10
Jul 13

Who’s Behind The Styx-Crypt Exploit Pack?

facebooktwittergoogle_plusredditpinterestlinkedinmail

Earlier this week I wrote about the Styx Pack, an extremely sophisticated and increasingly popular crimeware kit that is being sold to help miscreants booby-trap compromised Web sites with malware. Today, I’ll be following a trail of breadcrumbs that leads back to central Ukraine and to a trio of friends who appear to be responsible for marketing (if not also making) this crimeware-as-a-service.

styxlogoAs I noted in Monday’s story, what’s remarkable about Styx is that while most exploit kits are sold on private and semi-private underground forums, Styx has been marketed and sold via a regular Web site: styx-crypt[dot]com. The peddlers of this service took down their site just hours after my story ran, but versions of the site cached by archive.org hold some important clues about who’s responsible for selling this product.

At the bottom of the archived styx-crypt homepage, we can see two clickable banners for an account at virtual currency Webmoney to which potential customers of Styx will need to send money in order to purchase a license for the software. The Webmoney account #268711559579 belongs to a Webmoney Purse number Z268711559579. Follow that link and you’ll see that the registered username attached to that purse is “Ikar.” If we look closer we can see that Ikar’s Webmoney purse is connected to another purse at Webmoney account 317426476957, which is this purse belonging to a user named “Nazar.” (Update: July 11, 10:14 p.m.: Both Ikar and Nazar changed the names on their Webmoney accounts after this story ran. Thankfully, archive.org cached the old data. The links to the purses above have been changed accordingly.)

Both Ikar and Nazar are nicknames that were used in Styx sales threads on several underground forums, including damagelab[dot]org, secnull[dot]cc and antichat[dot]ru. In these threads, Ikar used the contact address “ikar@core.im“, while Nazar listed “nazar@hush.ai“. Both addresses are associated with forum accounts named “Ikar” and “Renzor” (for examples, see this cached, Google-Translated page from Renzor’s account on antichat.ru, and this cached page from secnull[dot]cc). Nazar’s address is linked to a “Max Lighter” profile on Facebook, but not much more information is available on that profile.

reality7solutions.com

reality7solutions.com

Ikar@core.im doesn’t appear to be connected to anything special, but Nazar’s address was used as the point-of-contact in registering two very interesting domains: reality7solutions.com and uptimer.biz. Looking at the familiar wormhole-like squiggly at the top of reality7solutions.com, I noticed it was very similar to the rotating icon (youtube.com video) used by the Styx pack.

Reality7solutions.com’s homepage lists an address in the United States for a company called EPAM Systems, which according to the business directory maintained by Hoovers  is a public company that specializes in IT outsourcing. Hoovers says the company provides “software development and other IT services to US and European customers primarily from development centers in Russia, Belarus, Hungary, Ukraine, Kazakhstan and Poland.”

The ICQ number listed on the homepage of reality7solutions.com belongs to a Website design professional from Khmelnitsky, Ukraine named Stanislav Shangin. If we look at Schangin’s personal page where he lists all of the Web sites he’s been hired to create, we can see he designed both styx-crypt[dot]com and reality7solutions.com, among dozens of other sites. Shangin did not respond to requests for comment.

uptimer.biz

uptimer.biz

I felt like I’d hit a dead end with Shangin, so I had a look at the other domain registered to nazar@hush.ai — uptimer.biz. This is a site designed to help companies monitor if and when their sites go offline for any reason. Its homepage features a clickable icon that takes you to Nazar’s aforementioned Webmoney account, Z317426476957. The site is registered to a Nazar Stodolya in Ukraine. A pair of job ads posted at free-lancer.net by a Nazar Stodolya using that same nazar@hush.ai address appear to have been seeking someone to help with the uptimer.biz site. But I suspect that Nazar Stodolya is just a pseudonym (taken from an old Soviet-era film by the same name).

Digging deeper on the contact page of uptimer.biz revealed an ICQ number – 102566867. According to the profile page for that ICQ address, the account belongs to a “Maxim,” a self-professed computer-addicted, xtreme programmer” who uses the nickname “FonMax,” and lists fonmax.km.ua as his homepage.

