November 17, 2011

I spoke this week at Govcert 2011, a security conference in Rotterdam.  The talk drew heavily on material from my Pharma Wars series, about the alleged proprietors of two competing rogue Internet pharmacies who sought to destroy the others’ reputation and business and ended up succeeding on both counts. Here is the latest installment.

For those who haven’t been following along, I’ve put together a cheat sheet on the main players, the back story and the conflict. Click here to skip this section.


Pavel Vrublevsky: Co-founder and Former chief executive officer of ChronoPay, until recently a major processor of electronic payments in Russia. Vrublevsky has been accused of running an illegal business, a rogue Internet pharmacy affiliate program called Rx-Promotion, and is currently in prison awaiting trial on unrelated cybercrime charges. Known to business partners as “Red” or “RedEye.”

Igor Gusev: Co-founded ChronoPay with Vrublevsky in 2003. Had a falling out with Vrublevsky in 2005, left ChronoPay and started the Internet pharmacy affiliate programs GlavMed and SpamIt. The latter was closed in Sept. 2010, and Gusev has been charged with running an illegal business. He is still at large.

Dmitry Stupin: Gusev’s right-hand man. Helped to build SpamIt and GlavMed. The logs below are from a set of logs leaked to several download sites that contain thousands of conversations between Stupin and Gusev. The logs were obtained shortly after the police detained Stupin as part of the criminal investigation into Gusev.

Conflict: Two former business partners-turned-competitors try to sabotage each others’ business and to get the other arrested.

The Conversation

The conversation below takes place between Feb. 21 and 23, 2010, and is a chat log between Gusev and Stupin. Gusev already knows there are plans to file criminal charges against him, which indeed come just seven months after this conversation was recorded. The two are discussing plans to pay more than $1.5 million to politicians and law enforcement to obtain a criminal prosecution of Vrublevsky.

Several attendees at Govcert 2011 asked about the likelihood of Vrublevsky serving time, if convicted. This chat may provide a clue. In the middle of the following conversation, Gusev says he has secured promises that if arrested, Vrublevsky “would remain in prison and would not be able to pay his way out,” Gusev wrote. “He is going to lose a large portion of his business and will be left with no money to fight the war.”

Gusev: Latest news – all the materials to start a criminal case were given to prosecutors on Friday. After holidays I am going to get some information regarding “what” and “who”. Are we meeting on 24th?

Stupin: Yes we are meeting on 24th.

Stupin: Shaman’s stuff got broken, everything is declined. I cannot come to Moscow, as usual. I broke my leg in Turkey.

Gusev: Really??? Is it really broken?

Stupin: Yes.

Stupin: Here.  I was learning how to do somersault doing Aerial skiing (freestyle).

Gusev:  In reality, I think it’s for the better. There is no need for you to go to Moscow. After the holidays I am going to get the information which was received by the prosecutors’ office, however I am planning to leave from here for a couple of months. This is extremely serious, this is not just articles in newspapers.

Gusev: Write down my new number. It used to be 325667.9. 20к (5k are going to the middleman and 15k are going to a person from prosecutors’ office). 5к (for the search of materials regarding Pasha’s case); $2к (to lawyer for compromising materials and Newsweek); summed up to: 298667.9

Stupin: Okay.


Gusev: I need a piece of advice: I found a person who is willing to help me in situation with Red. He has a proven scheme, because he is a very strong lawyer. A real fixer-upper. For his service, along with very large sum of money, he is asking for something in return — he is asking to help his friend – a very famous webmaster, who faced similar problem as the one we are facing, and who was saved by that person. This “friend” is not doing anything right now.  This lawyer is asking us to help him with establishing on-line pharmacy affiliation (partnerka). I am not glad with this proposition to create our own competition, however, out of all people I talked to, only this person offered a structured solution to the problem, giving us hopes.  People from Volleyball Association can and will cover us, using their FSB connections, but they can do very little with Prosecutors’ Office, they can only prolong the legal proceedings. They will also not be able to prosecute Red. The person who we are asked to help is my old acquaintance – Pet – the owner of лолного – billing of billcards (sunbill). [For more information on the role of the Russian Volleyball association in this story, see Pharma Wars: Purchasing Protection].

Stupin: Let’s offer him to create “us” under his own brand.

Gusev: We have already tried doing this.  He is going to leave on his own. IMHO the ideal way is to offer him our clone as 50-50 partnership. I have not offered anything to anyone yet before knowing your opinion. I cannot say no, otherwise, the “fixer-upper” is not going to take our case (even if we give him as much money as he asks for) 🙁 In that case I will have to do everything by myself (I know how to do it and even have several people, who can split the whole scheme step by step and execute them). However, this way, there is very high chance that they will take the money, but will do nothing. Or will milk me and Red at the same time, making double the money, and, again, do nothing.

