August 2, 2013

Pavel Vrublevsky, the owner of Russian payments firm ChronoPay and the subject of an upcoming book by this author, was sentenced to two-and-half years in a Russian penal colony this week after being found guilty of hiring botmasters to attack a rival payment processing firm.

ChronoPay founder and owner Pavel Vrublevsky, in handcuffs, at his sentencing.

ChronoPay founder and owner Pavel Vrublevsky, in handcuffs, at his sentencing. Source: Novayagazeta.ru

Vrublevsky was accused of hiring Igor and Dmitri Artimovich in 2010 to use their Festi spam botnet to attack Assist, a competing payments firm. Prosecutors allege that the resulting outage at Assist prevented Russian airline Aeroflot from selling tickets for several days, costing the company millions of dollars.

According to Russian prosecutors, Vrublevsky directed ChronoPay’s chief security officer Maxim Permyakov to pay $20,000 and hire the Artimovich brothers to launch the attacks. The Artimovich brothers also were found guilty and sentenced to 2.5 years. Permyakov received a slightly lighter sentence of two years after reportedly assisting investigators in the case.

Earlier this year, I signed a deal with Sourcebooks Inc. to publish several years worth of research on the business of spam, fake antivirus and rogue Internet pharmacies, shadow economies and that were aided immensely by ChronoPay and — according to my research — by Vrublevsky himself.

Vrublevsky co-founded ChronoPay in 2003 along with Igor Gusev, another Russian businessman who is facing criminal charges in Russia. Those charges stem from Gusev’s alleged leadership role at GlavMed and SpamIt, sister programs that until recently were the world’s largest rogue online pharmacy affiliate networks. Huge volumes of internal documents leaked from ChronoPay in 2010 indicate Vrublevsky ran a competing rogue Internet pharmacy — Rx-Promotion — although Vrublevsky publicly denies this.

My previous reporting also highlights Vrublevsky’s and ChronoPay’s role in nurturing the market for fake antivirus or scareware products. One such story, published just days before Vrublevsky’s initial arrest, showed how ChronoPay executives set up the domains and payment systems for MacDefender, a scareware scam that targeted millions of Mac users.

For more background on Vrublevsky and his case, check out these two stories from the Russian publication Novya Gazeta. This entry is the latest in my Pharma Wars series, which documents the rise and fall of the pharmacy spam business and how a simmering grudge match between Gusev and Vrublevsky ultimately brought down their respective businesses.

It might be tempting to conclude from Vrublevsky’s sentencing that perhaps the Russian government is starting to crack down on cybercriminal behavior in its own backyard. But all the evidence I’ve seen suggests this is merely the logical outcome of bribes paid by Gusev to some of Russia’s most powerful, payments that were meant to secure the opening of a criminal case against Vrublevsky. In Paying for Prosecution and The Price of (in)Justice, I highlight chat logs leaked from Gusev’s operations that show him making preparations to pay more than $1.5 million to Russian politicians and law enforcement to obtain a criminal prosecution of Vrublevsky.


43 thoughts on “Pavel Vrublevsky Sentenced to 2.5 Years

  1. Hayton

    The (translated) report in novayagazeta.ru says that Vrublevsky was sentenced for “illegal access to computer information”, not for the DDoS attack on Aeroflot. It also says he intends to appeal.

    The report is at http://www.novayagazeta.ru/society/59331.html and I have relied on Google Translate, which struggles with Russian. Can someone confirm that this is a reasonably correct translation?

    There is also speculation in the article that the FSB attempted to recruit Vrublevsky but (and here the translation is defective) either he refused or the arrangement went sour. What does the Russian text actually say about this?

    If Igor Gusev laid out a large amount in bribes to secure this conviction it will be most interesting to see how his own trial progresses, and what sentence he receives.

    1. peter

      Brian has not claimed that Aeroflot were DDos’d. It was the payment processor that was Dd’os’d and as Aerof;ot used this processor they could not sell tickets effectively.

      1. Hayton

        @Peter : Yes, of course, you’re quite right. The DDoS attack was against Assist, not against Aeroflot. But still, the judge made it clear that the sentence was not for involvement in the denial of service. Much of the trial was taken up with argument and counter-argument concerning the actual amount of financial loss incurred by Aeroflot as a result, and by shelving the issue the judge seems to have chosen not to believe either side completely. At least, that’s my impression.

