News and commentary on organized crime, street crime, white collar crime, cyber crime, sex crime, crime prevention, crime fiction, espionage and terrorism.
Wednesday, September 30, 2015
Russian Developer Of The Notorious Citadel Malware Sentenced To Prison
The U.S. Justice department released the below information:
ATLANTA—Dimitry Belorossov, a/k/a Rainerfox, has been sentenced to four years, six months in prison following his guilty plea for conspiring to commit computer fraud. Belorossov distributed and installed Citadel, a sophisticated malware that infected over 11 million computers worldwide, onto victim computers using a variety of infection methods.
“Global cyber-crime requires a global response, and this case is a perfect example,” said U.S. Attorney John Horn. “This defendant committed computer hacking offenses on victims in the United States from the relative safety of his home country of Russia, but he was arrested by our law enforcement partners in Spain. As malware and hacking toolkits continue to victimize computer users around the world, we will step up our efforts to focus internationally on the criminals who develop these programs.”
“The FBI, in working with its international partners, continues to demonstrate that international boundaries no longer provide a safe haven for cybercriminals targeting U.S. individuals or interests domestically. Successful investigation and prosecution of cases such as this are directly attributable to the increased capabilities and determination of our cyber trained investigators and our foreign based legal attachés working collectively to not only disrupt and dismantle these foreign based hacking efforts, but also to bring those individuals responsible to justice,” said J. Britt Johnson, Special Agent in Charge, FBI Atlanta Field Office.
According to U.S. Attorney Horn, the charges and other information presented in court: In late 2011, a malicious software toolkit named “Citadel” began appearing for sale on invite-only Internet website forums frequented by cybercriminals. Citadel was a sophisticated form of malware known as a “banking Trojan” designed to steal online banking credentials, credit card information, personally identifiable information, and, ultimately, funds through unauthorized electronic transfers. Citadel electronically infected the computers of unsuspecting individuals and financial institutions, creating “bots,” which cybercriminals, such as Belorossov, then remotely accessed and controlled.
Cybercriminals, including Belorossov, distributed and installed Citadel onto victim computers through a variety of infection methods, including malicious attachments to spam e-mails and commercial Internet ads containing malware or links to malware. Since 2011, multiple versions of Citadel have been distributed and operated throughout the world. Citadel became one of the most advanced crimeware tools available in the underground market, as it had the capability, among other things, to block antivirus sites on infected computers. According to industry estimates, Citadel, and other botnets like it, infected approximately 11 million computers worldwide and are responsible for over $500 million in losses.
In 2012, Belorossov downloaded a version of Citadel, which he then used to operate a Citadel botnet primarily from Russia. Belorossov remotely controlled over 7,000 victim bots, including at least one infected computer system with an IP address resolving to the Northern District of Georgia. Belorossov’s Citadel botnet contained personal information from the infected victim computers, including online banking credentials for U.S.-based financial institutions with federally insured deposits, credit card information, and other personally identifying information.
In addition to operating a Citadel botnet, Belorossov also provided online assistance with the goal of developing suggested improvements to Citadel, including posting comments on criminal forums on the Internet and electronically communicating with other cybercriminals via e-mail and instant messaging.
For example, in 2012 Belorossov made numerous postings to Citadelmovement.com, an online forum in which Belorossov discussed his Citadel botnet and recommended improvements to the Citadel malware. In those postings, which were in Russian, Belorossov shared his concurrence with the improvements to Citadel recommended by others and commented on the efficacy of additional criminal functions other customers had recommended as enhancements to the Citadel malware.
Belorossov, 22, of St. Petersburg, Russia, has been sentenced by U.S. District Court Chief Judge Thomas W. Thrash Jr., to four years, six months in prison, to be followed by three years of supervised release, and ordered to pay restitution in the amount of $322,409.09. Belorossov was convicted on July 18, 2014, after he pleaded guilty.
This case was investigated by the Federal Bureau of Investigation.
Assistant U.S. Attorneys Steven D. Grimberg and Scott Ferber prosecuted the case.
Paul Davis is a writer who covers crime. He has written extensively about organized crime, street crime, sex crime, cyber crime, white collar crime, crime fiction, crime prevention, espionage and terrorism. He is a contributing editor to The Journal of Counterterrorism & Homeland Security International and a regular contributor to the Washington Times. His work has also appeared in the Philadelphia Inquirer, the Philadelphia Daily News and other print and online publications. Paul Davis has been a student of crime since he was a 12-year-old aspiring writer growing up in South Philadelphia. He enlisted in the U.S. Navy when he was 17 in 1970 and served on the aircraft carrier USS Kitty Hawk during the Vietnam War. He also served two years on the Navy harbor tugboat USS Saugus at the U.S. nuclear submarine base at Holy Loch, Scotland. He went on to do security work as a Defense Department civilian employee and then became a freelance writer. You can read Paul Davis' Crime Beat columns, crime fiction and magazine and newspaper pieces on this website. You can also read his full bio by clicking on the above photo.