The “KM” in Km.ua is the subdomain used by the Khmelnitsky region of central Ukraine (where our developer friend Shangin is from). Fonmax.km.ua  is registered to a Maxim Gavryuk from Khmelnitksy. Max’s Livejournal blog, fonmax.livejournal.com, includes several photographs of him, and almost 100 blog posts spanning several years. Likewise, an account for “FonMax” at Russian developer forum ecomstation.ru lists a Maxim Gavryuk as its owner.

It turns out that Maxim and Stanislav Shangin (the designer of styx-crypt[dot]com) hang out socially and are friends; check out the following screen shot, from a post on Max’s LiveJournal blog from June 14, 2009 entitled, “Essay on How I Spent My Weekend, or Birthday Report.”

But what about Nazar? I didn’t see a user named “Nazar” on Maxim’s LiveJournal friends list, so I checked out Shangin’s friends. Sure enough, a LiveJournal account by the name “Nazar” was among Shangin’s 198 friends.

Nazar’s profile page doesn’t list his real name, but says he lives in Kiev, Ukraine and uses the email address anazarenko@yandex.ru, and the ICQ account 21205001. As it happens,  that same yandex email address was used to create a Facebook profile for one Alexander Nazarenko. Apparentlly, Nazar is also an experienced Web designer.

An image that appears at the top of blog posts about DDoS on both Max's blog and an Antichat forum ad by Renzor

An image that appears at the top of blog posts about DDoS on both Max’s blog and an Antichat forum ad by Renzor

Back to Maxim (Ikar?) for a second: One of Max’s LiveJournal posts (via Google Translate) is particularly interesting. In Aug. 2011, Max posted about the Livejournal.com domain getting knocked offline from a denial-of-service attack (recall that uptimer.biz — one of two sites registered to Shangin’s buddy Nazar is a service designed to let you know if your site is offline). The post begins with the picture of a large security guard who looks like a bouncer. At the end of that blog entry, Max suggests that perhaps Livejournal should consider hiring someone to protect them from distributed denial-of-service (DDoS) attacks, and he mentions one operation in particular: antiddos.biz. He even offers to provide invite codes for those who are interested in the service.

If you didn’t take a look at the Renzor/Ikar’s post at antichat.ru that I linked to above, look at it here. Notice that the post was published around the same time as Maxim’s 2011 post about the LiveJournal outage, and begins with the same photo of the beefy security guard. In it, the poster is advertising “Reality Guard,” a “bulletproof hosting” service designed to protect companies from denial-of-service attacks.

Tags: , , , , , , , , , , , , , , ,

64 comments

  1. Just a small notice: Nazar Stodolya originally is a literary character, from the same name play of famous Ukrainian poet Shevchenko.

    • against nuclear testing in the atmosphere

      oT собака . гаф , гаф .тузик местоoo.

      At present, 189 countries are States Parties to the Treaty on the Nonproliferation of Nuclear Weapons, more commonly known as the Nuclear Nonproliferation Treaty or NPT. These include the five Nuclear Weapons States (NWS) recognized by the NPT: the People’s Republic of China, France, Russian Federation, the UK, and the United States.

      Notable non-signatories to the NPT are Israel, Pakistan, and India (the latter two have since tested nuclear weapons, while Israel is considered by most to be an unacknowledged nuclear weapons state). North Korea was once a signatory but withdrew in January 2003. The legality of North Korea’s withdrawal is debatable but as of 9 October 2006, North Korea clearly possesses the capability to make a nuclear explosive device.

  2. Анальный каратель

    Браток, это не по понятиям.

    • Да ты кто такой по жизни браток, какой масти будешь? что тут решалово чинишь.

  3. It’s always going to be a battle to keep up with this type of criminal behavior, especially if it is run from countries that are less likely to do anything about it.

    The problem with this is that the world economy in the state it currently is in, many who would not practice this type of activity are turning to crime in order to go about their daily lives.

