Four Eastern European nationals have pleaded guilty in front of the U.S. District Court of the Eastern District of Michigan judge, admitting their involvement in “bulletproof hosting” services provided between 2008 and 2015. These services are generally hiding the identities of their customers (and themselves), ignore all DMCA notices, do not have any policies regarding the prevention of illegal activities in place, and generally support malicious operations like malware distribution campaigns, etc.
The four men are Aleksandr Grichishkin (34) and Andrei Skvortsov (34) of Russia, Aleksandr Skorodumov (33, Lithuania), and Pavel Stassi (30, Estonia). The court believes the first two of these individuals are the founding members of the particular service, while the other two oversaw and managed the day-to-day operational activities.
The service hosted malware such as Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit. These strains have caused significant financial damage to U.S.-based companies and organizations between 2009 and 2015, so the hosting service played a neuralgic role in that.
As FBI’s special agent Timothy Waters states:
The four men will hear their sentences between June and September 2021, and each of them is facing a maximum penalty of 20 years in prison. This may sound disproportional to merely offering hosting services, but again, these people enabled operations that incurred huge financial losses to a large number of entities.
One of the most popular cases of this kind was the bust of the underground bunker in Germany, which happened in October 2019 and was trialed a year later. That service hosted dark websites such as child abuse platforms and marketplaces where all kinds of illegal transactions took place.