Pierluigi Paganini November 03, 2020

Russian cybercriminal Aleksandr Brovko has been sentenced to eight years in jail for his role in a botnet scheme that caused at least $100 million in financial damage. 

The Russian cybercriminal Aleksandr Brovko (36) has been sentenced to eight years in jail for his role in a sophisticated botnet scheme that caused at least $100 million in financial damage. 

Brovko pleaded guilty in February to conspiracy to commit bank and wire fraud, he was an active member of several elite Russian-speaking underground forums.

“For over a decade, Brovko participated in a scheme to gain access to Americans’ personal and financial information, causing more than $100 million in intended loss,” said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division.  “This prosecution and the sentence imposed show the department’s commitment to work with our international and state counterparts to bring cybercriminals to justice no matter where they are located.”

Aleksandr Brovko is accused to have used his programming skills to create a botnet that facilitated the large-scale theft and use of stolen personal and financial information.

The scripts developed by the cyber criminal were used to parse log data collected from botnet and searched for personally identifiable information (PII) and account credentials. The man also determined the validity of stolen account credentials and assessed whether compromised financial accounts could have had used to conduct fraudulent transactions. 

In some cases, the man manually chacked the stolen information.

“As reflected in court documents, from 2007 through 2019, Brovko worked closely with other cybercriminals to monetize vast troves of data that had been stolen by “botnets,” or networks of infected computers.  Brovko, in particular, wrote software scripts to parse botnet logs and performed extensive manual searches of the data in order to extract easily monetized information, such as personally identifiable information and online banking credentials.” reads the press release published by the DoJ. “Brovko also verified the validity of stolen account credentials, and even assessed whether compromised financial accounts had enough funds to make it worthwhile to attempt to use the accounts to conduct fraudulent transactions.”

The Russian man possessed and trafficked over 200,000 unauthorized access devices consisting of both personally identifying information and financial account details.

Brovko was involved in the illegal practice between 2007 and 2019.

According to The Register, Brovko was retained by co-conspirator Alexander Tverdokhlebov, who was sentenced to over nine years in 2017 after pleading guilty to possessing 40,000 stolen credit card numbers and controlling a botnet composed of up to 500,000 infected computers.

“Aleksandr Brovko used his programming skills to facilitate the large-scale theft and use of stolen personal and financial information, resulting in over $100 million in intended loss,” said US Attorney Zachary Terwilliger. “Our office is committed to holding these criminals accountable and protecting our communities as cybercrime becomes an ever more prominent threat.”

Pierluigi Paganini

(SecurityAffairs – hacking, Aleksandr Brovko)

[adrotate banner=”5″]

[adrotate banner=”13″]