        1. SeymourB

          Well, it could be that… or it could be that Aeroflot refused to pay him for a favorable verdict.

    2. ReaderX

      Hayton,
      1. The report does state that DDoS attacks are the subject of the prosecution and sentencing, but since they apparently do not have corresponding “law codes” for this particular type of offense, they simply used whatever fits best. So, this part is just a formality in my opinion and this does not change the matter.
      2. Regarding “FSB attempted to recruit Vrublevsky”, the article’s author first stated that (s)he proposed this possibility earlier (aka speculation), but then (s)he quotes one of the FSP persons, who apparently testified at this hearing, saying that ” Vrublevsky is a talented individual, who would have been of interest to us (FSP), due to his connections”. Author believes that such testimony is the direct proof of such “recruitment” attempt. It does not follow from this article if Vrublevsky “refused or the arrangement went sour”, however it seems to be the article author’s belief that Vrublevsky refused to cooperate and that this is why he will be doing time now.
      3. Article does NOT state if there is an official statement about appeal, but it does looks like Vrublevsky’s lawyer has a big list of arguments against both, presented facts and how the hearing was conducted.

      Hope this helps.

    3. Ka

      Тушинский районный суд Москвы признал владельца процессинговой компании Chronopay Павла Врублевского организатором DDoS-атаки, блокировавшей интернет-продажу билетов «Аэрофлота».

      — yep. he was sentenced for DDOS.

  2. Hayton

    Brian, two minor points about the article –

    – The first of the two links to novayagazeta.ru (“these two stories”) will take you to the paper’s current front page. If you then enter “Chronopay” in the search box it brings up a list of relevant stories, but you may need to translate the page from Russian first.

    – The attribution of the photo you’ve used should probably be to ‘RIA “Novosti”‘ (that’s how it appears in the novayagazeta article).

      1. Chris Hansen

        Speaking as an American citizen here, it’d be nice if you put some of your investigative journalism skills towards the government instead of some random ruskie criminals. The money differences are extreme and you should really evaluate your trust/friendships w/ people in the FBI.

        I understand you have friendly relations w/ state actors, mine are the opposite.

        Regardless your putting your life on the line doing real investigative journalism which is so rare these days you are very unique so I can’t commend you enough in that regard.

        1. voksalna

          I’ve said this to him before both in the forum and in email. I do not believe it will happen. On bright side, in 2013 there is no such thing as lack of bias in journalism. At least we can see his clearly? :/

          1. Chris Hansen

            Yeah, he never really addresses the mass surveillance and hacking happening stateside and the near total legal freedom some of these agents have in their ops; makes crime very easy. Oh well, I assume the worst and then it gets worse than I assumed.

        2. saucymugwump

          “it’d be nice if you put some of your investigative journalism skills towards the government instead of some random ruskie criminals”

          What’s the problem with the government cracking down on Russian/Chinese cyber-criminals, American spammers and pedophiles, and Muslims who want to kill anyone who “insults Islam”?

          “The money differences are extreme”

          Investigative journalists who report on the government generally either work for a major newspaper or a partisan publication. CBS News’ Sharyl Attkisson was hammered for her reports on Benghazi both by liberals angry she insulted the Great Obama and teabaggers who thought she was part and parcel of the cover-up conspiracy.

          “I understand you have friendly relations w/ state actors, mine are the opposite.”

          That should tell you something.

          1. Chris Hansen

            I never said that it was wrong, simply that he is focusing on the wrong criminal and malicious elements. Surely since he’s so curious he must’ve snuck a peek into some of his associate’s activities. FBI agents are some of the most disgusting people on the planet.

            1. voksalna

              I tend to think of it as a slope for both sides. On the one hand, both criminal and investigator become desensitised, on other hand they seek out challenge to break that numbness. Investigators want there to be far more “super villains” than could possibly exist. Just as whitehats want there to be more complicated malware to investigate or more interesting sniffers to decode, and these cyberwar people want cyberwar to be real. It is game theory. There are only so many “really really bad guys” so investigators need to play things up to make an (increasingly numbed) public be ‘impressed’. A criminal, on the other hand, may wish to make more money, or do something more clever, but ultimately only has to be passable. So there is not enough novelty to keep brain cycles of FBI guys and NSA guys and 100,000s of security company guys (counting private, public, military) satisfied.

