Russian Hackers Feel The Heat

When Alexander Vinnik was arrested on money-laundering charges at a Greek hotel in late July, the status of his Jabber secure online messaging account was set to “away”.

“He often takes some time to reply, so at first I didn’t think anything of it,” said one person who knew the Russian as an administrator of a digital currency exchange which US prosecutors say was used to launder criminal funds.

“Then when I saw his picture on the news, I knew he would be ’away’ for a long time,” said the person, who spoke on condition of anonymity.

The US Justice Department says Vinnik facilitated crimes including computer hacking, fraud and drug trafficking by laundering at least $4 billion through BTC-e, an exchange used to trade bitcoin and other digital currencies, since 2011.

The 37-year-old faces up to 55 years in prison if extradited to the United States. He denies the allegations against him, according to Greek media reports, and BTC-e has said he never worked for the exchange. Reuters was unable to reach BTC-e or a lawyer representing Vinnik for comment.

Vinnik is now one of seven Russians arrested or indicted on US cyber-crime charges this year. On average, just two Russian cyber criminals were extradited to the United States each year between 2010 and the start of this year, according to a Reuters review of US Justice Department filings, Russian government statements and sources briefed on the matter.

The increase to a record level shows that although President Donald Trump is trying to improve relations with Moscow, the United States has not shied away from pursuing Russians suspected of cyber-crime.

The prosecutions coincide with intensified scrutiny of Russian hackers since US intelligence officials determined that Russia interfered in the 2016 … presidential election using cyber warfare methods to help Trump.

The Kremlin has denied accusations it interfered in elections in the United States or elsewhere.

But US opposition lawmakers have questioned whether Trump is willing to respond forcefully to Moscow over its actions in cyberspace, and the White House has avoided publicly accusing Russia over recent politically-motivated hacking attacks.

Alarmed by Trump’s proposal to create a joint US-Russia cyber security unit, US lawmakers have also drawn up a draft bill that would require him to notify lawmakers before he does so.

Four US federal law enforcement officials, who discussed the recent arrests with Reuters on condition of anonymity, said there had been no centralised effort to step up action against Russian cyber criminals under Trump.

The increase in the number of arrests stemmed from breakthroughs made in investigations before last year’s election, two of them said.

The FBI referred all questions to the US Justice Department. The Justice Department said it did not track arrests or indictments by nationality and declined further comment.

Russian Hackers Rattled

Some US officials, however, acknowledged that individual agents may now be more motivated to move against Russian cyber criminals following the election hacking scandal.

Russian hackers are active at all levels of cyber crime, from small-time thefts of online banking details, to taking down the computer networks of multi-national companies and government departments.

John Carlin, who until last October ran the national security division of the US Justice Department as assistant attorney general, said resources had already been moving towards pursuing Russian nationals before the 2016 election.

But he added: “Their outrageous activity to undermine the integrity of our election, like they did in western Europe before and have done since, can only have added fuel to the fire.”

According to interviews with five people who knew the men arrested this year, all of whom declined to be named for fear of prosecution, the arrests have shaken the Russian cyber-crime community.

“Now they are arresting even those who had a super indirect, not even direct connection to what they call influencing their election,” said one who knew Vinnik by his online moniker WME.

Used to operating across borders with relative impunity, Russian cyber criminals are now worried the prosecutions will lead to further arrests or harm their operations.

They are cutting back on trips abroad that were once seen as a calculated risk because of the risk of arrest and extradition, but are now viewed as increasingly foolhardy.

“We have monitored criminals discussing the aftermath (of the arrests) ... and it is clear they are concerned about two things,” said Ilya Sachkov, head of cyber security firm Group-IB, whose Threat Intelligence unit specialises in monitoring and tracking the Russian-speaking cyber-crime community.

"First, what the arrested members potentially know about them, but second and more importantly, a disruption in their ability to make money."

One of those arrested this year was Peter Levashov, charged by US prosecutors with operating one of the world's largest botnets, or networks, of infected computers used by cyber criminals. He denies the charges.

Levashov allegedly used the botnet to pump out spam emails for a multitude of criminal schemes, such as stock fraud, online credential phishing attempts and the distribution of malware, including ransomware.

A person who knew Levashov by his online identity Severa said his arrest in particular had rattled underground cyber-criminal circles because he was so well known.

"People read the news of course and see guys they know getting busted," the person said. "Once is bad, this many times is scary."

Reuters:

You Might Also Read:

Russian Arrested For $4billion Bitcoin Theft:

Putin Applauds Patriotic Russian Hackers:

Trump’s Joint Cybersecurity Unit With Russia – It’s Not Happening:

 

« Online Privacy Makes A GDPR Comeback
UK Deal With EU On Post-Brexit Data Sharing »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Aptive Consulting

Aptive Consulting

Aptive is a cyber security consultancy providing Penetration Testing and Vulnerability Assessment services.

Masergy Communications

Masergy Communications

Masergy delivers hybrid networking, managed security and cloud communication solutions to enterprises around the globe.

Mega

Mega

Mega is a secure cloud data storage provider with browser-based high-performance end-to-end encryption.

Silicom Denmark

Silicom Denmark

Silicom Denmark is a premier developer and supplier of FPGA-based interface cards for cyber-security, telecommss, financial trading and other sectors.

NopSec

NopSec

NopSec provides automated IT security control measurement and risk remediation solutions to help businesses protect their IT environments from security breaches.

Cyxtera Technologies

Cyxtera Technologies

Cyxtera offers powerful, secure IT infrastructure capabilities paired with agile, dynamic software-defined security.

Bradley-Morris

Bradley-Morris

Bradley-Morris is a leading recruiting firm specializing in transitioning military and veteran talent into civilian careers including Cybersecurity.

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

GCSCC's work is focused on developing a framework for understanding what works, what doesn’t work and why – across all areas of cybersecurity capacity.

Chainlink

Chainlink

Chainlink expands the capability of smart contracts by enabling access to real-world data and systems without sacrificing the security and reliability guarantees inherent to blockchain technology.

Center for Information Technology Policy (CITP) - Princeton University

Center for Information Technology Policy (CITP) - Princeton University

The Center for Information Technology Policy at Princeton University is a nexus of expertise in technology, engineering, public policy, and the social sciences.

OpenAVN (DefenseArk)

OpenAVN (DefenseArk)

Defending your life online, keeping your data safe and private. We detect digital threats magnitudes faster than the leading antivirus software.

SOOS

SOOS

SOOS is the easy-to-integrate software security solution for your whole team. Build, catch, and fix vulnerabilities with SOOS Software Composition Analysis.

ThreatFabric

ThreatFabric

ThreatFabric integrates industry-leading threat intel, behavioral analytics, advanced device fingerprinting and over 10.000 adaptive fraud indicators.

Cybastion

Cybastion

Cybastion develops robust world-class cybersecurity solutions tailored to suit the needs of different businesses, governments and public sector entities.

FusionAuth

FusionAuth

FusionAuth is the customer authentication and authorization platform that makes developers' lives awesome.

Halo Security

Halo Security

Halo Security is a fast, easy, and scalable external attack surface management platform that gives security leaders deep visibility into their internet-facing assets.