    These people are willing to risk it all for a chance at financial wealth at the cost of others. Its sort of like the scientific process at the casinos. The small amount of players that are able to come out of the casino with other people’s money, whether through legit winnings or by manipulation of the process, its a select few that are willing to risk it all.

    I read the daily Homeland Security briefing each day. I see A LOT of crooks caught, given sentences and such. The thing that boogles my brain is that in most instances, what is recovered is close to one-tenth of what was made. What does that mean? I think the people who get caught, may sit in a cell for say 3-5 years MAYBE, and then walk out as millionaires. The stolen money gains interest, and they are even richer.

    Brian, there are two interesting reads in the July 9th Homeland security report. One was three crooks tried using fake Credit cards at establishments and got caught. they had another 140+ in their possession to try. I wonder how many were created through this “new process” on another story in the DHS report;

    July 5, Softpedia – (International) New service allows fraudsters to instantly generate scans of fake documents. A researcher discovered a service on a Russian underweb market that allows cybercriminals to generate fake passports, ID cards, utility bills, and credit cards for use in fraudulent activities. Source: http://news.softpedia.com/news/New-Service-Allows-Fraudsters-to-Instantly-Generate-Scans-of-Fake-Documents-365941.shtml

    That may be old news to the users of the underworld, but its coming to the surface. It only makes sense that alot of these will be offered at low prices and while this world wide economic situation stays the same or worsens, the people who are desperate will typically take risks, and may plunge into this type of play.

    • I’d say it’s far more likely that, rather than sitting on 90% of the wealth they’ve stolen, they’ve actually spent 90% of that wealth. People who are barely breaking even who come into large sums of money have a very hard time not spending it just as fast as it comes in. Look at lottery winners for an example, most invest a tiny fraction of the wealth received and spend the rest, with many ending up bankrupt because what they saved isn’t enough to pay property taxes, registration, etc. for their new toys.

      • I didnt say they kept 90% of the cash for themselves. I said what was recovered may have been 10% of what was made by them.
        Whatever is left is allowed to grow interest IF it is put some where safe and untouchable.

        That means, the process in which it takes to bring these crooks down is slow and lethargic. Its not until they either have overwhelming pressure, or overwhelming evidence is something done about it.

        Lottery winner are a separate issue, at least that has some legitimacy to it.

  4. Анальный каратель

    Бро, не кукарекай про что не знаешь, мы немного сменим ось земли и ваша Америка уйдет под воду за считанные часы.

    • Who you calling Bro? You ain’t my brother – your MAY be a potential enemy in this topic.

      I for one do not stir up a hornet’s nest as many can come at once, but et me say this, If you are “one of them” it’s only a matter of time. If you are one of them, many sit back and collect illegal funds and continue to do so far beyond becoming rich.

      Why? I do not understand why people are so sour. You have a crappy life and want to make people pay for your misery?

      You have the same chances as all others in this world. If people hate where they are they can move. All it takes is a little motivation to do so. Motivation in a good way. Working for a living sucks, but I am sure – soon enough, you will no longer have to keep looking over your shoulder to see if the Feds are nearby.

      As criminal activity becomes bolder, the pressure on the government becomes too great and the door opens for the Feds to knock down doors. Once one door is down, others go down easier. I am sure Brian would appreciate a candid interview why the criminals have to push way beyond rich.

      • чё хипишуешь фраер,тебе браток дал расклад по понятиям,а ты тут кукарекаешь петушком драным.

      • Враг вы хотите врага вы получаете Yankee и кто является преступником я не бомбить другие страны, как янки! Мы получаем наше правосудие нашими средствами.

    • Нет, вы этого делать не буду. Вы позволите своему народу замерзнуть и умереть с оружием купить появляться так сильны, как Америку. И что вам будут угрожать гражданскому населению. Вы шпионить за политиками. Вы делаете свой военный марш под открытым небом. И ваша страна рухнет. И россияне поняли, что они только мечтали империи они никогда не будут иметь. И …

      О, это уже произошло. Это было время холодной войны. Ваша страна была огромной и мощной. Но ваша страна не может сохранить власть. Теперь вы слабы и, конечно, не удастся. Просто продолжайте нам угрожает онлайн, потому что нам нужно смеется.

