Russia: 7-Year Sentence for Blackhole Mastermind

Jail Time for Russian Cybercriminals Is Rare
Russia: 7-Year Sentence for Blackhole Mastermind
Dmitry 'Paunch' Fedotov at the time of his arrest by Russian authorities. (Source: Group-IB.)

Russian authorities have sentenced Dmitry "Paunch" Fedotov, the developer of the notorious Blackhole exploit kit that's been linked to large amounts of fraud, to seven years in prison - an unusually severe sentence for online crime in that nation.

See Also: OnDemand | Adversary Analysis of Ransomware Trends

He was one of seven Russian men who were found guilty of computer crimes and sentenced to spend up to eight years in prison for committing a spree of hacking and malware attacks that resulted in the theft of more than 25 million rubles (worth about $800,000 at 2013 exchange rates) from Russian banks, state-owned Russian news agency TASS reports. All are due to serve their sentence in a "penal colony," it adds.

Russia's Ministry of Internal Affairs had previously tied the Blackhole gang to 70 million rubles in fraud, which would have been worth $2.1 million at 2013 exchange rates. Authorities in other countries also tied the gang to many millions of dollars in fraud and ransomware payments that they received from victims.

Artem Palchevsky, who remains at large, was convicted in absentia of helping to design software that hacked PCs and exfiltrated sensitive financial information that could be used to drain accounts, TASS reports. He's been sentenced to serve eight years in prison. Fellow hackers Roman Kulakov, Sergey Shumarin, Ilya Bragin, Valery Gorbunov, and Vladimir Popov were also sentenced to between five and a half and eight years in prison, Tass reports.

But the most notorious member of the group was Fedotov, who was arrested in October 2013 at age 27. Russian authorities often turn a blind eye to Russians who run cybercrime campaigns that target foreigners. But Fedotov, a.k.a. "Paunch," made the mistake of stealing from Russian banks while residing on Russian soil (see Russian Cybercrime Rule No. 1: Don't Hack Russians).

The length of the prison sentences imposed on the gang members is "not typical for the Russian legal system," says Sergey Nikitin, deputy head of the computer forensics laboratory and malicious code analysis team at Moscow-based cybersecurity firm Group-IB. He called the sentences "a very positive step" toward combatting cybercrime.

"Court judgments for cybercrimes in Russia are usually delivered in accordance with Articles 272 and 273 of the Russian Criminal Code, and criminals often receive a suspended sentence," Nikitin tells Information Security Media Group. "However, in this particular case investigators managed to prove that cybercrimes had been accompanied by monetary theft, which meant criminals had committed fraud and therefore should be sentenced to imprisonment."

Group-IB assisted Russian authorities with their Blackhole investigation (see How Do We Catch Cybercrime Kingpins?).

Subscription-Based Cybercrime Service

The arrest of Fedotov and his colleagues shuttered the Blackhole cybercrime service. The service, which was sold on a subscription-only basis starting at $50 per day or $500 per month, was primarily used to send large volumes of spam that included email attachments that attempted to exploit known vulnerabilities on PCs. Security experts say Blackhole was the most prevalent online threat in 2012 and was used to distribute many different types of malware, including banking Trojans that could be used to drain victims' bank accounts. The exploit kit was also used to infect systems with ransomware, providing a separate revenue stream for criminals in the form of ransom payments.

Blackhole was so successful that Fedotov, beginning in October 2012, was then able to develop and sell a premium offering called Cool Exploit Kit that was packed with zero-day flaws and available for $10,000 per month. He also offered the malware obfuscation service, according to Group-IB.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.