              Freedom is taken away with expedience and by parts. Punishment and ‘talking up’ works in same way. This is not to say there are not some Very Bad People in the world. But chances are the really Very Bad People are also good enough to be rich enough and smart enough to be very difficult to prosecute. Chances are they probably also have relationships with the levels of people above the people doing the prosecuting. And there aren’t even very many of THEM.

              We are at point where creating enemies is the only way to have the enemies we need to keep the money coming in. And nowhere is this more true than in the ‘5 Eyes’.

              1. CooloutAC

                sort of like anti american foreigners “playing up” the propaganda on how evil the USA and the NSA is right? Being anonymous does not = freedom. And unlike Edward Snowden, I don’t consider Russia or China paradises I want to live in!

                Your right when you always say people to need to wake up. But Americans need to wake up and have more of a presence online, not just our Gov’t…..

                1. voksalna

                  On the contrary, CooloutAC, what Americans need is to get OFFLINE to try to make changes. That is indeed their (your) only real chance of causing any sort of change. You’re not thinking very clearly if you believe that your emails do much more than cause the politicians you’re emailing to hire more interns to filter their email — and at your own expense, no less.

                  The reason your civil rights acts were passed wasn’t because people wrote kindly, carefully worded letters and posted them to their representatives. You (and by this I mean generations before you, obviously) obtained civil rights through marches, protests, and generally making yourselves. And because history has a lot to teach, it bears mentioning that COINTELPRO was used quite extensively on activists even back then. It’s only progressed since. There can’t be progress without being investigated, probably — because I assume anybody would be investigated that made themselves enough of a nuisance to persuade other people to protest the status quo, now, just like they were then.

                  Don’t just wake up. Get out there.

                  1. John Nevard

                    I presume you’re referring to those ‘civil rights’ where the government gets to threaten anyone who chooses to hire based on ability, rather than racial quotas? Yeah. Freedom.

      2. Chris Hansen

        Oh BTW, stop cutting open random white powder packages mailed to your house please. I’m curious too but you need to know when to quell that urge. Seriously, never again.

      3. voksalna

        You have specifically stated in this series a couple of times that you thought visiting Pavel might wind up having somebody kill you (and not necessarily Pavel).

        And you do seem to spend a lot of time focusing on those of us further East — even though statistically speaking there is a lot of crime in other places. Perhaps most telling, you permit (and seem to encourage, to some degree) a strong anti-Russian slant. Which is kind of funny if you consider that most ‘criminal research’ statistically shows that judging increases crime, while encouraging a more accepting outlook and removing stigma from a region, tends to promote economic stability and by extension good will. At the very least you favour ‘bad’ stories on Russians, and ‘good’ stories on Americans and Western Europeans (and other first world, strong in English-speaking (though not necessarily native in English) countries). Which is kind of funny. Why no ‘positive’ profiles of CIS people? And the occasional blurb about Kaspersky does not count. I would argue that you have a bias and do not see it. Not that my opinion matters. 🙂

        1. saucymugwump

          Investigative reporters largely write about crime and political malfeasance. If Brian wrote of a cyber-punk who helped a little old lady across the street, do you honestly believe that anyone would read it? Not to mention that I have seen how young people drive in Russia; some of them actually aim for little old ladies. Anna Shavenkova is a case in point.

          Your assertion that judging increases crime is pure horse manure. By your logic, all we needed to do was smile at Herr Hitler and everything would have been better. Wait, Chamberlain tried that and it turned out rather ugly.

          I have traveled in Russia quite a bit. I could write all sorts of stories regarding what happened to me and others. It is common for Russian women to allow themselves to be picked-up in bars and take the man “home” where a large, masked partner is waiting to rob the fool. Russia is not like Germany, Canada, or other civilized countries. Yes, there are many nice people, but there are also many criminals, cyber and otherwise. The fish rots from the head.