      • Смеясь, ни вы те, получать смеялись над глупыми породы половине у власти заставляет вас теперь шутить

  5. Собираетесь ли вы, чтобы выйти и подтолкнуть на Северном полюсе?

  6. http://vk.com/id183470195 Nazar Stodolya

    Назар Стодоля
    ХНУ (бывш. ТИБО, ТУП)

    Родной город:
    Хмельницький

    Языки:
    Українська

    Скрыть подробную информацию
    Контактная информация
    Город:
    Хмельницкий

    Образование
    ВУЗ:
    ХНУ (бывш. ТИБО, ТУП)

    Форма обучения:
    Дневное отделение

    Школа:
    3 (НВО 5) ’01
    Хмельницький, 1990–2001 (в)

  7. Off Topic, but nonetheless very current:

    I’d ask Brian Krebs if he’d give his opinion of the idea that our Snowden “celebrity” isn’t really as smart as he thinks he is.

    I.E., keyboard acumen is not necessarily an indicator of broader intelligence.

    This is asked in the spirit that Brian Krebs is obviously well versed in the mind-set/mentality of these self-centered, smug, self righteous “leakers”.

    I see Snowden supporting himself for the rest of his traitorous life in exile by collaborating in this Ukrainian/Russian underground with the private support of Putin……endless possibilities here.

    There’s always so much more going on behind these back-room schemes. Onion skin layers of subversiveness.

    Thanks, Brian Krebs for your perseverance.

    • If his IRC chats (see arstechnica) are anything to go by he seems like a bit of an arrogant twit tbh :p …

      I’m still laughing about him calling Australia a bastion of freedom because we supposedly allow large scale cannabis farming (never happened).

      On a more serious note I don’t understand why he leaked the way he did. It seems remarkably naive to do this whilst making no attempt to hide his identity – at least to me.

  8. que violada tan berraca que les metio Krebs, felicitaciones por desenmascarar esa red de personas que son inteligentes pero que usan sus conocimientos para robar, si decidieran hacer algo bueno seguro se forraban mas de plata…

    a la espera que los cojan pronto, aunque con las leyes rusas lo dudo.

  9. The Utah Data Center/N.S.A./ Area 51/Room 641A/PRISM/Tempora

    Great article however Mr Krebs should have included a flowchart so that readers could follow the tracking better. It get’s a little confusing towards the middle , so I have to re-read the whole thing again and write down his online tracking of these two individual to better clarify the scope of the article.
    .

    Thanks for posting the site “achive.org”. Now that’s a real good online deep web search tool

    • This may be my favorite comment ever posted on this site. Also, I like flowcharts and support the use of them both sarcastically and for clarifying the scope of articles.

      • Yeah, I made a flowchart, if you want to call it that. But it was more of a mind map so that I could keep track of all the data and how it was related. And it wouldn’t help clarify anything :)

  10. Dragon Striker

    Yo, buttplug – not your “bro.” таким образом, вызвать его, придурок.

  11. I support the flowchart idea too! Plus Mr Krebs may be able to create a sort of super detailed mind map for related stories or maybe even a timeline which would show activities of common ne’er-do-wells. That would be interesting and useful, maybe a pattern can emerge that could help catch them?

  12. Can anyone summarize the contributions of our russian language friends? I assume they are congratulating Brian on another great article.

    • Not exactly. If you want to read what they have said I suggest using google translate to do so.

      • You should translate what I said to them. I made sure it would translate clearly.

        • No you didn’t. It is practically unreadable. Automatic translation engines are still low quality.

          • it’s unreadable but the whole meaning is pretty clear

            • The other guy was just trolling me. I tweaked it till it went through Google Translate and back without loosing context. So, yeah the meaning should be perfectly clear if they use that one.

  13. Search by ICQ goes here http://copi.ru/28375, and from there email nazar@zeos.net gets us here https://www.free-lance.ru/users/nazar/portfolio/.

