“Bulletproof Hosting” Operators Pleaded Guilty in American Court

Last updated June 23, 2021

Written by:

Bill Toulas
Infosec Writer

Four key members of a popular and successful “bulletproof hosting” provider have admitted their guilt.
They are now facing maximum penalties of 20 years in prison, which is to be decided in the summer.
The service hosted notorious malware operations such as Zeus, SpyEye, Citadel, and Blackhole.

Four Eastern European nationals have pleaded guilty in front of the U.S. District Court of the Eastern District of Michigan judge, admitting their involvement in “bulletproof hosting” services provided between 2008 and 2015. These services are generally hiding the identities of their customers (and themselves), ignore all DMCA notices, do not have any policies regarding the prevention of illegal activities in place, and generally support malicious operations like malware distribution campaigns, etc.

The four men are Aleksandr Grichishkin (34) and Andrei Skvortsov (34) of Russia, Aleksandr Skorodumov (33, Lithuania), and Pavel Stassi (30, Estonia). The court believes the first two of these individuals are the founding members of the particular service, while the other two oversaw and managed the day-to-day operational activities.

The service hosted malware such as Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit. These strains have caused significant financial damage to U.S.-based companies and organizations between 2009 and 2015, so the hosting service played a neuralgic role in that.

As FBI’s special agent Timothy Waters states:

Over the course of several years, the defendants facilitated the transnational criminal activity of a vast network of cybercriminals throughout the world by providing them a safe haven to anonymize their criminal activity. This resulted in millions of dollars of losses to U.S. victims. Today’s guilty plea sends a message to cyber-criminals across the globe that they are not beyond the reach of the FBI and its international partners, and that anyone who facilitates or profits from criminal cyber activity will be brought to justice.

The four men will hear their sentences between June and September 2021, and each of them is facing a maximum penalty of 20 years in prison. This may sound disproportional to merely offering hosting services, but again, these people enabled operations that incurred huge financial losses to a large number of entities.

One of the most popular cases of this kind was the bust of the underground bunker in Germany, which happened in October 2019 and was trialed a year later. That service hosted dark websites such as child abuse platforms and marketplaces where all kinds of illegal transactions took place.

This website uses cookies to ensure you get the best experience on our website.

“Bulletproof Hosting” Operators Pleaded Guilty in American Court

Two People Offering 'Bulletproof Hosting' to Cybercriminals Sentenced in the US

DeepDotWeb Admin Pleads Guilty to Laundering $8.4 Million

18 Members of an ATM Skimming Operation Arrested in the U.S.

International Operation Results in Dark Web Child Abuse Platform Take-Down

The Operator of Deer.io Was Sentenced to 30 Months in a U.S. Prison

Latest Phishing Campaign Steals Jobs Portal User Credentials