What exactly makes a cybercriminal? Well, without getting into the nitty-gritty of what does and does not constitute a virtual crime, how about we just answer the question: “What makes a criminal?” You know — a typical criminal who gets sentenced to jail. He broke a law, that’s a crime, and he’s got to do his time. Even Dostoyevsky wrote about it. But it’s a safe bet that cybercriminals never read Dostoyevsky, not to mention the fact that they probably have no idea about the expert community helping law enforcement investigate cybercrime. That’s why arrests and real consequences are usually a huge surprise for hackers — they’re confident that they’re just too slick to get caught.
The Oriental Express
An entire group of hackers made up of at least 17 people were involved in Western Express, a group that set out to steal credit card numbers. The name “Western Express” was something the cops came up with, since the scammers used the American Western Express International network for their transactions. The prosecution in Manhattan stated that the hackers managed to take control of over 95,000 credit card numbers, which they subsequently sold. The damage they caused cashed in at roughly $5 million. Today, 11 members of the group have been sentenced.
The Western Express group included citizens of a number of different countries, including Russians, Ukrainians, and Moldovans. The harshest sentence (up to 40 years) was handed out to the notorious Ukrainian hacker Yegor Shevelov, better known as Eskslubur or Esk, who was charged with the sale of 75,000 credit card numbers. The special services also arrested the administrator of the DumpsMarket forum, where sales of financial data were conducted. Yet at the same time, equally harsh sentences were handed out to the founders of the e-payment system WEI, Vadim Vasilenko and his wife Elena Barysheva, who were found in the investigation to have facilitated money laundering. They later confessed to everything.
Not everyone is so ready to admit to things. One Russian citizen in particular, Dmitri Smilanets, to this date refuses to confess his involvement in a case that is more or less closed. Even though his involvement has been pretty much proven, the evidence is there; with about 160 million credit cards that he compromised, the known virtual venues victimized in connection with him and his associates, and at least $300 million claimed against him in lawsuits. But he won’t give! He says he’s just the owner of the cyber-sports club Moscow Fife, and not any kind of thief. Nevertheless, law enforcement has reason to believe otherwise. Dmitri’s got sidekicks whose guilt has already been proven. But we’ll have to wait and see how it all ends.
Reynaldo Rivera is facing charges of disclosing personal information in the US. He was sentenced to jail time for his involvement in the group hacking of the Sony Pictures Entertainment network. In 2011, Rivera was a member of the group Lulzsec, which penetrated the servers and stole the personal and registration data of several hundred thousand participants in contests held by Sony. Lulzsec then made all of that data publicly available. Even though no financial damages were incurred, the disclosure of that kind of personal information is prohibited by law. In addition to one year in jail, River also faces a fine of $605,000.
In Russia, the Tushinsky Court of Moscow has sentenced Pavel Vrublevsky to 2.5 years in prison. He was a shareholder in the Chronopay e-payment system. According to the facts uncovered in the investigation, Vrublevsky ordered DDoS attacks against a competing e-payment system, Assist, in 2010. The aim of the attacks, according to the investigation, was to undermine the contract between Aeroflot and Assist – Chronopay’s competitor on the online payment market – in the hope that it would be terminated. This case is particularly remarkable as it is the first instance in Russian law in which an actual sentence has been handed out to both the organizer and the executors of a DDoS attack.
Nothing to do with me!
Denis Chalovsky, a citizen of Latvia, has found himself in an uncomfortable situation. His fate will now be determined through major hearings in the European and American justice systems. The US believes Denis is a major criminal — according to their data, Chalovsky worked with Russian citizen Nikita Kuzmin and Romanian citizen Mikhai Paunesku to create and disseminate the Gozi virus, which has infected over one million computers around the world. The virus was used by the group to hack into tens of thousands of bank accounts and the damages wracked up to tens of millions of dollars. The victims of the Gozi virus include 160 NASA computers. In total, the charges against Denis add up to 67 years in prison. However, there is another side to the story. Denis himself denies the charges, and he has witnesses on his side testifying that he has never been capable of creating this kind of Trojan, since he only knows how to repair computers, but is far from a capable programmer. This case gets complicated when it comes to the issue of Denis’s extradition to the US authorities, who have no direct evidence of Chalovsky’s guilt. In his defense, Denis has the backing of European civil rights organizations, who are speaking out against his charges. And this gives us something to think about…
Interpol: Shanghai calling
For the first time in history, Shanghai’s online police collaborated with Interpol to capture the leader of a group that has stolen roughly 30 million Yuan ($4.9 million) from trusting citizens. Over two thousand Chinese users were victimized by a group of five hackers hiding out in Thailand. All of them were captured, except for a certain Mr. Van, who was found to be the leader of the group and who is still in hiding. Reports say that Mr. Van has already served the standard 14-month term usually handed out to hackers. In 2009, a car auction was cancelled that resulted in him facing criminal charges. Just over a year later, Mr. Van had served his sentence, but had obviously not experienced any type of “rehabilitation” in jail. In the more recent case, he was the ringleader of the group in question, coming up with the plans and giving out specific instructions to his subordinates. He continued to make money – indirectly – through a clever, complex setup. Only, as it turned out, he wasn’t able to completely cover his tracks.