US cracks down on 'bulletproof hosting' providers that enabled malware attacks

Four individuals behind a "bulletproof hosting" site have pleaded guilty to US racketeering charges, the Department of Justice (DoJ) has announced. The service, designed to accommodate criminal activities and help clients evade detection, was founded by Russians Aleksandr Grichishkin and Andrei Skvortsov. The other two parties are Lithuanian Aleksandr Skorodumov and Estonian Pavel Stassi, who worked as admins on the site.

The site provided multiple clients with the infrastructure to "gain access to victims’ computers, form botnets, and steal banking credentials for use in frauds" between 2008 and 2015, the DoJ wrote. "Malware hosted by the organization included Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit, which rampantly attacked U.S. companies and financial institutions between 2009 and 2015 and caused or attempted to cause millions of dollars in losses to U.S. victims."

On top of hosting malware, the service helped clients evade detection by law enforcement. "The defendants did so by monitoring sites used to blocklist technical infrastructure used for crime, moving 'flagged' content to new infrastructure, and registering all such infrastructure under false or stolen identities," the DoJ said.

Bulletproof hosting sites are a powerful source of cybercrime, botnet, ransomware and other illegal activities. The recent guilty pleas aren't likely to make much of a dent in their activities, however. As security researcher Brian Krebs noted in 2019, most operators are based in Russia or former Soviet republics and are unlikely to face prosecution as long as they stay there. The four parties named by the DoJ will be sentenced over the next few months and face up to 20 years in prison.