US Prosecutors Indict Estonian for Selling MetasploitAndrey Shevlyakov Has History of Flouting Export Controls
U.S. federal prosecutors say an Estonian man was prepared to violate U.S. export regulations by selling a license for penetration testing software to a Russian individual.
Estonian authorities arrested the man, Andrey Shevlyakov, on March 28 at the behest of U.S. authorities seeking his extradition. Shevlyakov faces an indictment alleging 18 counts of criminal behavior including money laundering and violations of the U.S. statute that restricts trade on dual-use technologies.
Among the items prosecutors say Shevlyakov procured for Russian end users, including defense contractors, were electronic components used in avionics, missiles and electronic warfare systems.
In June 2020, he responded to an individual based in Russia who inquired through a front company for a license for Metasploit Pro, the penetration testing tool offered by Massachusetts firm Rapid7.
In a court filing arguing that Shevlyakov should be denied bail once extradited, federal prosecutors say the would-be customer detailed a history of failed attempts to acquire the software through third parties.
"Sales to Russia are virtually impossible," the inquirer wrote. "We cannot reveal the end user, nor can we identify ourselves." Prosecutors say Shevlyakov responded with an email listing prices for different versions of Metasploit Pro. Shevlyakov has been on a U.S. blacklist known as the Entity List since 2012. He is required to obtain a license to export anything from the United States. Prosecutors say he maintained an "intricate logistics operation" involving frequent courier trips into Russia to deliver goods.
The Department of Justice in March 2022 initiated Task Force KleptoCapture, dedicated to enforcing export restrictions, sanctions and economic countermeasures imposed by the United States following Moscow's attempt to conquer Ukraine.
Federal agencies recently warned U.S. companies to be vigilant against attempts to evade export controls through the use of third parties.