DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

Russian Developer of the Notorious Citadel Malware Sentenced to Prison

Posted on October 1, 2015 by Dissent

Dimitry Belorossov, a/k/a Rainerfox, has been sentenced to four years, six months in prison following his guilty plea for conspiring to commit computer fraud. Belorossov distributed and installed Citadel, a sophisticated malware that infected over 11 million computers worldwide, onto victim computers using a variety of infection methods.

 

According to U.S. Attorney Horn, the charges and other information presented in court: In late 2011, a malicious software toolkit named “Citadel” began appearing for sale on invite-only Internet website forums frequented by cybercriminals. Citadel was a sophisticated form of malware known as a “banking Trojan” designed to steal online banking credentials, credit card information, personally identifiable information, and, ultimately, funds through unauthorized electronic transfers. Citadel electronically infected the computers of unsuspecting individuals and financial institutions, creating “bots,” which cybercriminals, such as Belorossov, then remotely accessed and controlled.

Cybercriminals, including Belorossov, distributed and installed Citadel onto victim computers through a variety of infection methods, including malicious attachments to spam e-mails and commercial Internet ads containing malware or links to malware. Since 2011, multiple versions of Citadel have been distributed and operated throughout the world. Citadel became one of the most advanced crimeware tools available in the underground market, as it had the capability, among other things, to block antivirus sites on infected computers. According to industry estimates, Citadel, and other botnets like it, infected approximately 11 million computers worldwide and are responsible for over $500 million in losses.

In 2012, Belorossov downloaded a version of Citadel, which he then used to operate a Citadel botnet primarily from Russia. Belorossov remotely controlled over 7,000 victim bots, including at least one infected computer system with an IP address resolving to the Northern District of Georgia. Belorossov’s Citadel botnet contained personal information from the infected victim computers, including online banking credentials for U.S.-based financial institutions with federally insured deposits, credit card information, and other personally identifying information.

In addition to operating a Citadel botnet, Belorossov also provided online assistance with the goal of developing suggested improvements to Citadel, including posting comments on criminal forums on the Internet and electronically communicating with other cybercriminals via e-mail and instant messaging.

For example, in 2012 Belorossov made numerous postings to Citadelmovement.com, an online forum in which Belorossov discussed his Citadel botnet and recommended improvements to the Citadel malware. In those postings, which were in Russian, Belorossov shared his concurrence with the improvements to Citadel recommended by others and commented on the efficacy of additional criminal functions other customers had recommended as enhancements to the Citadel malware.

Belorossov, 22, of St. Petersburg, Russia, has been sentenced by U.S. District Court Chief Judge Thomas W. Thrash Jr., to four years, six months in prison, to be followed by three years of supervised release, and ordered to pay restitution in the amount of $322,409.09. Belorossov was convicted on July 18, 2014, after he pleaded guilty.

This case was investigated by the Federal Bureau of Investigation.

Assistant U.S. Attorneys Steven D. Grimberg and Scott Ferber prosecuted the case.

SOURCE: FBI

Related Posts:

  • Russian Hacker "Kolypto" Who Worked on Citadel…
  • Sentenced malware developer a 'key resource' for…
  • Ex-Citadel employee sentenced to three years for data theft
  • Ex-Citadel Worker Pleads Guilty to HFT Data Theft
  • Blackshades malware hacker gets 5 years in prison

Post navigation

← MS Society warns website users their personal details might have been compromised
Reports slam OCR’s poor oversight of HIPAA covered entities, breach followup efforts →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • Update: Cardiovascular Consultants Ltd. ransomware attack reportedly affected 500,000 patients, guarantors, and staff
  • Data breach by Addenbrooke’s Hospital reveals patient information
  • Millions of patient scans and health records spilling online thanks to decades-old protocol bug
  • Cybersecurity: Federal Agencies Made Progress, but Need to Fully Implement Incident Response Requirements (GAO Report)
  • Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers
  • CBIZ KA Notice of Data Privacy Incident (Prime Healthcare)
  • Seeking clarification on Maine’s data breach notification statute
  • East River Medical Imaging notifies 605,809 patients of breach

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net