Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/29/2020
05:25 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Russian Cybercriminal Behind CardPlanet Sentenced to 9 Years

Aleksei Burkov will go to federal prison for operating two websites built to facilitate payment card fraud, hacking, and other crimes.

Russian national Alexei Yurievich Burkov has been sentenced to nine years in federal prison for his operation of two websites, CardPlanet and Direct Connection, dedicated to payment card fraud, computer hacking, and other crimes, the Department of Justice said late last week.

CardPlanet was a so-called "carding" website built to sell credit and debit card numbers stolen through computer hacking. Many of the card numbers sold belonged to US citizens, and more than 150,000 stolen payment card numbers were sold on CardPlanet, resulting in at least $20 million in fraudulent purchases made with US payment card accounts.

The price of stolen payment cards ranged from $2.50 to $60 on CardPlanet depending on the card type, country of origin, and availability of cardholder data like name and address. To encourage purchases, Burkov offered a fee-based "checker" service that enabled customers to verify stolen payment card numbers. If a card was invalid, Burkov promised to replace it. He advertised his shop as the only one that would refund the price of invalid payment card data. 

Some customers who bought stolen data from CardPlanet encoded the numbers on counterfeit payment cards embossed with the card company's logo, without the company's knowledge or consent, the indictment states. These counterfeit cards were used to buy goods and services across the United States, both in-person and online.

In addition to CardPlanet, the indictment alleges Burkov and his co-conspirators ran an online forum where elite cybercriminals could meet in a secure place to plan crimes, help one another commit crimes and avoid law enforcement, and buy and sell stolen goods and services: payment card numbers, personally identifiable information, botnets, and other malware. While the indictment does not specify the forum's name, some reports call it Direct Connection.

The forum was divided into several subsections so members could comment on different topics including news, online shopping, buying and selling payment card data, carding documents and equipment, bank account cashouts and bank transfers, and information security topics like databases, botnets, Trojans, scripts, and exploits. Burkov was active on the forum several times per week and used it to drive traffic back to CardPlanet and further his illicit operations there.

Burkov also used this forum to advertise his illegal services and find others selling illicit goods and services he wanted to buy, officials explain in the indictment. He and his co-conspirators controlled access to the forum so as to avoid infiltration. Applicants were required to have three members vouch for them to verify their reputation for, and history of, cybercrime. They had to put up a sum of money – usually around $5,000 – as insurance in case they failed to pay for services on the forum, and all members of the forum had to vote on their acceptance.

"These measures were designed to keep law enforcement from accessing Burkov’s cybercrime forum and to ensure that members of the forum honored any deals made while conducting business on the forum," officials explain in a statement.

Burkov was arrested at the Ben-Gurion Airport near Tel Aviv, Israel in December 2015; an Israeli district court approved his extradition in 2017. He was extradited to the US in November 2019. In January 2020 he pleaded guilty to one count of access device fraud and one count of conspiracy to commit access device fraud, identity theft, computer intrusions, wire fraud, and money laundering.

A Long Road to Sentencing

It's rare to see a Russian cybercriminal extradited and sentenced. This sentencing did not arrive without pushback from Moscow, which fought for four years to keep Burkov from being extradited to the United States. As KrebsOnSecurity notes, Israel turned down requests to send the cybercriminal back to Russia, where he allegedly faced other hacking charges. When that didn't work as planned, Russia imprisoned an Israeli woman in an attempt to trade prisoners.

The FBI and Homeland Security Investigation (HSI) unit, US authorities for bringing cybercrime to justice, are often challenged to bring cybercriminals to the US for prosecution despite help from Interpol and other agencies. Even if the US has an extradition treaty in place with a country, the government can choose not to extradite individuals on a case-by-case basis.

More than 76 countries do not have an extradition treaty with the US, meaning even known criminals have a low chance of being brought to justice. This is the case with Russia and China, whose citizens are not extradited to the United States. Because of this, US authorities typically monitor the criminals' activity and try to learn when they plan to travel to another country.

Burkov isn't the first Russian cybercriminal to be extradited to the United States. Peter Yuryevich Levasho, operator of the Kelihos botnet, was arrested in Barcelona in April 2017 and extradited to the US, where he pleaded guilty in federal court to charges related to criminal activities. Russian national Yevgeniy Nikulin, accused of breaking into Dropbox and the 2012 cyberattack on LinkedIn, was extradited to the US after being detained in the Czech Republic.

Related Content:

 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 
Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/30/2020 | 11:03:32 PM
9 Years
Its good to see that criminal cyber activity is having enforced consequences. We've seen a change in sentencing now that cybercrime is becoming more understood.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5595
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute...
CVE-2020-5596
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a mali...
CVE-2020-5597
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products o...
CVE-2020-5598
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop ...
CVE-2020-5599
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remo...