          Russia and China are the main sources of cyber-crime. The USA, via the NSA, cyber-skulks around the world, but they are chasing Islamists, hoping to stop them before they kill again. The difference between these two is night and day, but only “anarchists” fail to see it.

          Brian does not have a bias — you do.

          1. saucymugwump

            P.S. Those who wish to learn more about Russian drivers should search on Мигалки (migalki) and read the following stories:
            http://www.rferl.org/content/dash-cams-russia-fighting-corruption-and-scams-car-crashes/24780355.html
            http://www.voanews.com/content/russian-dashboard-camera-culture-capture-amazing-images/1604653.html
            http://www.dailymail.co.uk/news/article-2383661/Russian-road-rage-driver-arrested-speeding-traffic-policeman-clinging-bonnet.html

            Even Russia Today, the Western media face of the Kremlin, was forced to admit that its policemen are out of control:
            Guns don’t kill people, Police do
            http://rt.com/news/guns-don-t-kill-people-police-do/

            Anyone curious about Anna Shavenkova can read my blog post on the subject:
            Anna Shavenkova, officially sanctioned Russian killer
            http://saucymugwump.blogspot.com/2010/08/anna-shavenkova-officially-sanctioned.html

            1. What a hipocrat

              You are just a Hipocrat my friend . I can give you millions of articles about Bad American drivers ,Youtube is full of it .

              This is very interesting point you made here — …..where a large, masked partner is waiting to rob the fool. This is just ridicules .It must be happening to foreigners only cos they are stupid enough to go to strangers place to have free *ex . Having a hotel room may help in this case 🙂

              And another point you made -The USA, via the NSA, cyber-skulks around the world, but they are chasing Islamists, hoping to stop them before they kill again.

              excuse me but when did they killed someone in the first place .if you referring to 9/11 you must not forget that it was an inside job done by CIA and MOSSAD .The fish rots from the head as you say /

              1. SeymourB

                And with your last sentence you lost all vestiges of credibility.

                You may as well have said the moon is made out of green cheese and extraterrestials were behind 9/11, it’d be just as credible.

              2. IA Eng

                Hipocrat?

                Is that a Hippo and a Democrat combined in one?

                A Hippo and a rat ? I guess that would look like the wolly mammoth all over again.

                On another note, Its not only the NSA that listens. Just becuase they had an insider pull thy pants around thier ankles only exposes what they do, and potentially what other countries do as well.

                Its one of those paranoia things, your called paranoid if you think they are watching you. Your called ignorant if you are being watched and do not know it. What is it called when your being watched and know it?

                If your online intentions are good, then you should not have anything to worry about.

            2. voksalna

              Actually, saucymugwump, if Brian wants more hits (and I’m assuming he does since his revenue stream probably largely comes from this site), you’re wrong:

              http://www.nytimes.com/2013/03/19/science/good-news-spreads-faster-on-twitter-and-facebook.html?pagewanted=all

              I’d post [more, actual] source material but this sums it up nicely.

              And think about it — on Youtube, aren’t the things people click on the most the things that cheer them up? Why should articles be different? Why should ‘A Little Bit of Sunshine’ always be a Pyrrhic thing?

        2. John Nevard

          Yeah yeah, but the West African crooks only target the extremely stupid. They are not interesting to write, or read about.

          Take the fact that Eastern Europeans can do cybercrime right as a compliment.

  3. Gem

    This is probably Russia’s best week ever in terms of helping the Internet. Credit where credit’s due. (Yes, we all know there are back stories and explanations. Still. Credit where it’s due.)

    Looking forward to the book!!

  4. Old School

    “Prosecutors allege that the resulting outage at Assist prevented Russian airline Aeroflot from selling tickets for several days, costing the company millions of dollars.” Wikipedia’s entry for Aeroflot says ” As of June 2011, it was 51%-owned by the Russian government.” Aeroflot’s website says “Aeroflot is Russia’s de facto National carrier and largest Airline.” Half of the millions that Aeroflot lost could be considered the Russian government’s money plus the image of the national carrier got dented. Is that sufficient reason to go after Vrublevsky or are bribes still needed?

