Posts Tagged: MVD

Dec 13

Meet Paunch: The Accused Author of the BlackHole Exploit Kit

In early October, news leaked out of Russia that authorities there had arrested and charged the malware kingpin known as “Paunch,” the alleged creator and distributor of the Blackhole exploit kit. Today, Russian police and computer security experts released additional details about this individual, revealing a much more vivid picture of the cybercrime underworld today.

Paunch, the accused creator of the Blackhole Exploit Kit, stands in front of his Porche Cayenne.

Paunch, the accused creator of the Blackhole Exploit Kit, stands in front of his Porsche Cayenne.

A statement released by the Russian Interior Ministry¬†(MVD) — the entity which runs the police departments in each Russian city — doesn’t include¬†Paunch’s real name, but it says the Blackhole exploit kit creator was arrested in October along with a dozen other individuals who allegedly worked to sell, develop and profit from the crimeware package.

Russian security and forensics firm Group-IB, which assisted in the investigation, released additional details, including several pictures of the 27-year-old accused malware author. According to Group-IB, Paunch had more than 1,000 customers and was earning $50,000 per month from his illegal activity. The image at right shows Paunch standing in front of his personal car, a Porsche Cayenne.

First spotted in 2010, BlackHole is commercial crimeware designed to be stitched into hacked or malicious sites and exploit a variety of Web-browser vulnerabilities for the purposes of installing malware of the customer’s choosing. The price of renting the kit ran from $500 to $700 each month. For an extra $50 a month, Paunch also rented customers “crypting” services; cryptors are designed to obfuscate malicious software so that it remains undetectable by antivirus software.

If the pictured man truly is Paunch, he certainly lived up to his nickname.

If the 27-year-old pictured here truly is Paunch, he certainly lived up to his nickname.

Paunch worked with several other cybercriminals to purchase new exploits and security vulnerabilities that could be rolled into Blackhole and help increase the success of the software. Paunch bought the exploits to fund a pricier ($10,000/month) and more exclusive exploit pack called “Cool Exploit Kit.”

As documented on this blog in January 2013 (see Crimeware Author Funds Exploit Buying Spree), Paunch contracted with a third-party exploit broker who announced that he had a $100,000 budget for buying new, previously undocumented “zero-day” vulnerabilities.

Not long after that story, the individual with whom Paunch worked to purchase those exclusive exploits — a miscreant who uses the nickname “J.P. Morgan” — posted a message to the Darkode[dot]com crime forum, stating that he was doubling his exploit-buying budget to $200,000.

In October, shortly after news of Paunch’s arrest leaked to the media, J.P. Morgan posted to Darkode again, this time more than doubling his previous budget — to $450,000.

“Dear ladies and gentlemen! In light of recent events, we look to build a new exploit kit framework. We have budgeted $450,000 to buy vulnerabilities of a browser and its plugins, which will be used only by us afterwards! ”

Continue reading →

Dec 10

Russian Police Only Translate the Good News

Internet security and cybercrime experts often complain that Russian law enforcement agencies don’t place a high priority on investigating and arresting hackers in that country. While that criticism may be fair, it may also be that Russian bureaucrats simply do not wish to call any attention to any sort of crime in their country — at least not to Westerners’ view.

I discovered something fascinating while searching for information on the Web site of the Russian Interior Ministry (MVD), the organization that runs the police departments in each Russian city: The Russian version of the site features dozens of stories every day about police corruption, theft, murder, extortion, drug trafficking and all manner of badness. If, however, you opt to view the English version of the site, the MVD shows you only news with a positive slant.

Here are all of the MVD news headlines on the English version of the site for Dec. 14:

“Photo-exhibition ‘Ministry of Interior. Open lens’ opened in trading and entertaining center in Perm”
“Photo exhibition ‘Open lens’ opened at Internal Affairs Directorate in Tomsk region”
“‘Round table meeting'” devoted to interaction of militia and youth associations took place in Kaluga”
“Krasnoyarsk militia officers rescued life of man”
“Ryazan militia officer is awarded medal of RF Ombudsman”
“Visit of police officer of state Washington, assistant to sheriff of district King Steve Bitsa to Sakhalin has finished
National team of Petersburg Central Internal Affairs Directorate won world mini-football tournament
Campaign ‘Tell your friend about traffic safety rules’ took place in Adygea

And here are just a few headlines (roughly Google-translated) from the dozens of press releases on the Russian version of the MVD’s site for that same day:

Continue reading →