Russian hacker, nabbed in Spain, cops 4+ years for Citadel botnet
Should have stayed under the skirt of Mother Russia. Just a thought
Dimitry Belorossov – a Russian cyber-criminal who used the Citadel banking trojan – has been sentenced to four years and six months in a US prison after pleading guilty to conspiring to commit computer fraud.
Belorossov, who was known by criminal associates as Rainerfox, was alleged to have operated a Citadel command and control server.
The Russian controlled over 7,000 victim computers, stated an initial court document, which declared his sentencing was scheduled for 27 May.
The sentencing was subsequently re-set for 29 September, when Judge Thomas W Thrash Jr sentenced him to 54 months imprisonment.
According to information provided through the Department of Justice's Victim Witness Assistance programme, his "botnet contained personal information from the infected victim computers, including online banking credentials for US-based financial institutions, credit card information, and other personally identifying information".
Although described as a "developer" in the headline of US Attorney's Office press release, Belorossov is not among the creators of the Citadel trojan.
As noted later in the release, he "provided online assistance with the goal of developing suggested improvements to Citadel, including posting comments on criminal forums on the internet and electronically communicating with other cyber-criminals via email and instant messaging".
An article by investigative journo Brian Krebs from 2012 noted that Citadel was directly marketed to the underworld as an alternative to malware created by "writers who decide that coding their next creation is more lucrative and interesting than supporting current clients".
Among Citadel's features was a support ticketing system, which allowed for features to be suggested, rather than allowing customers to become part of the development group.
Krebs noted that "the basic Citadel package" – which comprised a bot builder and botnet administration panel – retailed for $2,399, with a $125 monthly "rent" and its "most innovative features" sold as add-ons.
Among those is a $395 software module that allows botmasters to sign up for a service which automatically updates the bot malware to evade the last antivirus signatures. The updates are deployed via a separate Jabber instant message bot, and each update costs an extra $15.
The DoJ considers Citadel, which is a ZeuS variant, to have infected over 11 million computers worldwide and to be responsible for more than $500m in losses.
US Attorney John Horn stated that the case was a perfect example of global cyber-crime requiring a global response: "This defendant committed computer hacking offenses on victims in the United States from the relative safety of his home country of Russia."
Speaking at Cloudsec earlier this year, the FBI's Timothy Wallach bemoaned the difficulty of bringing to justice cyber-criminals believed to be located in China and Russia, where they may receive state support.
Wallach noted that as soon as they went on holiday, however, they would be picked up. This was the case for Belorossov, who was arrested by US law enforcement partners in Spain during 2013 when attempting to board a flight back to Russia, and subsequently extradited to the US.
"As malware and hacking toolkits continue to victimise computer users around the world, we will step up our efforts to focus internationally on the criminals who develop these programs," stated Horn.
Belorossov, 22, will have to pay roughly $320,000 in restitution to his victims, and will spend three years under supervised release following his four and half years in prison. A large number of the court documents from USA vs Dimitry Belorossov remain sealed. ®