Ruslan Grumble - Fotolia

'Bulletproof' hosts catch RICO charges for aiding cybercriminals

Four men pleaded guilty to RICO conspiracy charges for operating a bulletproof hosting service that provided infrastructure to cybercriminals' operations.

Four operators of a bulletproof hosting provider pleaded guilty to RICO conspiracy charges for their roles in aiding cybercrime operations.

The Department of Justice (DOJ) on Friday announced that 34-year-old Aleksandr Grichishkin and Andrei Skvortsov, of Russia, along with Aleksandr Skorodumov, 33, of Lithuania, and Pavel Stassi, 30, of Estonia, will all face extended prison time under the U.S. racketeering statute after they all admitted to providing cybercrime groups with hosting, IP addresses and domain registration, along with technical support and services to help avoid detection by law enforcement.

The four bulletproof hosts had been arrested abroad and extradited to the U.S. for trial.

According to charges filed in the U.S. District Court for Eastern Michigan, each of the men knew that they were providing services to groups that trafficked in malware, ransomware, phishing and other illegal activities. Not only did they provide everyday services like hosting and domain registration, they also helped to shield their customers from law enforcement by registering their sites under false or stolen identities and shifting the sites to new servers and addresses when the old ones had been flagged as being part of a cybercrime operation.

"Over the course of many years, the defendants facilitated the transnational criminal activity of a vast network of cybercriminals throughout the world by providing them a safe-haven to anonymize their criminal activity," said Timothy Waters, special agent in charge of the FBI's Detroit field office, in the DOJ announcement. "This resulted in millions of dollars of losses to U.S. victims."

Over a six-year period from 2009 to 2015, the bulletproof hosts provided the infrastructure for some of the most notorious malware and cybercrime operations, including Zeus, SpyEye, Citadel and criminals running the Blackhole exploit kit. While authorities did not give a specific dollar amount, the DOJ said that those scams likely netted millions of dollars in ill-gotten gains for both the cybercriminals and the hosting companies.

Of the four convicted, Grichishkin and Skvortsov were said to be the ringleaders. The Russian duo founded the unnamed hosting company and acted as its heads of day-to-day operations, including personnel and customer support. Skorodumov was said to be the main system administrator for the company, and Stassi was responsible for "administrative tasks," including setting up financial accounts for customers and tracking their marketing campaigns. 

While providing these sorts of bulletproof services can bring big bucks to hosting companies, particularly those in parts of the world where law enforcement is unable or unwilling to crack down on shady online activity, they face serious consequences if caught and extradited.

In this case, each of the four men could see enhanced sentences of up to 20 years in prison under RICO (the Racketeer Influenced and Corrupt Organizations Act), a U.S. law aimed at organized crime outfits. While the act has in the past been mainly used to target mafias and high-level gangs, it is increasingly being turned toward cybercrime operations and the infrastructure that supports them.

"The criminal organizations that purposefully aid these actors -- the so-called bulletproof hosts, money launderers, purveyors of stolen identity information, and the like -- are no less responsible for the harms these malware campaigns cause, and we are committed to holding them accountable," said Nicholas McQuaid, acting attorney general for the DOJ's criminal division, in the announcement. "Prosecutions like this one increase the costs and risks to cybercriminals and ensure that they cannot evade responsibility for the enormous injuries they cause to victims."

Stassi and Skorodumov are set to be sentenced next month, followed by Grichishkin in July; Skvortsov's sentencing is scheduled for September.

Dig Deeper on Security operations and management

Enterprise Desktop
Cloud Computing