesses. The axe was going to fall someday.

    But in this case, where the potential punishment is both extremely harsh and capriciously applied, it seems its only purpose is to “milk” those who do not wish to be “crushed,” to use their terms.

Comments are closed.