March 26, 2012

Last week was a bad one to be a cybercrook. Authorities in Russia arrested several men thought to be behind the Carberp banking Trojan, and obtained a guilty verdict against the infamous spammer Leo Kuvayev. In the United States, a jury returned a 33-month jail sentence against a Belarusian who ran a call service for cyber thieves. At the same time, U.S. prosecutors secured a guilty plea against a Russian man who was part of a gang that stole more than $3 million from U.S. businesses fleeced with the help of the ZeuS Trojan.

Kuvayev in Thailand, 2001

In August 2010, KrebsOnSecurity broke the news that spam king Leonid “Leo” Aleksandorovich Kuvayev, was being held in a Russian prison awaiting multiple child molestation charges.  Late Friday, a Moscow City court judge rendered a guilty verdict against Kuvayev for crimes against the sexual integrity of minors, according to Russian news agency

In 2005, the attorney general of Massachusetts successfully sued Kuvayev for violations of the CAN-SPAM Act, a law that prohibits the sending of e-mail that includes false or misleading information about the origins of the message, among other restrictions. Armed with a massive trove of spam evidence gathered largely by lawyers and security experts at Microsoft Corp., the state showed that Kuvayev’s operation, an affiliate program known as BadCow, was responsible for blasting tens of millions of junk e-mails peddling everything from pirated software to counterfeit pharmaceuticals and porn.

In an apparent bid to sidestep those charges, Kuvayev fled the United States for Russia. A Massachusetts judge later convicted Kuvayev of CAN-SPAM violations, and ordered him to pay $37 million in civil penalties. FBI officials say that at the time, BadCow was raking in more than $30 million each year.

Russian prosecutors said Kuvayev sexually abused at least 11 girls aged 13 to 18 years, many of them suffering from mental and psychological problems and pupils of orphanages and boarding schools nearby Kuvayev’s business and residence in Moscow.

According to information obtained by KrebsOnSecurity, Russian prosecutors had help from Kuvayev’s old nemesis Microsoft, which had hired a local forensics company in 2010 to keep tabs on his activities. Microsoft’s Samantha Doerr confirmed that Microsoft Russia consulted with Moscow-based cyber forensics firm Group-IB, but said the nature of the investigation was related to Kuvayev’s spamming activities. reports that it’s not clear when Kuvayev may be sentenced, but that the most serious offense he faces carries a penalty of 20 years in prison.

Group-IB also assisted in another investigation that bore fruit last week: The arrest of eight men — including two ringleaders from Moscow — alleged to have been responsible for seeding computers worldwide Carberp and RDPdor, powerful banking Trojans. Russian authorities say the crime gang used the malware to raid at least 130 million rubles (~$4.43 million USD) from more than 100 banks around the world, and from businesses in Russia, Germany and the Netherlands. Russian police released a video showing one of the suspects loudly weeping in the moments following a morning raid on his home.

The arrests help explain why the makers of Carberp abruptly stopped selling the Trojan late last year. Until recently, Carberp was sold on shadowy underground forums for more than $9,000 per license. In the screen shot below, a lead coder for the Carberp Trojan can be seen announcing on Nov. 1, 2011 that he will be immediately suspending new sales of the malware, and will not be reachable going forward.

Russian authorities are often criticized for failing to pursue cyber crooks who target Western companies and interests, but they do tend to take an interest in Russian cyber thieves who fleece their own countrymen. The guys behind Carberp seem to have ignored a long-observed but increasingly ignored tradition of not targeting companies and individuals in Russian and former Soviet states. According to antivirus maker ESET, computers in Russia and Ukraine comprised about 50 percent of all Carberp infections.

On Friday, authorities in New York announced the sentencing of Dmitry M. Naskovets, a Belarusian who operated a rent-an-accomplice business for bank thieves. Naskovets received a sentence of 33 months in prison after pleading guilty to running, a Russian language site for identity thieves who trafficked in stolen bank account data and other information, writes. The service catered to thieves who wanted to conduct fraudulent financial transactions that required phone-based verification — minus the thick Eastern European accent.

Also on Friday, the same New York authorities announced the sentencing of 23-year-old Nikolay Garifulin, a Russian man who was part of a gang of international money mules that helped to steal more than $3 million from dozens of U.S. businesses. Garifulin was among several dozen money mules charged in September 2010, as part of “Operation ACHing Mule,” a global law enforcement sweep against an organized crime gang that used the ZeuS Trojan to fleece hundreds of small and mid-sized businesses. Garifulin was sentenced to two years in prison, forced to forfeit $100,000, and ordered to pay $192,123 in restitution.

