Spam Nation (29 page)

Read Spam Nation Online

Authors: Brian Krebs

Tags: #Political Science, #Security (National & International), #Business & Economics, #Industries, #Computers & Information Technology, #Pharmaceutical & Biotechnology

But in September 2012, the court hearing the case refused to consider charges brought under the latter statute, stating that the statute of limitations for charging the defendants with using and distributing malicious computer programs had expired.

All but one of the accused—Permyakov—would recant their jailhouse confessions prior to the start of their trial, claiming they were under intense psychological pressure from investigators at the time. Artimovich says police even beat him up.

Permyakov, however, ultimately admitted to his role in the scheme and agreed to assist prosecutors in their investigation. For many who followed the trial closely, this was not much of a surprise. Prior to joining ChronoPay, Permyakov himself was an official with the Russian FSB.

Permyakov may well have also been the source of the leaked ChronoPay emails and documents. In his many rants and musings about the source of the breach, Vrublevsky remained adamant in his belief that the ChronoPay compromat was not stolen by hackers but instead leaked by someone in the company’s information technology department. Interestingly, while nearly all of the top ChronoPay employees saw years’ worth of their company email communications leaked as a result of that breach, Permyakov’s inbox was conspicuously absent from that archive.

In any case, it’s perhaps fitting that the trial of Vrublevsky and his
co-conspirators would unfold as a stellar example of the very corruption that the former ChronoPay CEO had schemed for so long to work to his commercial advantage.

Aeroflot claimed that its ability to accept plane reservations via its website and credit card processing facilities was sidelined for nearly a week by the DDoS attack from Festi, and that the attack cost the company at least 146 million Russian rubles (approximately $5 million). But as noted by Russian news media outlet
Novaya
Gazeta
, which covered the Vrublevsky case perhaps more closely and skeptically than any other news organization, the judge in the case cited the monetary damages in her ruling even though an arbitration court refused to acknowledge the figures and denied Aeroflot’s lawsuit to recover property damage claims in connection with the attack. Rather, the arbitration panel pointed out that most customers who could not purchase airline tickets online simply made their reservations through third-party booking services or else bought them by visiting Aeroflot ticket counters.

Toward the end of his trial—in June 2013, Vrublevsky was arrested and imprisoned yet again, allegedly for trying to intimidate a witness for the prosecution. The prosecutors charged that Vrublevsky called one of the witnesses—a woman named Nikita Evseeva—and that he had offered money in exchange for her silence. But according to
Novaya
Gazeta
and other Russian publications, the truth was that Evseeva’s signature had been forged on a document stating that she had viewed and confirmed the sanctity of evidence that the prosecution intended to present at trial.

Vrublevsky’s lawyers argued that they’d discovered Evseeva was in fact a friend or girlfriend of the law-enforcement officer who had investigated the DDoS attack for the prosecution. Vrublevsky, his attorneys claimed, had contacted Evseeva to convince her to state in court that her signature had been forged by investigators, and to offer her money so that she could make the trip to be present at his trial.

Vrublevsky’s attorneys were almost certainly correct in their assertion that the signature was forged, according to Aleksey Mikhaylov, an information security expert and Moscow native now living in New York City, who has followed the case religiously since its inception and has devoured news reports in the Russian press online and the occasional report in Western news publications. He explains the importance of the forged signature and the role of the witness in this case.

“Basically, the FSB investigators falsified some evidence, and unfortunately this is not uncommon in Russia,” Mikhaylov said. “In the Russian criminal trials, there is a term called
panitoi
, and this is someone who is supposed to be an outside person—someone who has no interest in or connection to the case, like in America where random people are called to jury duty—who is taken into the room where the evidence is handled, and he or she is supposed to be witness that everything is okay for the prosecution’s handling of evidence. In this case, the witness was supposed to verify that certain evidence gathered from Artimovich was not compromised. It’s supposed to be a completely random person, but the fact that the witness in this case was a good friend, if not girlfriend, of an investigator in the case is very suspect.”

Nevertheless, the court ignored the evidence presented by the defense and upheld the decision to imprison Vrublevsky for witness tampering.

