As it became known to the telegram channel of the Cheka-OGPU and Rucriminal.info, the FSB of the Russian Federation, without publicity, conducted a new large-scale operation against an international group of hackers. This time, counterintelligence took for members of The Infraud Organization, which the FBI had hunted for many years, calling it "the largest fraudulent group ever investigated in the United States." The damage from the grouping is estimated by the United States at $586 million. The Investigative Department of the Ministry of Internal Affairs of the Russian Federation initiated a case under Articles 272 (Illegal access to computer information) and 187 (Illegal circulation of means of payment) of the Criminal Code of the Russian Federation. Investigators filed petitions with the court for the arrest of a whole group of people, which were granted on Friday evening. Among those arrested is one of the founders of The Infraud Organization Andrey Novak (Unicc, aka Faaxxx). A decision was also made to detain Kirill Samokutyaev, a member of The Infraud, an Estonian citizen. He was already tried in Russia in 2018. Then he was detained in Shcheremetyevo while trying to illegally smuggle 56,000 euros across the border. Then he was sentenced to a fine. Also, a decision was made to arrest the founders of the Dutch company BERGMAN MEYER CAPITAL GROUP B.V. and owners of a number of Russian firms, Mark Bergman and Konstantin Bergman.
The Infraud platform, which provides services for fraudulent Internet crimes, was created in 2010 by Ukrainian Svyatoslav Bondarenko, who worked under the nicknames Obnon, Rector and Helkern. Infraud members and partners have worked throughout the world and in the US. The group planned to steal about $2.2 billion from private individuals, merchants and financial institutions, the actual damage exceeded $568 million.
Members of the organization have sold and purchased over 4 million hacked credit card numbers.
Infraud called itself the "Ministry of Fraud" and adopted "In Fraud We Trust" as its motto, parodying the official US slogan "In God We Trust" printed on every dollar bill.
The group was an Internet criminal enterprise that bought, sold and distributed stolen personal data, hacked debit and credit cards, personal information, financial and banking information, malware and other illegal goods on a large scale.
The organization included criminals from all over the world who acted through the forum. The participants performed the usual functions of “moderators” for online communities, but in many ways the structure of Infraud resembled traditional organized criminal groups.
“The members of Infraud had specific roles in the hierarchy. “Administrators” oversaw day-to-day activities and strategic planning, approved and supervised user registrations, assigned rewards and punishments to members of the group,” the US Department of Justice said in a 2018 statement when the group first came to light.
"The 'super moderators' managed specific sections, and the 'moderators' monitored one or two sub-forums within their area ofresponsibility."
Despite positions like "administrator" or "moderator", the structure of the organization is very similar to the Cosa Nostra families and other organized crime groups in the United States, where there are bosses, their henchmen and "foremen".
The internal life of the "Ministry of Fraudulent Affairs", however, was not cloudless and was accompanied by "showdowns" and the redistribution of power. So, on March 26, 2015, hacker John Telasma announced via the internal mail of a criminal group that Svyatoslav Bondarenko banned one of the members because he “ripped him off on a deal”. Who was this defendant removed from cases, is not named in the documents of the prosecutor's office. However, less than a month later, on April 16, 2015, Sergey Medvedev announced that Mr. Bondarenko had “disappeared” and now he himself is the “administrator and owner” of Infraud.
In 2018, Russian hacker Sergei Medvedev was arrested in Bangkok at the request of the US FBI. During a search of the residence, documents and a computer were seized, and 100,000 bitcoins were found in his accounts.
The US Attorney's Office issued a 50-page indictment against 36 Infraud defendants. The text of the nine-point accusation is at the disposal of Rucriminal.info. The suspects are charged with a series of crimes - from identity theft and conspiracy to involve in a criminal group to organized racketeering.
“We are proud to provide the best dumps service on the market!” - read an advertisement on the Infraud platform, posted in May 2014, it offered the data of 124,000 bank cards of US users. The stolen credit card data was presented as "high quality, fresh, 90% valid."
The geography of the crime covers a dozen countries, there are Slavic names in the list of the accused: in addition to the Russian Sergey Medvedev and the Ukrainian Svyatoslav Bondarenko, this is Alexei Klimenko Grfandhost, an unknown figurant under the nickname Malov, which may be his last name, and unlike everyone else, named by name - patronymic Andrey Sergeevich Novak. He owns also the Unicc.ru platform.
Sergei Medvedev, also known as Stells, segmed and serjbear, has been extradited to the US. In a Nevada County trial, he pleaded guilty to one count of racketeering conspiracy in March 2021 and was sentenced to 10 years in prison.
Recall that on January 14, 2022, the FSB announced the final defeat of the REvil hacker group.
As the Cheka-OGPU said, the FSB of the Russian Federation began to carry out active operational measures against members of the REvil hacker group in August 2021. And in September, the Investigative Department (SD) of the Ministry of Internal Affairs of the Russian Federation filed petitions with the court to seize items and documents containing state or other secrets protected by federal law, as well as to seize information about deposits and bank accounts of persons who were participants in REvil. In January 2022, as part of a case already initiated by the SD, the FSB carried out detentions. Active work, including investigative work, began shortly after Joe Biden, during a telephone conversation with Vladimir Putin in July 2021, called on Russia to take measures to stop the activities of hackers operating on its territory, “and emphasized that he was determined to continue combat the broader threat posed by ransomware.”
The Kremlin then reported that Putin had declared Russia's readiness "to jointly suppress criminal manifestations in the information space," but in the last month there were no such appeals from US departments.
The conversation was about REvil.
In 2021, there were several major cyber attacks against US businesses and companies that brought them to a halt. One of the loudest is the attack on the Colonial Pipeline, the largest pipeline network on the US East Coast for the supply of gasoline, diesel fuel and other petroleum products. The pumping of oil products was stopped for several days. In June 2021, all the factories of the largest meat producer JBS S.A. got up in the United States due to a cyber attack. As a result, the management of Colonial Pipeline paid the cybercriminals a ransom of 75 bitcoins ($4.5 million at the time of the transaction).
And so the July conversation between the two presidents led to the fact that in Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions, an operation was carried out, first against the participants of REvil, and now against the participants of The Infraud Organization.
Timofey Grishin
To be continued