A
federal jury in Hartford convicted a Russian national yesterday for his
role in operating a “crypting” service used to conceal “Kelihos”
malware from antivirus software, enabling hackers to systematically
infect victim computers around the world with malicious software,
including ransomware. Oleg Koshkin, 41, formerly of Estonia, was
convicted of one count of conspiracy to commit computer fraud and abuse
and one count of aiding and abetting computer fraud and abuse. He faces
a maximum penalty of 15 years in prison and is scheduled to be
sentenced on September 20.
“By operating a website that was intended to hide malware from
antivirus programs, Koshkin provided a critical service that enabled
other cyber criminals to infect thousands of computers around the
world,” said Acting U.S. Attorney Leonard C Boyle. “We will investigate
and prosecute the individuals who aid and abet cyber criminals as
vigorously as we do the ones who actually hit the ‘send’ button on
viruses and other malicious software.”
“The defendant designed and operated a service that was an essential
tool for some of the world’s most destructive cybercriminals, including
ransomware attackers,” said Acting Assistant Attorney General Nicholas
L. McQuaid of the Justice Department's Criminal Division. “The verdict
should serve as a warning to those who provide infrastructure to
cybercriminals: the Criminal Division and our law enforcement partners
consider you to be just as culpable as the hackers whose crimes you
enable — and we will work tirelessly to bring you to justice.”
“Mr. Koshkin and his associates knowingly provided crypting services
designed to help malicious software bypass anti-virus software,” said
Special Agent in Charge David Sundberg of the FBI’s New Haven Division.
“The criminal nature of the Crypt4U service was a clear threat to the
confidentiality, integrity and availability of computer systems
everywhere. We at the FBI will never stop pursuing those like Mr.
Koshkin for perpetrating cyber crimes and threats to the public at
large.”
According to court documents and evidence introduced during the
trial, Koshkin operated the websites “crypt4u.com,” “fud.bz,” and
others. The websites promised to render malicious software fully
undetectable (FUD) by nearly every major provider of antivirus
software. Koshkin and his co-conspirators claimed that their services
could be used for malware such as botnets, remote access trojans (RATs),
keyloggers, credential stealers, and cryptocurrency miners.
In particular, Koshkin worked with Peter Levashov, the operator of
the Kelihos botnet, to develop a system that would allow Levashov to
crypt the Kelihos malware multiple times each day. Koshkin provided
Levashov with a custom, high-volume crypting service that enabled
Levashov to distribute Kelihos through multiple criminal affiliates.
The Kelihos botnet was used by Levashov to send spam, harvest account
credentials, conduct denial of service attacks, and to distribute
ransomware and other malicious software. At the time it was dismantled
by the FBI, the Kelihos botnet was known to include at least 50,000
compromised computers around the world.
Koshkin was arrested in California on September 6, 2019, and has been detained since his arrest.
Koshkin’s co-defendant, Pavel Tsurkan, is charged with conspiring to
cause damage to 10 or more protected computers, and aiding and abetting
Levashov in causing damage to 10 or more protected computers. He is
released on bond while awaiting trial.
As to Tsurkan, an indictment is merely an allegation, and a defendant
is presumed innocent unless and until proven guilty beyond a reasonable
doubt in a court of law.
Levashov was arrested by the Spanish National Police on April 7,
2017, and extradited to the United States. On September 12, 2018, he
pleaded guilty to one count of causing intentional damage to a protected
computer, one count of conspiracy, one count of wire fraud, and one
count of aggravated identity theft.
The FBI’s New Haven Division is investigating the case through its
Connecticut Cyber Task Force. Assistant U.S. Attorney Edward Chang of
the United States Attorney’s Office and Senior Counsel Ryan K.J. Dickey
of the Criminal Division’s Computer Crime and Intellectual Property
Section are prosecuting the case, with assistance from the Criminal
Division’s Office of International Affairs. The Estonian Police and
Border Guard Board also provided significant assistance.
In April 2021, the Department of Justice announced the creation of
the Ransomware and Digital Extortion Task Force to combat the growing
number of ransomware and digital extortion attacks. As part of the Task
Force, the Criminal Division, working with the U.S. Attorneys’ Offices,
prioritizes the disruption, investigation, and prosecution of ransomware
and digital extortion activity by tracking and dismantling the
development and deployment of malware, identifying the cybercriminals
responsible, and holding those individuals accountable for their crimes.
The department, through the Task Force, also strategically targets the
ransomware criminal ecosystem as a whole and collaborates with domestic
and foreign government agencies as well as private sector partners to
combat this significant criminal threat.
Posts