    We can clearly see that Nazar is skilled web designer, but not a programmer – hardly ever he knows something about creating such sofisticated software as Styx.

    But Max in fonmax.livejournal.com writes about Erlang and other heavy-programming stuff. So here they are, 2 friends, programmer (and maybe author of Styx) and his friend.

    Probably Nazar helps Max to sell Styx and do some design word (Styx icon, etc.)

    P.S. Webmoney BL is a Business Level counter. One needs to sell a lot of e-stuff (sales volume more than a 500 000 – 1 mln. $) to get Max’s BL > 303, that’s cool level. Nazar has BL 112 – typical level for experienced web designer with 10 years of experience.

  14. гниль подзалупная

    Электронные вычислительные машины стали использоваться в расчетах по ядерному оружию с самого момента их появления. Огромный объем вычислений и их сложность с самого начала выдвигали требования по созданию все более мощных и совершенных вычислительных машин, что в конечном счете привело к появлению особого типа вычислительной техники под названием «суперкомпьютеры».Использование суперкомпьютеров для симуляции ядерных и термоядерных реакций, происходящих во время взрыва, позволяло экономить колоссальные средства и время. Например, при использовании суперкомпьютера CDC 6600 для разработки новой боеголовки США потребовалось провести только 23 полевых испытания, а при использовании CDC 7600 — уже только 6
    Браен мы против ядерных испытаний в атмосфере .

    • Your country is against nuclear testing in the atmosphere (as is ours), but nurtures and protects big time computer crooks? Just checking.

      • гниль подзалупная

        Speculations is a mother of all evil !

        try this first .

        Кажется, что пирожки, приготовленные бабушкой, самые вкусные, а вместе с тем, они еще очччень просты в приготовлении.
        Для теста: 50гр.дрожжей, 0.5л.теплой воды, 3-4 ст.ложки сахара, 6ст.ложек подсолнечного масла, мука.
        Растворить дрожжи сахаром, добавить немножко теплой воды-пусть заиграют, вылить в муку, добавить остальную воду, масло, замесить тесто-чтоб к рукам не прилипало. Дать подойти.
        Для начинки протушить капусту с лучком, тертой морковкой, посолить, поперчить, добавить немного томатной пасты или соуса.
        Слепить пирожки, дать постоять минуток 10, смазать взбитым яйцом, выпекать при 180 минут 20-25.
        Да, и пирожки долго не черствеют. приятного аппетита

        • Your rebuttal is a recipe for some odd kind of food?

        • I assume, every agency in the world is able to register who’s following the blog of Brian Krebs. You could find Krebs blog, you were able to read his article and react to it. So why do you want us to translate your russian message?

          To be able to find our IP-address when we are trying to translate the pre arranged message?

          • Ever hear of VPN ,SSH ,TOR , Socks and so on ? IP address meant nothing this days . anyway what you doing here , you know nothing about IT !?

            Браен умеет хорошо читать по русски .Оказывается среди амеров тож есть образованные люди и не все конченые пр*дурки вроде тебя , которые думают што на ИП адрессе весь интернет заканчивается .Учи мать часть бездарь.

            • I stand corrected.
              It didn’t come to me, somebody would use e.g. Tor to look up a text or to read this blog…

              And I am sorry that my knowledge of the Russian language is almost nihil.
              I have translated the Russian part of your answer to me. I understand that those Russian parts are ment for well educated people like mr. Krebs. Don’t correct me if I am wrong. It just proofs that I am really a ‘Durki’, whatever that means…

              I am also not a real IT

              • You welcome . Mind you , sometimes if helps if you think before you make an assumption /statement . And by the way ‘Durki’ — дурак means — fool, simpleton, idiot (stupid person with poor judgment) or a simple card game .

                • You use the same word for food, idiots and card games. THAT is idiotic.

                  • Fool, not food. And that is not stupid.

                    • stupid person with poor judgment

                      You never learn do u !? I all ready told you before , that sometimes it helps if you think before you make an assumption /statement .

