Fighting cybercrime on all fronts, U.S. law enforcement makes headline news nailing the bad guys at home and abroad
In private industry, robust cybersecurity tools, technologies, and training help organizations secure their assets against relentless attacks by cybercriminals. The responsibility for protecting customer data, intellectual property, and other company assets rests on each organization’s shoulders. Business partnerships with expert solution providers help ensure that cybersecurity services remain effective and current.
Beyond these commercial security measures, federal law enforcement provides a vital defense against cybercrime, although often behind-the-scenes. When they succeed in nailing the bad guys now and then it generally makes headline news. Two recent successes resulted from the efforts of the U.S. State Department, Federal Bureau of Investigation, Secret Service, and Department of Justice. In at least one recent case, U.S. law enforcement collaborated with international authorities in fighting cybercrime on an international scale.
DDoS Attacks an Increasingly Popular Cybercrime
Distributed Denial of Service (DDoS) attacks are illegal, criminal, disruptive, and destructive. A DDoS attack bombards a targeted website, server, or other internet-connected device or platform with floods of fake or illegitimate traffic. DDoS attacks are specifically designed to overwhelm the target—disrupting internet connections, slowing down or freezing websites, and interrupting normal operations for the targeted business.
Unlike ransomware attacks, DDoS criminals do not profit by extorting ransom payments from their victims. The financial model of DDoS attacks is different, with criminal sellers offering DDoS attacks and related “services” to criminal buyers who generally pay with cryptocurrency. Sellers may offer their buyers temporary use of DDoS botnets, enabling them to leverage large networks of malware-infected computers to wreak more extensive chaos.
Two forms of DDoS services for hire are booter and stresser services, so named because their intent is to either “boot” the targeted victim off the internet or to “stress test” a target computer or network to the point of failure. According to the FBI, established booter and stresser services have proven popular because of their convenience. They make it easier for cybercriminals to conduct DDoS attacks by allowing them to pay to use an established network of infected devices, rather than having to create their own. As an added bonus, booter services may also obscure where the DDoS activity is coming from and who is behind it.
The Computer Fraud and Abuse Act (18 U.S. Code §1030) is a cybersecurity law enacted to discourage hacking and protect computers connected to the Internet by making it illegal to victimize computer systems. DDoS attacks, which essentially weaponize web traffic, are illegal under the law. Cybercriminals engaged in DDoS attacks face serious consequences, including (1) seizure of their computers and other electronic devices, (2) arrest and criminal prosecution, (3) significant prison sentences, and (4) fines and penalties.
Criminals Behind DDoS Attacks Nabbed by FBI
Sergiy Usatyuk and Matthew Gatrel can personally attest to those consequences. Usatyuk, of Illinois, operated multiple booter services and related websites that launched millions of disruptive DDoS attacks over a three-year period. Today, he is paying a price for his crimes, sentenced to 13 months in prison followed by three years of supervised release. According to the U.S. Department of Justice press release, he was also ordered to forfeit $542,925 in illegal proceeds along with dozens of servers and other computer equipment used in the DDoS attacks
Matthew Gatrel, also of Illinois, was convicted on charges of violating the Computer Fraud and Abuse Act by committing unauthorized impairment of a protected computer and conspiring to commit wire fraud. He is serving a two-year prison sentence.
Three Florida men await sentencing after pleading guilty in February, March, and April of 2023 to conspiring to violate the Computer Fraud and Abuse Act by operating a booter service. They are Angel Manuel Colon Jr. of Belleview in Central Florida, and Shamar Shattock of Margate and Cory Anthony Palmer of Lauderhill in South Florida. A San Antonio man, Jeremiah Sam Evans Miller, is also awaiting sentencing.
As part of a concentrated and ongoing effort, in early May 2023 the FBI seized and disabled more than a dozen booter services websites. According to the press release, the sites had been used to launch millions of attacks against victims ranging from school systems and universities to financial institutions and government agencies.
Victims of DDoS attacks are urged to contact their local FBI field office or file a complaint with the Internet Crime Complaint Center, regardless of the degree of financial loss or when the incident occurred. Complaints filed in this manner assist the FBI in successfully fighting cybercrime by identifying illegal activity and bringing cybercriminals to justice.
Feds Put Bounty on Credit Card Theft Mastermind
DDoS attacks, and the illegal services that enable them, are not the only cybercrimes being fought by the FBI and other domestic and international authorities. On May 3, 2023, the U.S. District Court for the Eastern District of New York issued an indictment charging notorious cybercriminal, Denis Gennadievich Kulkov, with access device fraud, computer intrusion, and money laundering in connection with his operation of Try2Check, an illegal enterprise.
Concurrent with the indictment, Try2Check websites were seized and disabled by authorities, and the U.S. State Department posted a $10 million reward for information leading to the capture of Kulkov, who resides in the Volga region of western Russia. The State Department also announced a reward of up to $1 million for information leading to the identification of other key leaders of the Try2Check transnational cybercrime organization.
According to the indictment, Kulkov established Try2Check as a primary tool of the illicit credit card trade by offering users the ability to quickly determine the validity of a stolen credit card number. Even uploading thousands of card numbers at a time, cybercriminals receive an immediate report of which numbers are valid and therefore of value to potential buyers. For enhanced credibility, Try2Check illegally exploited a major U.S.-based payment processing company’s systems in order to perform the validations.
This sophisticated business model abetted credit card fraud to the tune of tens of millions of dollars in losses each year. Between September 2021 and September 2022, for example, Try2Check conducted at least 17 million card validations.
Kulkov himself has made more than $18 million in profits in bitcoin alone, using some of those proceeds to purchase flashy cars and luxury goods and support an affluent lifestyle in Samara, Russia. Given the $10 million bounty now offered by the U.S. State Department, chances are Kulkov won’t risk leaving Russia anytime soon.
“Today is a bad day for criminals who relied on the defendant’s platform as the gold standard to verify that the credit cards they stole from hard working individuals … had value,” noted Breon Peace, U.S. Attorney for the Eastern District of New York. The press release requests that anyone having information about Kulkov contact the U.S. Secret Service at MostWanted@usss.dhs.gov.
While protecting customer data, intellectual property, and other company assets is the responsibility of individual organizations, federal authorities are fighting cybercrime every day, although we may not be aware of their efforts until arrest and indictments make headline news.
In two recent examples, U.S. authorities arrested operators of more than a dozen DDoS booter services and charged them with violations of the Computer Fraud and Abuse Act. Among those awaiting sentencing are three Florida men from Lauderhill, Margate, and Belleview. Authorities also indicted Denis Kulkov, the criminal mastermind behind Try2Check, and have posted a $10 million reward for information leading to his capture along with separate reward for information leading to the identification of other key leaders of his illegal operation.
Enterprising cybercriminals are constantly inventing new ways to make various cybercrimes more effective, more convenient, and more profitable. Do your part in fighting cybercrime by maintaining robust defenses, conducting regular risk assessments, and making sure that all applicable compliance requirements are fully met.