Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

05:25 PM
Connect Directly

Russian Cybercriminal Behind CardPlanet Sentenced to 9 Years

Aleksei Burkov will go to federal prison for operating two websites built to facilitate payment card fraud, hacking, and other crimes.

Russian national Alexei Yurievich Burkov has been sentenced to nine years in federal prison for his operation of two websites, CardPlanet and Direct Connection, dedicated to payment card fraud, computer hacking, and other crimes, the Department of Justice said late last week.

CardPlanet was a so-called "carding" website built to sell credit and debit card numbers stolen through computer hacking. Many of the card numbers sold belonged to US citizens, and more than 150,000 stolen payment card numbers were sold on CardPlanet, resulting in at least $20 million in fraudulent purchases made with US payment card accounts.

The price of stolen payment cards ranged from $2.50 to $60 on CardPlanet depending on the card type, country of origin, and availability of cardholder data like name and address. To encourage purchases, Burkov offered a fee-based "checker" service that enabled customers to verify stolen payment card numbers. If a card was invalid, Burkov promised to replace it. He advertised his shop as the only one that would refund the price of invalid payment card data. 

Some customers who bought stolen data from CardPlanet encoded the numbers on counterfeit payment cards embossed with the card company's logo, without the company's knowledge or consent, the indictment states. These counterfeit cards were used to buy goods and services across the United States, both in-person and online.

In addition to CardPlanet, the indictment alleges Burkov and his co-conspirators ran an online forum where elite cybercriminals could meet in a secure place to plan crimes, help one another commit crimes and avoid law enforcement, and buy and sell stolen goods and services: payment card numbers, personally identifiable information, botnets, and other malware. While the indictment does not specify the forum's name, some reports call it Direct Connection.

The forum was divided into several subsections so members could comment on different topics including news, online shopping, buying and selling payment card data, carding documents and equipment, bank account cashouts and bank transfers, and information security topics like databases, botnets, Trojans, scripts, and exploits. Burkov was active on the forum several times per week and used it to drive traffic back to CardPlanet and further his illicit operations there.

Burkov also used this forum to advertise his illegal services and find others selling illicit goods and services he wanted to buy, officials explain in the indictment. He and his co-conspirators controlled access to the forum so as to avoid infiltration. Applicants were required to have three members vouch for them to verify their reputation for, and history of, cybercrime. They had to put up a sum of money – usually around $5,000 – as insurance in case they failed to pay for services on the forum, and all members of the forum had to vote on their acceptance.

"These measures were designed to keep law enforcement from accessing Burkov’s cybercrime forum and to ensure that members of the forum honored any deals made while conducting business on the forum," officials explain in a statement.

Burkov was arrested at the Ben-Gurion Airport near Tel Aviv, Israel in December 2015; an Israeli district court approved his extradition in 2017. He was extradited to the US in November 2019. In January 2020 he pleaded guilty to one count of access device fraud and one count of conspiracy to commit access device fraud, identity theft, computer intrusions, wire fraud, and money laundering.

A Long Road to Sentencing

It's rare to see a Russian cybercriminal extradited and sentenced. This sentencing did not arrive without pushback from Moscow, which fought for four years to keep Burkov from being extradited to the United States. As KrebsOnSecurity notes, Israel turned down requests to send the cybercriminal back to Russia, where he allegedly faced other hacking charges. When that didn't work as planned, Russia imprisoned an Israeli woman in an attempt to trade prisoners.

The FBI and Homeland Security Investigation (HSI) unit, US authorities for bringing cybercrime to justice, are often challenged to bring cybercriminals to the US for prosecution despite help from Interpol and other agencies. Even if the US has an extradition treaty in place with a country, the government can choose not to extradite individuals on a case-by-case basis.

More than 76 countries do not have an extradition treaty with the US, meaning even known criminals have a low chance of being brought to justice. This is the case with Russia and China, whose citizens are not extradited to the United States. Because of this, US authorities typically monitor the criminals' activity and try to learn when they plan to travel to another country.

Burkov isn't the first Russian cybercriminal to be extradited to the United States. Peter Yuryevich Levasho, operator of the Kelihos botnet, was arrested in Barcelona in April 2017 and extradited to the US, where he pleaded guilty in federal court to charges related to criminal activities. Russian national Yevgeniy Nikulin, accused of breaking into Dropbox and the 2012 cyberattack on LinkedIn, was extradited to the US after being detained in the Czech Republic.

Related Content:

Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 
Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
6/30/2020 | 11:03:32 PM
9 Years
Its good to see that criminal cyber activity is having enforced consequences. We've seen a change in sentencing now that cybercrime is becoming more understood.
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "The truth behind Stonehenge...."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-03-02
Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin acces...
PUBLISHED: 2021-03-02
Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request.
PUBLISHED: 2021-03-02
Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class.
PUBLISHED: 2021-03-02
A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.
PUBLISHED: 2021-03-02
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.