The United States has uncovered an international cybercriminal organization called Infraud headed by Ukrainian citizen Svyatoslav Bondarenko.
Infraud, the top ranks of which included 36 hackers led by Bondarenko, 34, purchased goods using fake or stolen credit card information, causing damage of around $530 million to various businesses and financial organizations, according to a U.S. Justice Department statement published on Feb. 7.
Thirteen of the 36 hackers have been arrested in the United States, Australia, the United Kingdom, France, Italy, Kosovo, and Serbia. Bondarenko, however, has not been found.
The internet-based cybercriminal enterprise was engaged in the large-scale acquisition, sale, and dissemination of stolen personal data, compromised debit and credit cards, personally identifiable information, financial and banking information, and computer malware.
The criminals used cryptocurrencies, private messaging, browser anonymizers (VPN), and other software to secure and hide their crimes. With the motto “In Fraud We Trust,” the hackers from Infraud committed identity theft, bank and wire fraud, and other computer crimes.
Acting Assistant Attorney General John P. Cronan said on Feb. 7 that it was the largest cyberfraud prosecution ever undertaken by the U.S. Department of Justice.
“As alleged in the indictment, Infraud operated like a business to facilitate cyberfraud on a global scale,” said Cronan.
Despite the fact that none of Infraud’s hackers had ever met in person and didn’t even know the true identities of their peers, the organization had its own hierarchy and defined roles.
There were administrators managing all operations and approving membership; moderators, who oversaw and moderated specific subject-matter areas; vendors, who sold illegal products to Infraud members; and, at the bottom, members who gathered information and facilitated their criminal activities.
Bondarenko nicknamed “Obnon”, “Rector”, and “Helkern,” founded Infraud in 2010. Over seven years it turned into a widespread network estimated to have 11,000 members around the world.
Besides founder Bondarenko, the group included another Ukrainian, Alexey Klimenko (aka “Grandhost”) and Russian Andrey Sergeevich Novak (aka “Unicc”).
David Rybicki, supervisor of the Division’s Organized Crime and Gang Section in the U.S. Department of Justice, said a recent report predicts that the annual cost of global cybercrime will exceed $2 trillion by 2019 – four times as much as estimates made in 2015.
“Cybercriminals from Ukraine are a common thing,” said Kyrylo Korol, an associate at law firm Axon Partners. “While many remain unknown due to their outstanding skills at remaining undercover, some are revealed.”
Recent examples include Sergey Vovnenko and Vadym Iermolovych, who were sentenced to 41 months and two-and-a-half years respectively for operating a “botnet” had been getting access to computers, stealing news releases before their planned publication and asking for a ransom. More than 10,000 computers were hacked this way.
“In the U.S. there is a federal law called the Computer Fraud and Abuse Act that prescribes the highest punishment of 10 years for first offenders, and 20 years for repeat offenders involved in cybercrimes,” Korol told the Kyiv Post.
Meanwhile, the U.S. House of Representatives passed a “Ukraine Cybersecurity Cooperation Act”, which should promote cooperation between Ukraine and the United States in the field of cybersecurity to counter Russian cyberwarfare.