Russian Man Sentenced for Delivering ‘Bulletproof Hosting’ to Cybercriminals

A Russian man was convicted in the U.S. yesterday for offering ‘bulletproof hosting’ services to hackers who used them to transmit malware and assault financial institutions and individuals throughout the United States from 2009 to 2015.

Aleksandr Grichishkin, 34, of Russia, was sentenced to 60 months in prison by Chief Judge Denise Page Hood of the United States District Court for the Eastern District of Michigan on Dec. 1.

According to court documents, Mr. Grichishkin was the founder and CEO of a bulletproof hosting company that rented IP addresses, servers, and domains to cybercriminals who used the technical infrastructure to spread malware that allowed them to gain access to victims’ computers, form botnets, and steal banking credentials for use in frauds.

Zeus, SpyEye, Citadel, Blackhole Exploit Kit

The group rented IP addresses, dedicated servers, and domains to cybercriminal customers who exploited this technological infrastructure to distribute malware, establish botnets, and steal banking credentials for use in frauds. Between 2009 and 2015, the organization hosted malware such as Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit, which targeted US corporations and financial institutions, causing or attempting to cause millions of dollars in damages to US victims.

By monitoring sites used to blocklist technological infrastructure used for crime, relocating ‘flagged’ content to other infrastructure, and registering all such equipment under fictitious or stolen names, Mr. Grichishkin enabled clients elude discovery by law enforcement and continue their activities undetected.

Chief Judge Hood sentenced two of Grichishkin’s co-conspirators, Pavel Stassi, 30, of Estonia, to 24 months in jail and Aleksandr Skorodumov, 33, of Lithuania, to 48 months in prison for their participation in the scheme on June 28 and October 20, respectively.

Abuse Notices

Mr. Grichishkin was one of the organization’s founders and proprietors, as well as its day-to-day head, according to court records and declarations made in conjunction with the defendants’ guilty pleas. He oversaw efforts to advertise the company’s bulletproof hosting services in online cybercrime forums, set pricing for these services, negotiated and interfaced with clients seeking internet infrastructure for spamming and malware operations, managed employee hiring and compensation, and supervised the work of the systems administrators and other employees in this role.

Mr. Grichishkin also taught other employees of the business how to ‘resolve’ abuse notices by shifting the impacted clients’ data to other, ‘clean’ domains and IP addresses, among other things.

Stassi, Skorodumov, Grichishkin, and a fourth defendant, Russian Andrei Skvortsov, 34, all pled guilty to conspiring to participate in a racketeer-influenced corrupt organization. Skvortsov’s sentencing is pending, and he could face a maximum sentence of 20 years in jail. After examining the US Sentencing Guidelines and other statutory considerations, a federal district court judge will determine his punishment.

Allies in Germany, Estonia, UK

The FBI conducted its investigation with the help of law enforcement allies in Germany, Estonia, and the United Kingdom.

This case was prosecuted by Assistant U.S. Attorney Patrick E. Corbett of the Eastern District of Michigan and Senior Counsel Louisa K. Marion of the Criminal Division’s Computer Crime and Intellectual Property Section. The Justice Department’s Office of International Affairs provided substantial assistance.