Card Not Present Fraud , Fraud Management & Cybercrime

Russian-Born Botnet Herder Hit With 9-Year Sentence

Up to $25 Million in Payment Card Losses Tied to Naturalized US Citizen
Russian-Born Botnet Herder Hit With 9-Year Sentence

A Russian-born man who emigrated to the United States in 2007 and later gained U.S. citizenship has been sentenced to serve 110 months in prison after pleading guilty to masterminding hacking and card-fraud schemes.

See Also: Account Risk: The Latest Tool in Fraud and IVR Protection

Since at least 2008, Alexander Konstantinovich Tverdokhlebov, 29, of Los Angeles, "was an active member of several highly exclusive Russian-speaking cybercrime forums," according to a statement of facts submitted to the court and co-signed by the defendant.

Participation in the forums was restricted to members whose bona fides could be proven by a forum member who was willing to vouch for them, it reads.

"The purpose of these forums is to facilitate cybercrimes, help cybercriminals find co-conspirators and promote the buying and selling of illegal services such as money laundering and computer intrusion services, and the buying and selling of illegal goods such as stolen credit card information and personal identifying information (PII)," the statement reads.

The U.S. Department of Justice said in a Monday release that by using these forums, Tverdokhlebov "forged lucrative business partnerships with other Russian-speaking cybercriminals, with whom he exchanged tools, services, and stolen personal and financial information."

Botnet Herder

Tverdokhlebov boasted on cybercrime forums between 2009 and 2013 that he had built multiple botnets, controlling up to 500,000 malware-infected PCs at a time, from which sensitive data - including online bank account credentials - had also been stolen. He also claimed to have possessed or trafficked 40,000 credit card numbers, according to court documents. The defendant said via forums that he would sell "dumps" of stolen payment card data information in batches of 1,000 cards, guaranteeing that 90 percent of them would be valid.

On March 31, Tverdokhlebov pleaded guilty to wire fraud. Per his plea agreement, his activities caused estimated losses of between $9.5 million and $25 million.

"Tverdokhlebov executed a number of schemes to 'cash out' or monetize the financial information he stole, such as by selling it to other cybercriminals or by providing it to accomplices who would use it to make fraudulent purchases or fraudulent withdrawals from victims' accounts," the Justice Department says.

Accomplices to whom stolen card data gets shared for the purpose of cashing it out are typically referred to as money mules.

The Justice Department said Tverdokhlebov also recruited at least two Russian students who were visiting the United States on J-1 visas. These students allegedly laundered funds for Tverdokhlebov by opening bank accounts in their own names, accepting transfers from victims' accounts and then transferring the money to Tverdokhlebov or other co-conspirators.

According to court documents, one of these co-conspirators, named only as "V.P.," was a Russian national who was extradited to the United States in 2015.

Bitcoins Seized

When Tverdokhlebov was arrested on Feb. 1, law enforcement agents seized $272,000 worth of $100 bills stored in four safe deposit boxes located in Los Angeles and Las Vegas, according to court documents. Following Tverdokhlebov's plea, the Justice Department said the government successfully seized additional assets, including bitcoins stored in the U.S. and abroad that - as of Monday - were worth approximately $5 million.

The government typically auctions cryptocurrency seized in the course of investigation in batches (see Own a Piece of Bitcoin History).

Substance Abuse Treatment Request

After Tverdokhlebov's release, he's subject to three years of parole, including monitoring of his computer use.

In a supplemental sentencing memorandum filed July 3, meanwhile, his attorneys requested that their client be admitted to a substance-abuse program during his incarceration.

"Tverdockhlebov used marijuana on an almost daily basis until January 2017, he used cocaine three to four times per week and he used alcohol three to four times per week. He has never had treatment for his drug and alcohol abuse but believes he could benefit from substance abuse treatment," the memorandum reads.

Seleznev Sentenced

Tverdokhlebov isn't the only hacker with Russian origins to have been recently sentenced to serve time in U.S. prisons.

In April, Roman Valeryevich Seleznev, aka "Track2," was sentenced to serve 27 years in prison, in what appears to be the longest sentence ever handed down in the United States tied to hacking charges. Seleznev was arrested in July 2014, while on vacation, by U.S. Secret Service agents at an airport in the Maldives.

Another accused Russian hacker, Peter Yuryevich Levashov, 36, of St. Petersburg, Russia, was arrested April 7 in the Spanish city of Barcelona, also while on vacation, at the request of U.S. authorities, who are seeking his extradition.

And last October, police in the Czech Republic, acting on a red notice issued by Interpol, arrested alleged hacker Yevgeniy Nikulin at a hotel in Prague. He's been accused of hacking U.S. social media firms LinkedIn, Dropbox and Formspring in 2012.

In May, a Czech court ruled that the country could extradite the defendant to either the United States or Russia, both of which have filed extradition requests.

Nikulin says he is innocent and has denied all wrongdoing.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.