    1. voksalna

      While I am not arguing that the taking down of Aeroflot impacted business, I think the damages were overstated, at least from the CIS side — it more likely mostly affected people booking from non-CIS countries — and most of them probably would book via third party sites anyway. In this part of the world, many of us just buy tickets the “old fashion” way.

    2. IA Eng

      He paid them for any monies lost during the DDOS. with money recouped, the reputation and stock prices may have gon up. Or, the fine was seen as a potential retirement annuity for someone.

  5. JimV

    Should have been double or triple that amount of time, and with real-world hard labor to boot.

    1. Chris

      Well, he got sent to a penal colony, which involves forced labor. It’s probably not Siberia these days, but I imagine it’s inconvenient enough.

    1. IA Eng

      well, its in between an odd and even number actually. Not quite a 2 and not quite a 3.

      I am sure they weighted that some how. They typically take whatever the action was times it by a number of months – maybe the number of months that the organization would take to recover from the event, and said, while they are recovering, you get to sit in a jail cell.

      The US Departmnt of Justice website, I have see some odd ones as well. 52 moths, 38 months, 41 months etc. I guess they are going sick of the 12, 24, 48, 60, 72 and the 10, 15, 20 25 years.

      1. Hayton

        The charges Vrublevsky faced carried a maximum term of imprisonment of 7 years. He pleaded guilty, and as a first-time offender might thus have expected a reduction to a 3-year term. He had already served 6 months in Lefortovo, a high-security Moscow prison, while awaiting trial (something he described in his blog after his release). So a 30-month sentence is pretty much what the courts were expected to pass.

        In charge throughout this long-running saga was Federal Judge Natalia Lunina, who had to deal with an impressively botched prosecution case. The outcome was perhaps influenced less by the alleged Aeroflot connections of certain Russian politicians, and more by influential members of the Russian security services. That’s a definite ‘perhaps’. There are murmurings by some that some in the FSB had him in their sights for refusing to be part of a scheme involving law-enforcement officials and “illegal financial transactions”.

        http://www.ewdn.com/2013/08/06/chronopay-founder-jailed-after-controversial-trial/
        http://www.novayagazeta.ru/inquests/55663.html
        http://cyberwarzone.com/russian-financier-pavel-vrublevsky-court-case

        In Russia the links between government, the security services and “businessmen” are complex and shifting, and there has always been more to this case than met the eye. There were allegations at various stages of forged signatures, improper paperwork, intimidated witnesses, and a suspect assaulted in police custody and forced to sign a false confession. Not to mention the alleged bribes to secure a conviction.

        I hope that Brian’s book does justice to this story, and isn’t just a narrative of the war between Vrublevsky and Gusev, fascinating though that itself would be. There’s more to write about here than just a turf war.

        Personally I find Vrublevsky a fascinating character. Complex and flawed, seen as a villain in the west but as just another successful businessman in his home country. Crook he may be – he could probably walk through a corkscrew sideways – but anyone who could proclaim himself as an anti-malware campaigner while being involved in fake anti-virus programs and spam for fake pharmaceuticals deserves a thoughtful biographer, not a hatchet job.

        1. brian krebs

          Yep. The book uses the pharma wars as a narrative to examine many different facets of cybercrime. Among other things, the book looks at:

          -the demand side (the million + people who bought pills from these spam networks);

          -the business side (the spammers themselves, the economics of competing spam partnerkas and spam cartels, and the sources of these generic drugs in India and China);

          -the anti-spam angle (from takedown activity to anti-spam activists);

          -the rogue antivirus partnerkas powered by ChronoPay’s operations;

          -and the history of spam- and cybercrime-friendly networks that nurtured these businesses (including the birth of the Russian business network, and the roles of organizations like McColo, Atrivo, Rove Digital (an early ChronoPay investor) and 3FN.

          -the role of corruption in the rise and fall of these two empires.

  6. KFritz

    Aside from the “enhancements” paid by Gusev, isn’t it possible that the losses to Aeroflot motivated the prosecution of Vrublevsky?

  7. voksalna

    Brian, is there any chance for a simultaneous release of Russian and English editions of your upcoming book? Am thinking you might do well in Russian sales, and know you have Russian-speaking ‘collaborators’.

Comments are closed.