Two Eastern Europeans sentenced for providing ‘bulletproof hosting” services

Two Eastern European men who pleaded guilty to providing “bulletproof hosting” services to facilitate the distribution of malware used to attack financial institutions in the U.S. were sentenced to prison today, the Department of Justice said.

Pavel Stassi, 30, of Estonia, and Aleksandr Shorodumov, 33, of Lithuania, said they acted as administrators for a bulletproof hosting organization that helped launch attacks against U.S. targets between 2009 and 2015, the Justice Department statement said. 

Bulletproof hosting services are run by people who turn a blind eye to content and rent IP addresses, servers, and domains to provide criminals with the technical infrastructure they need to disseminate malware, form botnet armies, and steal banking credentials for use in frauds.

The two men each pleaded guilty to one count of conspiracy under the RICO, or Racketeer Influenced and Corrupt Organizations, statute. Stassi was sentenced to 24 months in prison and Skorodumov was sentenced to 48 months.

The Justice Department said a roster of malware was hosted on their servers included Zeus, SpyEye, Citadel, and the Blackhole Exploit kit, all of which were deployed against U.S. companies and caused millions of dollars in losses 

The defendants also helped their clients evade detection by monitoring sites used to blocklist technical infrastructure and then moved the flagged content so it was harder for law enforcement to track, the statement added. 

“Over the course of many years, the defendants facilitated the transnational criminal activity of a vast network of cybercriminals throughout the world by providing them a safe-haven to anonymize their criminal activity,” said Special Agent in Charge of the FBI’s Detroit Field Office, Timothy Waters. “Today’s proceeding proves that anyone who facilitates or profits from criminal cyber activity will be brought to justice.”

According to court filings and statements made in connection with the defendants’ guilty pleas, Skorodumov was one of the hosting organization’s lead administrators and he configured and managed domains and IP addresses and offered clients advice on how they could optimize their malware and botnets. 

Stassi was more of a marketing expert, the DOJ statement said. He conducted and tracked online marketing for the hosting service and used stolen or fake personal information to register web hosting and financial accounts for the organization.