15 thoughts on “A Busy Week for Cybercrime Justice

  1. Nic

    “Last week was a bad one to be a cybercrook.”

    In the first sentence I already knew the article was gonna be good. 🙂

    “Russian police released a video showing one of the suspects loudly weeping in the moments following a morning raid on his home.”

    Such sad sobs. It’s a lot like the sadness of people whose retirement money was stolen. Oh wait, the two are nothing alike.

    Nice gold chain around the neck there bro. I wonder whose family vacation paid for it. Dig the tennis racquets too. Maybe you can play doubles with with my neighbor — oh wait — he can’t because he has to work overtime after getting robbed and has no time for friends and family now.


  2. Martin

    Am I the only one who finds it a little disturbing that Microsoft paid a Russian company to (essentially) spy on this guy?

  3. Greg

    The sentences handed down for these crimes are light by comparison. How long will take for those who lost assets as victims in the scams operated by these individual to recover from their losses if indeed they ever will?

    1. JCitizen

      To quote that article:

      “The prevalence of its software has made Windows the most appealing target for online criminals, and the security holes they discover in the software are a persistent nuisance for Windows users.”

      I’d call it a plague, rather than a “persistent nuisance”!

  4. Phoenix

    “According to antivirus maker ESET, computers in Russia and Ukraine compromised about 50 percent of all Carberp infections.”

    Sorry to seem picky, but don’t you mean “comprised”?

  5. SteveW

    Quite honestly, can we actually say that Microsoft was not to blame in this incident and they can therefore be completely absolved of this?

    Best practices for any computer user should be just that, best practiced. Updates, by default, install themselves (to my chagrin thanks IE 9), and Norton bloatware is installed on every single new PC, so absolved??? I guess not entirely, but who is to blame… Users!

    How is MS supposed to protect users that don’t know how to use their software? Does Kitchenaid offer assistance to individuals who have electrocuted themselves by inserting a butter knife into one of their toasters?


    Its not anyone retirement fund stolen, only banks here that got robbed.
    Americans are stupid, always claiming to be robbed when bank will refund them.
    Stupid people let bank rob them everday and government waste their tax on bullshit, then they saw some rebel from establishment and say oh how evil.
    All matrix captured duped and brainwashed zombie sheep.

    1. EJ

      Yeah, when money is stolen from banks, it’s “free money”. It doesn’t come from anyone – talk about bullsh*t. Nice try, crime slime.

      1. AlphaCentauri

        People unaccustomed to having any money of their own tend to misunderstand where it comes from. You’ll have to excuse him.

  7. NYC Criminal Lawyer

    My office ( Bukh Law Firm, P.C., 14 Wall St, New York NY 10005 (212) 729-1632) represented Mr. Naskovets and advised on Mr. Garifulin case. It is true that ex-USSR authorities started to take action on the complaints issued by U.S. courts to the extent when they prosecute for crimes against U.S. in their own jurisdictions! Mr. Naskovets’s co-defendant remained in Belorussian custody facing multiple charges.

  8. Online_Carder

    Hopefully they all get released soon so they can continue stealing from all you suckers. You are nothing but scumbags dressed in nazi clothing. We will continue to steal since this is the only means to survive. We are Jedi. You are Padawan.

  9. black.sheep

    seriously if you dont want to get robbed keep your money under your bed banks will steal your money anyhow i got steal and I cant blame myself because the issue is from the bank they are the one who convinced us to open an account with and our money is gonna be safe its a way of slavery to put money in the bank and than one day some hidden fee pops up from no where in this case i’d like to let a hacker hack my account than these cock sucker of banker suck all my money because if the hacker does now im the one whos screwing the bank because they were givin us fake promesses…so a big proverb from me guyz…BETTER ROB THAN GET ROBBED!!!!!!! sheeps,slaves!!!!!

  10. black.sheep

    so damn naive…you got steal big deal the bank refund you everything is cool why make it a big deal they have to refund you because that their fault for those who steal and their card got blocked while a grocery it hurts but blame the real robber——————————————————————————————————————————————————————————————————————->THEBANK<————————————————————————————————————————————————————————————————————————————————————————————————————————-…why make it so complicated…its simple!

Comments are closed.