For his part, Igor Artimovich gave an interview with the
New
York
Times
prior to his imprisonment stating that he was not responsible for Festi, and that his involvement with ChronoPay stemmed from a project within the company that had sought to develop a ChronoPay-branded antivirus product.

This may seem like a ridiculous and outlandish claim for a company that had been so instrumental in fostering the development and prosperity of the rogue antivirus industry—a business that sought to extort money from victims by planting malicious software on users’ systems and then pitching the sale of a worthless security product supposedly designed to remove the infection that it caused.

But there appears to be a kernel of truth to Artimovich’s claims. When I visited Vrublesky in Moscow in February 2011, he told me of plans to launch a ChronoPay-branded anti-malware solution codenamed ChronoPay Antivirus. I recall that we both shared an awkward laugh about this at the time, but among the many documents leaked from ChronoPay are technical papers referencing the development of different antivirus software modules. The documents suggest that the company had hired programmers to reverse engineer the free version of the commercial anti-malware product Malwarebytes.

By the end of July 2013, the court had reached a verdict. All four of the accused were found guilty. Vrublevsky and the Artimovich brothers each were sentenced to two-and-a-half years in a penal colony. Permyakov received a slightly lesser sentence of two years because he assisted prosecutors in their investigation.

Mikhaylov said that he strongly believes that nearly everything that happened with Vrublevsky in connection with his criminal case—the inception, investigation, prosecution, trial, and ultimate conviction—had very little to do with the execution of justice the way Westerners understand it, but it has everything to do with his old business partner Gusev, and more specifically to bribes that Gusev paid the Russian FSB.

He notes that the Russian criminal code and the legal framework are not particularly well-suited for prosecuting many high-tech crimes.

“Many years ago, when the issue of hacking and cybercrime first surfaced, the government introduced a law that says it’s illegal to gain unauthorized access to a computer system. And in this case, the prosecution argued that by attacking Assist [Aeroflot’s credit card processor], the hackers basically gained unauthorized access to Aeroflot because they were able to switch off its credit card processing and website,” Mikhaylov said.

“You cannot look at this and say it is logical or makes sense from a legal perspective. The prosecution had to work with what they
had to work with. That’s why they charged him with this thing even though in any normal court would have rejected it out of hand for any number of reasons. The prosecution did produce some of the evidence linking him to the Artimovich brothers. But it does seem that a lot of this evidence was either falsified, or due process wasn’t followed in the case.”

Mikhaylov noted that Aeroflot is 51 percent owned by the Russian government, and that the attack on this state asset was a source of shame and aggravation for many political powers-that-be in the country.

“The practice of businesses using corrupt law enforcement in Russia to fight each other and steal market share is very common,” he said. “But when one party is willing to pay big amounts of money or there are political folks involved, all due process goes out the window immediately. In those circumstances, political connections and financial matters dictate the outcome of the case.”

Mikhaylov said he believes Vrublevsky drastically underestimated the seriousness and potency of the case that his enemies had laid against him.

“When he initially got out of prison pending his trial, he tried to win the case on the merits, which was a big mistake and very naïve of him,” Mikhaylov said. “Maybe he felt there was some financial support behind the scenes, because of his previous bribes to corrupt law enforcement. Unfortunately for him, Gusev eventually found a much stronger weapon to use in this conflict and gained the upper hand. [Providing] $1.5 million in a single payment is a serious effort on his part, even by Russian corruption standards. I seriously doubt Vrublevsky spent that much, even taking into account his past efforts on resolving the Fethard conundrum and hiring Maltsev as his security chief afterwards. Gusev won the war, or at least the battle, by upping the ante considerably. I’m sure that now Vrublevsky would gladly pay twice as much to get out, but it’s a lot more difficult to negotiate from his current position.”

Mikhaylov predicted that Vrublevsky would not end up serving that much time in the penal colony, or if he does serve his full term, the high-profile nature of his imprisonment may serve to insulate him while he’s there.

