Computer Crime Research Center


Ukrainian hacker

Date: May 19, 2006

... E-mails requesting comment were not returned.

On its home page, RAT Systems denies any malicious intent: "In general, we're against destructive payloads and the spreading of viruses. Coding spyware is not a crime." But the "terms of service" guarantee that its spyware products will be undetectable by the antivirus software made by security companies such as McAfee Inc. (MFE ) and Symantec Corp. (SYMC ). One product, called the TAN Systems Security Leak, created for attacking German companies, sells for $834. "It's like [saying]: 'Yes, I sell guns to someone who sells crack, but I'm not responsible for them,"' says the Postal Service's Crabb.

Postal Inspection Service officials are also investigating Smash's activity as a senior member of the International Association for the Advancement of Criminal Activity, which they describe as a loose-knit network of hackers, identity thieves, and financial fraudsters. Smash and another sought-after hacker named Zo0mer jointly operate IAACA's Web site,, one of the most popular and virulent data trading sites, according to U.S. officials. Hosted by a Web service in Malaysia, the home page boasts cartoon ads of fraudsters using credit cards at banks and stores as police cars give chase. Smash, listed as a moderator on the site, did not return e-mails seeking comment.

On May 11, 2005, Massachusetts Attorney General Tom Reilly filed a lawsuit against Leo Kuvayev and six accomplices, accusing them of sending millions of spam e-mails to peddle counterfeit drugs, pirated software, fake watches, and pornography. Kuvayev, a 34-year-old native of Russia who uses the nickname BadCow, is one of the world's top three spammers, according to anti-spam group Spamhaus. State officials allege that Kuvayev and his associates used a number of Web-hosting services from the U.S. and around the world to launch attacks. Kuvayev was charged with violating the federal CAN-SPAM Act of 2003, which requires that unsolicited commercial e-mail be accurate and honest.

Massachusetts was able to go after Kuvayev because he listed a Massachusetts address on his driver's license and conducted business using a Boston Post Office box. On Oct. 11, 2005, after none of the defendants appeared to answer the charges, a Superior Court judge issued a default judgment against them. The judge found the spammers in violation of state and federal consumer protection laws and ordered a permanent shutdown of dozens of illegal Web sites. Kuvayev and his co-defendants were ordered to pay $37 million in civil penalties for sending nearly 150,000 illegal e-mails.

Federal law enforcement officials believe Kuvayev's operation was pulling in more than $30 million a year. State officials suspect Kuvayev fled to Russia before he was sued. "The problem is, Russia does not have any antispamming laws at the moment," says Crabb. "It's hard to catch someone who isn't breaking the law." Kuvayev did not respond to requests for comment e-mailed to Web sites affiliated with him, and phone numbers listed under his address were not working.

Bank robbers rob banks because that's where the money is. For hackers, the best loot is often found inside the networks of credit-card processors, the middlemen that handle card transactions for merchants and banks.

Postal Inspection Service officials say they are investigating Roman Khoda, aka My0, on suspicion he could be connected to the theft of a million credit card numbers in recent years.

A 26-year-old Russian with a university degree in physics, Khoda once worked with the leading members of carderplanet, according to Schambura. U.S. officials describe carderplanet as one of the largest online marketplaces used to buy and sell pilfered bank-account and card data, until it was broken up by U.S. and foreign officials in August, 2004. But Khoda is unlike some cocky hackers who often write their own digital signatures into malicious code, says Crabb; he operates with stealth. At carderplanet and successor Web sites, he has not left a detailed trail connecting him directly to stolen data. Crabb says Khoda and two accomplices conducted extensive due diligence on the computer networks of targets, even setting up fake companies with accounts at credit-card processors to test for holes in the system. Then they lugged PCs to a rented apartment on the Mediterranean island of Malta, according to Crabb. Using proxy servers in the U.S., China, and Ukraine to hide their Internet connection, Khoda &Co. unleashed their attacks.

Investigators say Khoda even keeps a low profile in the often-gabby cybercommunity. A search of popular underground trading sites turns up little evidence of My0. A woman who answered a Russian phone number for Khoda provided by U.S. law enforcement said it is no longer registered to him. E-mails and instant messages sent to Khoda's ICQ instant messaging number were not returned.

But in instant messages viewed by officials at the National Cyber-Forensics and Training Alliance, a cybercrime intelligence unit jointly operated by the FBI and Postal Inspection Service, in partnership with universities, Khoda complains how his life would be upended if his real identity were exposed. The reason? U.S. officials say he worries that information about his online activities could hurt his offline businesses in Russia.
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2011-01-27 22:24:31 - thanks a lot scruby112
2011-01-19 23:13:29 - i need a real vender ryaan karlov
2010-12-17 03:19:49 - hello how are you doing today boss am a... loo.thang
2010-07-26 13:02:47 - Special Service For Carding From Big... Tzu
2010-05-07 04:47:23 - I am looking for a good hacker who has... John
2009-12-12 07:13:27 - i need hacker that have the (mtcn)info... jones
2008-06-30 13:37:07 - i want ccv2 valid or forum diesel
2008-02-11 08:05:44 - i kak vsegda vo vsem vinovatu mu. Sam s... Mayhem
2007-02-26 01:44:02 - Dein Aufstellungsort verdient nur gute... totti
2007-02-22 08:53:54 - Nice site you have!... dizionario
Total 11 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo