This has got to be one of the biggest stories out there. Its a wired story which was tooted out through Mastodon and a great one at that.
Here is some of what I want to highlight about this article.
For more than a decade, Vyacheslav Igorevich Penchukov—a Ukrainian who used the online hacker name “Tank”—managed to evade cops. When FBI and Ukrainian officials raided his Donetsk apartment in 2010, the place was deserted and Penchukov had vanished. But the criminal spree came to a juddering halt at the end of 2022, when he traveled to Switzerland, was arrested, then was extradited to the United States.
Today, at a US federal court in Lincoln, Nebraska, a judge sentenced Penchukov to two concurrent nine-year sentences, after he pleaded guilty to two charges of conspiracy to participate in racketeering and a conspiracy to commit wire fraud. United States District Judge John M. Gerrard also ordered Penchukov to pay more than $73 million, according to court records. The court also ordered three years of supervised release for each count and said they should run concurrently.
Both charges carried a maximum sentence of up to 20 years each. According to court documents, however, the US government and Penchukov’s lawyers both requested a less severe sentence following him signing a plea agreement in February. It is unclear what the terms of the plea deal include. At the time, documents show, Penchukov could also face having to repay up to $70 million—less than the combined amount he’s ordered to pay in restitution and forfeited funds. “I understand this, but I don’t have such amounts of money,” he said in court earlier this year.
Ahead of the sentencing, the Department of Justice refused to comment on the case, and the FBI and Penchukov’s lawyers did not respond to WIRED’s requests for comment.
When the Ukrainian pleaded guilty in February—a number of charges were dropped following him signing the plea agreement—he admitted to being one of the leaders of the Jabber Zeus hacking group, starting in 2009, that used the Zeus malware to infect computers and steal people’s bank account information. The group used the details to log in to accounts, withdraw money, and then send it to various money mules—stealing tens of millions from small US and European businesses.
“The defendant played a crucial role, a leadership role, in this scheme by directing and coordinating the exchange of stolen banking credentials and money mules,” prosecutors said in court earlier this year. They would steal thousands from victim companies, often draining their accounts.
Penchukov, who was also a well-known DJ in Ukraine, also admitted to a key role organizing the IcedID (also known Bokbot) malware, which collected the victim’s financial details and allowed ransomware to be deployed on systems. He was involved from November 2018 to at least February 2021, officials say. Investigators found he kept a spreadsheet detailing the $19.9 million income IcedID made in 2021.
The Zeus malware, linked to FBI-wanted Russian Evgeniy Bogachev, first appeared online around the end of 2006 and in part used keyloggers to steal people’s banking information when they entered it online. The cybercriminals would log into accounts and send money to people acting as mules, who would cash out the funds. “It was just a really big jump in capabilities,” Keith Jarvis, a senior researcher at cybersecurity company Secureworks, says of the Zeus malware. “The volume of it was so out of control, and the banks didn’t have a really good handle on it.”
Operation Trident Breach collared more than 50 people around the world in September 2010—with some members later being sentenced—but Penchukov wasn’t one of them. “It was quite obvious that Tank was tipped off,” Craig says. “There was no sign of him, and it was quite clean. You could definitely tell no one had been there a few days,” Craig recounts of the raid on Penchukov’s apartment. As detailed by MIT Technology Review, officials suspected corruption and family connections to high-level Ukrainian officials. Plus Russian investigators involved in the case “ghosted” other officials on the day the arrest was due to take place.
Since the Zeus gang were at their height, their particular brand of bank fraud—directly accessing victims accounts and moving money from them—has declined in prominence. Ransomware and data extortion, using cryptocurrency to launder money, has become the primary tactic of Russia-linked cybercriminals, earning them more than $1.1 billion in 2023.
This is some of the article as I wantedd to highlight.
As it shows, the shdow is right and crime will not pay. To read the entire piece by wired, Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison will be your article.
Here’s the boost that I saw.
Selena Larson: Boosting Patrick Howell O’Neill (howelloneill): There are like six of us who closely watch everything that happens to Tank but for us six this is pretty big https://www.wired.com/story/vyacheslav-igorevich-penchukov-tank-zeus-malware-sentencing/
The thing I don’t think I quoted in here is something I find hard to believe. The suspect says he doesn’t have the money to pay, but yet, why did he do it to begin with? The U.S. doesn’t play when you fuck with people and steal their money.
Maybe he needs the stupid fuck award, and I’m ready to give it.