Posts Tagged: Rove Digital


10
Jul 15

Cybercrime Kingpin Pleads Guilty

An Estonian man who ran an organized cybercrime ring that infected more than four million PCs in over 100 countries with moneymaking malware has pleaded guilty in New York to wire fraud and computer intrusion charges.

Vladimir Tsastsin, 35, ran an online Web hosting and advertising empire in Estonia called Rove Digital. From 2007 to 2011, Tsastin and six other men cooked up and executed a scheme to deploy malware that altered the domain name system (DNS) settings on infected computers (there were versions of the malware for both Mac and Windows systems).

Tsastsin. left, along with other Rove Digital men, at a hearing in Tallinn. Image: Postimees.ee.

Tsastsin. right, along with other Rove Digital men, at a 2013 hearing in Tallinn. Image: Postimees.ee.

Known as DNSChanger, the malware replaced legitimate ads in victim Web browsers with ads that rewarded Rove Digital, and hijacked referral commissions from other advertisers when victims clicked on ads. The malware also prevented infected systems from downloading software updates and visiting many security Web sites.

Following the takedown of the crime gang, the U.S. government assumed control over the DNS servers that were used by the malware, and spearheaded a global effort to clean up infected systems. U.S. authorities allege that the men made more than $14 million through click hijacking and advertisement replacement fraud.

Tsastsin and his accomplices were arrested in 2011 by Estonian authorities for their role in the scheme, but ultimately the men were acquitted. In June 2014, however, the Estonian Supreme Court revoked that decision, finding them guilty of money laundering. Tsastsin in particular was also found guilty of leading a criminal gang. All but one of the seven were later extradited to the United States, and have already pleaded guilty and/or been imprisoned.

I first encountered Tsastsin in 2008, after research and collaboration with numerous security firms and researchers led to a Washington Post series detailing how Rove Digital and its hosting business — a company called EstDomains — were hosting huge numbers of Web sites that foisted malicious software. His response at the time to assertions that he was somehow tied to Russian organized cybercrime: “Rubbish!”  Continue reading →


10
Nov 11

Rove Digital Was Core ChronoPay Shareholder

Rove Digital, the company run by six men who were arrested in Estonia this week for allegedly infecting four million PCs worldwide with malware, was an early investor in ChronoPay, a major Russian payment processing firm whose principal founder Pavel Vrublevsky also is now in prison and awaiting trial on cyber crime charges, KrebsOnSecurity has learned.

Estonian authorities on Tuesday arrested Rove Digital founder Vladimir Tsastsin, 31, along with five other Estonian nationals indicted on charges of running a sophisticated click fraud scheme. Yesterday’s blog post details Tsastsin’s criminal history, and his stewardship over Rove and a sister firm, EstDomains.. Today’s post will reveal how Tsastsin and his company were closely allied with and early investors in ChronoPay, and how that relationship unraveled over the years.

In my Pharma War series, I’ve published incorporation documents showing that Igor Gusev, a man currently wanted in Russia on criminal charges of running an illegal business in the notorious pharmacy spam affiliate programs GlavMed and SpamIt, was a co-founder of ChronoPay back in 2003. That series also details how Gusev sold his shares in ChronoPay, and that Vrublevsky later started a competing rogue pharmacy/spam operation called Rx-Promotion.

A spreadsheet showing front companies tied to ChronoPay.

It turns out that ChronoPay also had two other major and early investors: Rove Digital and a mysterious entity called Crossfront Limited. This information was included in the massive trove of internal ChronoPay emails and documents that was briefly published online last year and shared with select journalists and law enforcement agencies. Among those documents is a spreadsheet (XLS) listing all of the various shadowy companies allegedly owned and managed by ChronoPay founder Pavel Vrublevsky and associates. It lists ChronoPay B.V., the legal entity in The Netherlands that formed the initial basis of the company, as jointly owned by Gusev’s firm DPNet B.V., Red & Partners (Vrublevsky’s adult Webmaster provider) and Rove Digital OU.

When I met with Vrublevsky at his offices in Moscow in February of this year, he confirmed that Tsastsin was an old friend and that Rove Digital had been a key shareholder in the company. Further evidence of the connection between ChronoPay and Rove Digital is provided in a series of internal ChronoPay emails from May 2010.

At that time, ChronoPay was under investigation by Dutch banking regulators who suspected that the company’s intricate network of front companies and financial channels were acting in violation of the country’s anti-money laundering laws. In a tersely-worded email exchange, the Dutch bank  demanded a slew of additional accounting and administrative records, including “all documents that show the structure of ChronoPay BV, such as statutes, incorporation documents, names and addresses of director(s) and shareholders.”

Continue reading →