“Pasha is rich guy, or at least he used to be rich guy. He had a house in the most affluent neighborhood outside of Moscow. He still owns a major share in ChronoPay. If I was him, I would sell everything to get out. In Russia it’s relatively doable, unless you have FSB working against you. They are ruling the country. If someone in FSB took $1.5 million from Gusev, there is probably no way they will accept money from Pasha. But there is another thing that works for Vrublevsky. His case got a lot of attention, which means maybe he will be watched over by the prison’s administration. There are hundreds of articles on him and this case. My guess is the prison and the Russian government doesn’t want a public figure like him to get raped and cut in prison. That’s bad publicity.”

Mikhaylov is quick to note that he’s no apologist for Vrublevsky, who he views as the inevitable target of karmic justice.

“At the very least, it produced something positive. Pavel was held accountable for a very tiny fraction of his crimes,” Mikhaylov said. “His trial was obviously a fraud, and due process was not followed. But Pasha will get out of prison very angry, probably in a year or so. He will be looking for blood, and who knows? Maybe a few years down the road, Gusev will share the same fate.”

Many of Mikhaylov’s predictions have come true on several levels. It’s not clear whether Vrublevsky paid for the privilege, but in June 2014—less than a year into his two-and-a-half-year prison sentence—he was released without any public explanation (as far as I could determine through extensive research) and allowed to return home to his family in Moscow.

Local Russian newspapers suggested that he’d been sprung from jail because his government needed him. In response to U.S. sanctions against Russia for funding and organizing pro-Russian separatists who
were causing unrest and armed conflict in Ukraine, Visa and MasterCard in March 2014 stopped servicing payments for clients of at least two top Russian banks. Russian President Vladimir Putin responded by signing into law a bill that required the creation of a homegrown, cashless national payments system to route around the credit card companies. The law also imposed stiff new requirements on international payments providers operating in Russia.

In a telephone interview shortly after his release, Vrublevsky told me that his lawyers had strictly forbidden him from discussing his case. He said he had no idea why he was released early, but that he didn’t think it had anything to do with the national payments system.

“It was probably because I’ve been a good fireman,” Vrublevsky said, explaining that for the last five months that he was in prison he had volunteered to work as a fireman for the remote village that surrounded the penal colony—a former coal mining area in the Ryazan Oblast region of Russia approximately 200 kilometers southeast of Moscow.

“I’ve seen things and places that people shouldn’t see, but I’ve seen some funny stuff as well,” Vrublevsky said in response to questions about his prison sentence. “I get out and people are asking me about the national payments system, and I’m sitting there saying, ‘Man, are you joking? I can pretty much tell you about how to feed cows with fireman water, but I don’t know anything about the latest changes in the federal law’!”

Vrublevsky remains the principal shareholder in ChronoPay, a company he is looking to sell as soon as he can. When I asked whether he was concerned that his recent scandal and incarceration might hinder that effort, Vrublevsky intimated that whatever didn’t kill him and his company would only make them both stronger.

“Do you think that BMW is a good car? This is a company that was making engines for German airplanes in World War II. So there’s your answer. When someone is making a good product—and ChronoPay is a good product—all these other things are secondary.”

Gusev remains in exile from Russia, where he is currently wanted on criminal charges of running an illegal business in GlavMed and SpamIt. Vrublevsky said he believes Gusev is hiding with his family somewhere in Spain or in Turkey, but that could not be independently confirmed. In any case, wherever Gusev is today, it’s unlikely he’ll be traveling anytime soon. In a 2011 interview, he said he was worried that the international organization of police agencies—Interpol—might post a notice for his arrest, should he decide to cross European borders.

“I’m expecting that very soon I could be in the Interpol database,” Gusev said. “I’m already in the database of Russian police, so I’m not able to come to Russia, unfortunately. I’m sure Pavel is doing all he can to have my name put on the list of Interpol, and it could be very dangerous for me to go by plane or some kind of border transport.”

Other books

Chaos Burning by Lauren Dane
Command Decision by Haines, William Wister
Buried in a Book by Lucy Arlington
Immortal Desire by Tompkins, Denise
Ken Grimwood by Replay
The Last Enchantments by Finch, Charles
Living Room by Sol Stein