Two Eastern European nationals have been sentenced in the U.S. for offering "bulletproof hosting" services to cybercriminals, who used the technical infrastructure to distribute malware and attack financial institutions across the country between 2009 to 2015.
Pavel Stassi, 30, of Estonia, and Aleksandr Shorodumov, 33, of Lithuania, have been each sentenced to 24 months and 48 months in prison, respectively, for their roles in the scheme.
Court documents showed that both the individuals worked as administrators for an unnamed bulletproof hosting service provider that rented out IP addresses, servers, and domains to cybercriminal clients to disseminate malware such as Zeus, SpyEye, Citadel, and the Blackhole Exploit kit that were used to gain access to victims' machines, co-opt them to a botnet, and siphon banking credentials.
The development comes months after Stassi and Shorodumov, along with the service's Russian founders Aleksandr Grichishkin and Andrei Skvortsov, pleaded guilty to Racketeer Influenced Corrupt Organization (RICO) charges earlier this May. The U.S. Justice Department (DoJ) said the other two co-defendants, Grichishkin and Skvortsov, are pending sentencing and face a maximum penalty of 20 years in prison.
The cyberattacks aimed at U.S. companies and financial institutions between 2009 and 2015 is believed to have resulted in millions of dollars in losses to victims.
In addition, the defendants also helped their clients anonymize their criminal activity from law enforcement by monitoring sites used to blocklist technical infrastructure and then moved the flagged content to a new infrastructure that was registered under false or stolen identities in a deliberate attempt to make it harder to track.
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
"Cybercrime presents a serious and persistent threat to the U.S., and these prosecutions send a clear message that 'bulletproof hosters' who purposely aid other cybercriminals are responsible, and will be held accountable, for the harms their criminal clients cause within our borders," said Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department's Criminal Division in a statement.