The Russian hacker participated in a sophisticated scheme to steal and exchange sensitive financial and personal data, causing a loss of $100 million to the victims.
A Russian Programmer will spend eight years in a US jail for his role in a cybercriminal network that targeted their victims’ bank accounts for stealing money.
Reportedly, the hackers were able to steal approx. $100 million through the code written by Aleksandr Brovko that examined botnet logs for obtaining web banking credentials for the network.
Court documents revealed [PDF] that Brovko was a member of several “elite” online forums created especially for Russian-speaking cybercriminals to collect and share services and tools for conducting cybercrimes.
The Department of Justice’s Criminal Division’s Acting Assistant Attorney General Brian C. Rabbitt stated that for more than a decade, Brovko helped cyber criminals gain access to American targets’ private and financial information using his programming skills.
According to the DoJ’s press release, Brovko facilitated large-scale stealing of sensitive data between 2007 and 2019. He closely worked with threat actors to monetize huge data reserves stolen by botnets and wrote software scripts to “parse botnet logs.”
Furthermore, Brovko manually searched for data to extract information that could be monetized easily. This includes online banking credentials and personally identifiable information.
Brovko also verified the stolen credentials’ validity and assessed if the hacked financial accounts contained sufficient funds to conduct fraudulent transactions to inform attackers which account was worth targeting.
“He did this, for example, by attempting to log in to victims’ online banking accounts using the stolen usernames and passwords he had identified. If he was able to log in, he would know tha t the username-and-password combination was still valid,” revealed Brovko’s court indictment.
Over the years, Brovko gathered and trafficked more than 200,000 “unauthorized access devices,” resulting in an estimated intended loss of over $100 million. He was paid $70,000 annually by Tverdokhlebov.
When the police raided Brovko’s house, they seized several devices and equipment used as evidence against him.
The scheme’s mastermind was Alexander Tverdokhlebov, who migrated from Russia in 2007, acquired US nationality, and settled in California. In 2017, Tverdokhlebov was caught and sentenced to nine years in prison for operating a botnet comprising 500,000 infected devices.
The accused pleaded guilty back in February 2020 and was sentenced on October 30 for conspiring to commit wire and bank fraud.