Authorities have sentenced a hacker to eight years in prison for trafficking stolen personally identifiable information (PII) and online banking credentials resulting in losses totaling over $100 million.
Aleksandr Brovko, 36, formerly of the Czech Republic, pleaded guilty in February to conspiracy to commit bank and wire fraud, the Department of Justice (DoJ) said on Monday. The DoJ said that between 2007 and 2019, Brovko worked closely with other cybercriminals to monetize vast troves of data that had been stolen by botnets.
“For over a decade, Brovko participated in a scheme to gain access to Americans’ personal and financial information, causing more than $100 million in intended loss,” said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division, in a statement issued Monday. “This prosecution and the sentence imposed show the department’s commitment to work with our international and state counterparts to bring cybercriminals to justice no matter where they are located.”
According to the DoJ, Brovko was an active member of several elite, online forums designed for Russian-speaking cybercriminals to gather and exchange their criminal tools and services.
He specifically wrote software scripts used to parse botnet logs and performed manual searches of the data in order to extract “easily monetized” information.
Brovko also verified the validity of stolen account credentials, and assessed whether compromised financial accounts had enough funds to deem them “worthwhile” to use for conducting fraudulent transactions.
“According to court documents, Brovko possessed and trafficked over 200,000 unauthorized access devices during the course of the conspiracy,” said the DoJ. “These access devices consisted of either personally identifying information or financial account details.”
Botnets, or networks of infected computers, continue to show new innovations, expanded scope and increased targeting. In October, a new variant of the InterPlanetary Storm botnet was discovered, which comes with fresh detection-evasion tactics and now targets Mac and Android devices. In August, researchers warned of a peer-to-peer (P2) botnet called FritzFrog that they say has been actively breaching SSH servers since January.
In June, new research emerged about a resurfaced hackers-for-hire group called DarkCrewFriends, which was targeting content management systems to build a botnet. The botnet can be marshalled into service to carry out a variety of criminal activities, including distributed denial-of-service (DDoS) attacks, command execution, information exfiltration or sabotage of an infected system. In May, it was revealed that the Hoaxcalls botnet, built to carry out large-scale distributed denial-of-service (DDoS) attacks, has been actively in development since the beginning of the year.