Russian hacker jailed over botnet data scraping scheme that drained victim bank accounts

A Russian cybercriminal has been jailed for eight years for participating in a botnet scheme that caused at least $100 million in financial damage. 

According to the US Department of Justice (DoJ), Aleksandr Brovko was an active member of "several elite, online forums designed for Russian-speaking cybercriminals to gather and exchange their criminal tools and services."

The 36-year-old, formerly of the Czech Republic, worked with other cybercriminals to scrape information gathered by botnets. 

Brovko wrote scripts able to parse log data from botnet sources and then searched these data dumps to uncover personally identifiable information (PII) and account credentials. 

See also: KashmirBlack botnet behind attacks on CMSs like WordPress, Joomla, Drupal, others

Any account credentials logged by Brovko's code would then be verified by the Russian national -- sometimes manually -- to see if it was "worthwhile" using the accounts to conduct fraudulent transactions, prosecutors say. If so, bank accounts would be pillaged by other threat actors and drained of funds. 

"Brovko possessed and trafficked over 200,000 unauthorized access devices during the course of the conspiracy," the DoJ says. "These access devices consisted of either personally identifying information or financial account details."

Brovko participated in the scheme from 2007 through 2019. He has pleaded guilty to conspiracy to commit bank and wire fraud and was sentenced to eight years in prison by Senior US District Judge T.S. Ellis III. 

TechRepublic: Hackers have only just wet their whistle. Expect more ransomware and data breaches in 2021

As noted by The Register, Brovko's indictment (.PDF) reveals he was retained by co-conspirator Alexander Tverdokhlebov, who was jailed for over nine years in 2017 after pleading guilty to running botnets able to control over half a million compromised PCs. 

"Aleksandr Brovko used his programming skills to facilitate the large-scale theft and use of stolen personal and financial information, resulting in over $100 million in intended loss," said US Attorney Zachary Terwilliger. "Our office is committed to holding these criminals accountable and protecting our communities as cybercrime becomes an ever more prominent threat."

CNET: Huawei ban timeline: Chinese company may build a chip plant due to US sanctions

Last month, Imperva researchers released an analysis of a sophisticated botnet now making the rounds in order to target websites via their content management system (CMS) platforms. 

Dubbed KashmirBlack, the botnet began operation in late 2019 and is now able to attack thousands of websites on a daily basis for purposes including cryptocurrency mining, spam, and defacement. 

Previous and related coverage

• New HEH botnet can wipe routers and IoT devices
  
• This botnet has surged back into action spreading a new ransomware campaign via phishing emails
  
• DDoS botnet coder gets 13 months in prison
  

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0