By The Star Staff
A Russian and Moldovan national pleaded guilty to three counts of violating anti-cyber crime laws associated with the IPStorm malware, local FBI officials announced Tuesday.
According to online reports, a botnet infrastructure had infected Windows systems then further expanded to infect Linux, Mac, and Android devices, victimizing computers and other electronic devices around the world, including in Asia, Europe, North America and South America.
In connection with the operation of that IPStorm malware and botnet proxy service, on Sept. 18, 2023, Sergei Makinin, a Russian and Moldovan national, pled guilty to three counts of violating the law by knowingly causing the transmission of a program that intentionally caused damage without authorization to protected computers. Each count of conviction carries a statutory maximum of 10 years in prison. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.
According to court documents, from at least June 2019 through December 2022, Makinin developed and deployed malicious software to hack thousands of internet-connected devices around the world, including in Puerto Rico. Makinin controlled the infected devices as part of an extensive botnet, which is a network of compromised devices. The main purpose of the botnet was to turn infected devices into proxies as part of a for-profit scheme, which made access to these proxies available through Makinin’s websites, proxx.io and proxx.net. Through those websites, Makinin sold illegitimate access to the infected, controlled devices to customers seeking to hide their internet activities. A single customer could pay hundreds of dollars a month to route traffic through thousands of infected computers. Makinin’s publicly accessible website advertised that he had more than 23,000 “highly anonymous” proxies from all over the world.
Makinin acknowledged that he gained at least $550,000 from the scheme. Pursuant to the plea agreement, Makinin will forfeit cryptocurrency wallets linked to the offense.
“This investigation shows that we will use every lawful tool at our disposal to disrupt cybercriminals, regardless of their location,” U.S. Attorney Stephen Muldrow said. “This case serves as a warning that the reach of the law is long, and criminals anywhere who use computers to commit crimes may end up facing the consequences of their actions in places they did not anticipate.”
Joseph González, special agent in charge of the FBI’s San Juan Field Office, noted that: “It is no secret that in present times, much criminal activity is conducted or enabled through cybernetic means. Cybercriminals seek to remain anonymous and derive a sense of security because they hide behind keyboards, often thousands of miles away from their victims.”
“The FBI’s cyber mission has been to impose risk and consequences on our adversaries, ensuring cyberspace is no safe space for criminal activity,” he added. “This case is one example of how we are doing just that, and I’d like to thank the DOJ’s Computer Crime and Intellectual Property Section, the U.S. Attorney’s Office for the District of Puerto Rico, and the FBI San Juan Cyber Team for their meticulous and relentless work in this case.”
The scope of the law enforcement dismantlement was limited to disabling the defendant’s infrastructure and did not extend to the information of the owners and users of the computers. The FBI emphasizes the importance of keeping computers updated with the latest security patches and operating systems.
The case was investigated by the FBI San Juan Cyber Team, with cooperation from the FBI legal attaché office in Madrid in coordination with the Spanish National Police-Cyber Attack Group; and the FBI Legal Attaché office in Santo Domingo, in coordination with the Dominican National Police-Interpol and Dominican National Police-International Organized Crime Division, and Ministry of the Interior and Police-Immigration Directorate. Valuable assistance was provided by the National Cyber-Forensics and Training Alliance (NCFTA.net), including Bitdefender DRACO Team, Anomali Threat Research, and Intezer. The NCFTA is an alliance of business and law enforcement working together to disrupt cybercrime.