Cybercrime as-a-service , Endpoint Security , Fraud Management & Cybercrime

Russian Botnet Operator Sentenced to 8 Years in Prison

DOJ: Aleksandr Brovko Was Part of $100 Million Banking Fraud Scheme
Russian Botnet Operator Sentenced to 8 Years in Prison

Aleksandr Brovko, a Russian national, has been sentenced to eight years in federal prison for stealing personally identifiable data and online banking credentials using a botnet, according to the U.S. Justice Department. Federal prosecutors estimate the losses to victims at more than $100 million.

In 2019, Brovko, 36, was extradited to the U.S. following his arrest in the Czech Republic as part of a crackdown on Russian online forums selling sensitive banking data by local law enforcement. In February, Brovko pleaded guilty to conspiracy to commit bank and wire fraud for his alleged role in deploying a botnet with a co-conspirator to harvest personally identifiable information and banking credentials that included customers of Bank of American and Capital One, according to court documents.

See Also: 2024 Trending Tips for Surviving Ransomware

In the federal indictment, prosecutors charged that Brovko then used the harvested data to commit various financial frauds or repackaged the data and sold it to other cybercriminals. The prosecutors further note that between 2007 and 2019, Brovko and his accomplice possessed 40,000 stolen credit card numbers and infected 500,000 computers using their botnet.

"Aleksandr Brovko used his programming skills to facilitate the large-scale theft and use of stolen personal and financial information, resulting in more than $100 million in intended loss," U.S. Attorney G. Zachary Terwilliger for the Eastern District of Virginia noted in Monday's announcement.

Botnet Scheme

Between 2007 and 2019, Brovko, along with another unnamed conspirator, obtained a botnet from other cybercriminals to harvest sensitive data from banking customers in the U.S., according to the Justice Department.

Brovko then used software scripts that he developed to parse through the botnet data logs to extract customers' personally identifiable information and online banking credentials. Some of this data included sensitive banking information from customers of Bank of America and Capital One, according to court documents.

Brovko then verified the validity of the stolen account credentials, and even assessed whether the compromised financial accounts had enough funds, and then published the refined data in an elite, members-only, Russian dark web forum for cybercriminals, prosecutors note.

In addition to the sale of data, Brovko also provided his services on botnet data parsing and advised other hackers, directing them as to how they could hack into bank accounts using his data, according to court papers.

Recent Botnet Activity

While the botnet that Brovko and his co-conspirators controlled operated several years ago, other cybercriminals are still using this type of malicious software to make illegal gains, especially around mining for cryptocurrencies such as monero and bitcoin.

In October, for instance, security researchers at Imperva uncovered a botnet that is exploiting vulnerabilities in websites' underlying content management systems and then using the compromised servers to mine for cryptocurrency or send spam to more victims (see: KashmirBlack Botnet Targets Content Management Systems).

Also last month, researchers at security firm Avira Protection Lab identified a new strain of the Mirai botnet targeting vulnerable internet of things devices. The botnet includes denial-of-service capabilities, separate encryption keys for each source, fast self-replication and secure connection to its command-and-control servers (see: Even in Test Mode, New Mirai Variant Infecting IoT Devices).

In another case, Microsoft announced that it had disrupted most of the infrastructure that supports the Trickbot botnet that is used to deliver ransomware and other malware to victims. Other security researchers note, however, that the operators behind the botnet have started to reassemble its servers (see: Trickbot Rebounds After 'Takedown').

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.