Stupin: It’s not a problem at all,  they have tried so many times to do something with us – and have not followed through on their own. Our sites are publicly available, there is no risk to process orders from trusted sites.

Gusev: Hosting is ours, tech support is only ours. We will not give the software. Maintenance is also ours.

Stupin; Yes, we are giving them the sites, they will redo them, giving them API for the affiliation (partnerka).

Gusev: ок, I will try to bound them by these conditions. Do you want to know how much the service regarding Red cost?

Stupin: Sure. I have just arrived, with my leg, I can’t really think straight.

Gusev: 1.5 million.

Stupin: Oh, God!!! What does he promise for that?

Gusev: He promises that Red would remain in prison and would not be able to pay for his way out + he is going to lose a large portion of his business and will be left with no money to fight the war.

Gusev: I do not want to write all the details here on Jabber, that is why I wanted to meet. I am gathering the money for him, and for your for the office, and I am leaving for 2-3 months.

Stupin: ok, are you going to bring money for the office?    Let’s meet at that time? Because I am going to get stuck for approximately a month with my leg.

Gusev: Yes, I am trying to gather enough money. Pasha is helping me, but with very small sums and when he has available money, not when I need it.

Gusev: Can we borrow from your brother? At most 150-200к?

Stupin: Yes, I will do it. Some time ago I rented a house in Moscow suburbs, and the owner offered to rent with his help,   I have his e-mail and the phone number, he is mature, calm, we can try.

Gusev: Could you find out his requirements?

Stupin: Okay, I will call.

21 thoughts on “Pharma Wars: The Price of (in)Justice

  1. неизвестный

    этот рассказ имеет нравственность?

    1. Wladimir Palant

      Well, he doesn’t say that it is dollars – could have been 1.5 million Rubles which would amount to roughly $50,000. But granted, that is small change as far as Russian bribes go, dollars are more likely.

      1. Aleksey

        Believe me, it’s not 1.5M rubles they talk about. The pricetag for Vrublevsky’s Lefortovo vacation is a well known and publicized fact by now. Moreover, read the Stupin’s reaction to the amount above: “Stupin: Oh, God!!! What does he promise for that?” He would not be impressed that much by a paltry $50k, it would be a pocket change for them.

  2. george

    Fascinating details. I wish I knew you were speaking at Govcert, I live 15 Km from Rotterdam I would have been honored to shake hands with you.
    I was wondering who Pasha might be, was mentioned multple time in the chat logs, along with “his house in Turkey”.

      1. george

        Thanks, that’s what I thought also, but is not making sense:
        “Gusev: Yes, I am trying to gather enough money. Pasha is helping me, but with very small sums and when he has available money, not when I need it.”

        How could Pasha help him with money when they are at war ? It must be another Pavel…

  3. Victor Khorev

    “the owner of лолного”
    What is “лолного”?

    1. Aleksey

      He refers to “lolita billing” or “underage pornography website billing service”. Petrovsky, the guy Gusev is talking about, had had legal problems because of running them. Gusev had also been a proprietor of “lolita billing” known as “Dibill” earlier in his cybercrime career.

  4. Mark Giles

    Currently this web site is barely able to respond the http requests. It has been like that for several hours.
    I suspect a technical fault, but can’t rule out the possibility of a DDOS, given the incriminating information published here.

    1. BrianKrebs Post author

      @Mark – yes, my site was hit with a pretty decent DDoS attack yesterday. Will have more on it in a bit.

    2. MZ

      I don’t think the DDoS is related to the Great Pharma Wars. The Spamit logs have been widely available for a few month by now and it looks to me like Brian is pretty careful with what he is choosing to translate.

  5. Scott

    You know Brian….someone should make a movie about this. This sounds like something from a spy or hacker movie. 🙂

    I figured that as soon as I could not get your your site…it was probably a DDoS attack. I guess that what happens when you really know your stuff like you do.

    Hope today is much better!

  6. JCitizen

    The voting function is becoming impossible now too. Perhaps my page scanner is not working – or maybe it is – if the objects are infected?

    1. anon

      For me voting is enabled just on 4 comments,
      from the top: Aleksey, WPalant and 2*george

      [writing this, I saw some ‘overload’ protection – it is nice 🙂 ]

        1. BrianKrebs Post author

          Hi guys. I am aware of the issue with the comments voting. It has to do with adjustments we made last week to ward off the DDoS attack. Things will return to normal soon. Thanks for your patience.

Comments are closed.