                      P.s What a plonker . made my day . Food :)

  15. Good investigating Brian. I’m glad I stopped being an infamous black hat before you became a famous black hat hunter. ;)

    Unrelated note, I saw they were on ICQ and wondered. Many people googled same question. Mostly seemed dead. Until I noticed in this article…

    http://www.tomsguide.com/us/AOL-America-Online-ICQ-Mirabilis,news-6629.html

    …that Digital Sky Technologies bought them around 2010. DST, the company believed to be Russian mob or something close to it, owns the obsolete network many Eastern European and Russian crooks are using for their operations. Probably just a coincidence but an interesting connection anyway.

  16. is it just me or does these guys opSec really stink.

  17. @ bpo. В чужо́м глазу́ сори́нку заме́тно, а в своём — бревна́ не вида́ть. Вы́ше головы́ не пры́гнешь.
    Cybernetics in Russia, You’re eating yourselves.
    Berg: Kibernetiku-na sluzhbu kommunizmu 1961 . for those who speak English I don’t believe there is an translation of the paper.
    @ IA Eng. Russian and Ukrainian hackers don’t even realize they are helping the cartels and doing the work for free. Every time they gather information or break into something they are middle manned, even if they use their own servers. Even grandma can dig up fiber cables, no? They’ve done it to other hackers, too, who thought servers outside government intrusion/control are safe. Глаза́ боя́тся, а ру́ки де́лают.
    @Just_me- I recommend reading ‘Crime and Punishment’ (cliff notes if you like) it’ll give you a peak into the eastern bloc mind set.

    • “@ IA Eng. Russian and Ukrainian hackers don’t even realize they are helping the cartels and doing the work for free. Every time they gather information or break into something they are middle manned, even if they use their own servers. Even grandma can dig up fiber cables, no? They’ve done it to other hackers, too, who thought servers outside government intrusion/control are safe. Глаза́ боя́тся, а ру́ки де́лают. ”

      No amount of whining about making other people rich is going to make these operations legitimate or acceptible. It stinks to high heaven and people have that as an acceptible way of life.

      And that is justification to keep to doing what you are doing? Common, Its just like the 1930′s mafia movies in the USA. The Mob sends in the thugs and they businesses have to pay insurnace money or have the business suffer great loss. Its now almost 100 years later and other countries are still doing the same thing.

      The system to CLEAN this cesspool of evil activity is broke. And it will remain broke for a very long time until countries decide to clean it up. People blame “Amer” for things not related to the issues, when all they are is jealous. Only thing I see you can bitch about Amer for is that we will act on this, and force other countries to do same. The thoughts to hate others is like the band wagon…….. people hate things because the thought is passed around like a cheap bottle of vino.

      Every country (and about everyone in them) have issues. That does not mean to fall into the pit and become one of them. All these evil forums/people produce are things to try and see if the Feds can catch the activity. If the Feds do not, then the middle men use them until they are not too good anymore. Then they pass them onto others to make a profit. In the end some one gets stuck with the useless goods.

      I do not know it all. I have earned what I have and worked very hard to get where I am today. I am vigilant and try to do my best to keep what is mine. Others out there across the world seem not to care – but that does not make theft of any type the “right” thing to do.

      These people have opportunity to go to another country and make the most of it on the good side. Many of these people have talent and no doubt in the right place, can make legitimate cash. Instead they consider the condition they are in is the best it can be. That is the wrong way to think. You accept defeat.

      • @ IA Eng
        Regarding to the 1930 Mafia Mob Movies… Actually it’s just human behaviour.

        Governments do it all the time. If you do the same as a citizen then you are called a criminal. So a criminal is a citizen who is behaving like a government…

        But sometimes a government has to decide, pragmatically otherwise they loose their power, to insure the citizen some freedom. A healthy society is build on trust and peace. It’s also more productive and the members of the government can live in freedom and security as well.

        So some kind of privacy is granted to them to insure no member of their apparatus is able to use private information to set up a scheme to enrich itself.

        But when a government becomes in decline and is ‘robbing’ their own people for their own wellbeing, they are getting lots of enemies. To defence theirselfs they have to give up the privacy, granted in better times.

        That’s what is happening in this Era. It’s a wave motion. In a few years other people, irritated with the current behaviour of governments, will restore the privacy and by that secure the means of a healthy and productive society.

        BTW somebody who has done nothing wrong, isn’t scared about being attacked.

        • “@ IA Eng
          Regarding to the 1930 Mafia Mob Movies… Actually it’s just human behaviour. ”

          Looks like you just are willing to accept the ay of living. Its up to you. To me, the above post makes no sense whatsoever to what I was saying. I’ll stop there.

          • Hi IA Eng,

            I just wanted to draw the big picture. The reason why all you wrote is happening.

            I am somebody who likes to act as a good citizen. Because on the long run it’s the most profitable.
            But you have to respect the reasons why some people become ‘misaligned’.
            I don’t agree with the way they doing it. My blood also boils, like any mentally healthy human, when somebody did me wrong. But you always have to look futher. Why are they doing it? When you gain that knowledge you can either correct them so they will fit in or use their talents for your own plans ;-)

            That last method, that’s were you were writing about…

            It maybe didn’t make any sense to you but my intentions were good.
            My apologizes to you.

    • @Go Bro thanks, I already read it (in original:). and I agree with your point, this book deeply shows ‘eastern bloc mind’. this author is very ‘russian’ at all. but what about hackers I believe their ‘eastern’ minds are exaggerated a lot. they overdo with it – like in comments above

    • I call BS. There’s been enough investigation into and reporting on actual Eastern Bloc criminals to know that most are just opportunists doing it for the money. And those making decent money try often get into materialistic lifestyles too. That’s quite the opposite of the higher motives Dostoyevsky alluded to.

  18. Браен, просто не могу найти слов, чтобы выразить своё восхищение вами и всеми теми шедеврами, которые вы выкладываете на вашем сайте. Всегда боялась печь торты, а сейчас прочитала ваш рецепт и подумала, что просто обязана не купить, а испечь сама этот торт на НГ. Ваши такие детальные рецепты, чудесные фотографии просто призывают на кулинарные подвиги. Спасибо вам огромное и большого вам здоровья и благополучия в Новом Году!

  19. Сачков, фу бля, Rescator

    Кребс, жду ещё день и пишу блек. По онлайну я вижу что кеш ты снял, акк откуда лили жив, где мои бабки, сучара?

  20. в очередь сукины дети

    в очередь сукины дети .

  21. Hey Brian, you must’ve hit a nerve with some of your Russian-speaking fans/readers/”well-wishers”…

    My ears perked up when I came across the name of EPAM. We’ve dealt with them before, they did a pretty good job, but it’s not clear what their alleged connection to this whole thing is… Could you clarify?

  22. “I checked out Shangin’s friends. Sure enough, a LiveJournal account by the name “Nazar” was among Shangin’s 198 friends.”

    lol
    americans are so american
    i don’t see a reasonable connection between LJ username called Nazar and that Nazar with webmoney account. Since when cybercrooks use livejournal?

    what about others Shangin’s friends who didn’t put their names as a usernames? did you check em too? did you make sure they don’t have name Nazar.

    pufff. americans are so american

    • It doesn’t help that cybercriminals have shown themselves to be extremely poor at covering their tracks. They’re the ones leaving the breadcrumbs behind. Crying because someone finds your breadcrumbs doesn’t make them the bad guy, or stupid, or whatever ridiculous assertion you’re trying to make.

      • I bet breadcrumbs don’t taste very nice . But im glad that someone ( Brian Crebs A.K.A freedom fighter ) likes them .

        P.s someone have to clean the table after we had a feast .

        ыыыыы

  23. These guys must be either loosers or protected if it is so easy to track them. BTW also interesting to see that most Russia-related cybercriminals use ICQ – a messaging tool which is not only a security nightmare by desing but also run by ex-KGB folks with ties to the russian government. So the conclusion is that these guys are simply not affraid of being caught, and they are probably right.