Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/29/2020
05:25 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Russian Cybercriminal Behind CardPlanet Sentenced to 9 Years

Aleksei Burkov will go to federal prison for operating two websites built to facilitate payment card fraud, hacking, and other crimes.

Russian national Alexei Yurievich Burkov has been sentenced to nine years in federal prison for his operation of two websites, CardPlanet and Direct Connection, dedicated to payment card fraud, computer hacking, and other crimes, the Department of Justice said late last week.

CardPlanet was a so-called "carding" website built to sell credit and debit card numbers stolen through computer hacking. Many of the card numbers sold belonged to US citizens, and more than 150,000 stolen payment card numbers were sold on CardPlanet, resulting in at least $20 million in fraudulent purchases made with US payment card accounts.

The price of stolen payment cards ranged from $2.50 to $60 on CardPlanet depending on the card type, country of origin, and availability of cardholder data like name and address. To encourage purchases, Burkov offered a fee-based "checker" service that enabled customers to verify stolen payment card numbers. If a card was invalid, Burkov promised to replace it. He advertised his shop as the only one that would refund the price of invalid payment card data. 

Some customers who bought stolen data from CardPlanet encoded the numbers on counterfeit payment cards embossed with the card company's logo, without the company's knowledge or consent, the indictment states. These counterfeit cards were used to buy goods and services across the United States, both in-person and online.

In addition to CardPlanet, the indictment alleges Burkov and his co-conspirators ran an online forum where elite cybercriminals could meet in a secure place to plan crimes, help one another commit crimes and avoid law enforcement, and buy and sell stolen goods and services: payment card numbers, personally identifiable information, botnets, and other malware. While the indictment does not specify the forum's name, some reports call it Direct Connection.

The forum was divided into several subsections so members could comment on different topics including news, online shopping, buying and selling payment card data, carding documents and equipment, bank account cashouts and bank transfers, and information security topics like databases, botnets, Trojans, scripts, and exploits. Burkov was active on the forum several times per week and used it to drive traffic back to CardPlanet and further his illicit operations there.

Burkov also used this forum to advertise his illegal services and find others selling illicit goods and services he wanted to buy, officials explain in the indictment. He and his co-conspirators controlled access to the forum so as to avoid infiltration. Applicants were required to have three members vouch for them to verify their reputation for, and history of, cybercrime. They had to put up a sum of money – usually around $5,000 – as insurance in case they failed to pay for services on the forum, and all members of the forum had to vote on their acceptance.

"These measures were designed to keep law enforcement from accessing Burkov’s cybercrime forum and to ensure that members of the forum honored any deals made while conducting business on the forum," officials explain in a statement.

Burkov was arrested at the Ben-Gurion Airport near Tel Aviv, Israel in December 2015; an Israeli district court approved his extradition in 2017. He was extradited to the US in November 2019. In January 2020 he pleaded guilty to one count of access device fraud and one count of conspiracy to commit access device fraud, identity theft, computer intrusions, wire fraud, and money laundering.

A Long Road to Sentencing

It's rare to see a Russian cybercriminal extradited and sentenced. This sentencing did not arrive without pushback from Moscow, which fought for four years to keep Burkov from being extradited to the United States. As KrebsOnSecurity notes, Israel turned down requests to send the cybercriminal back to Russia, where he allegedly faced other hacking charges. When that didn't work as planned, Russia imprisoned an Israeli woman in an attempt to trade prisoners.

The FBI and Homeland Security Investigation (HSI) unit, US authorities for bringing cybercrime to justice, are often challenged to bring cybercriminals to the US for prosecution despite help from Interpol and other agencies. Even if the US has an extradition treaty in place with a country, the government can choose not to extradite individuals on a case-by-case basis.

More than 76 countries do not have an extradition treaty with the US, meaning even known criminals have a low chance of being brought to justice. This is the case with Russia and China, whose citizens are not extradited to the United States. Because of this, US authorities typically monitor the criminals' activity and try to learn when they plan to travel to another country.

Burkov isn't the first Russian cybercriminal to be extradited to the United States. Peter Yuryevich Levasho, operator of the Kelihos botnet, was arrested in Barcelona in April 2017 and extradited to the US, where he pleaded guilty in federal court to charges related to criminal activities. Russian national Yevgeniy Nikulin, accused of breaking into Dropbox and the 2012 cyberattack on LinkedIn, was extradited to the US after being detained in the Czech Republic.

Related Content:

 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 
Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/30/2020 | 11:03:32 PM
9 Years
Its good to see that criminal cyber activity is having enforced consequences. We've seen a change in sentencing now that cybercrime is becoming more understood.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Exactly
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-6564
PUBLISHED: 2020-09-21
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.
CVE-2020-6565
PUBLISHED: 2020-09-21
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2020-6566
PUBLISHED: 2020-09-21
Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6567
PUBLISHED: 2020-09-21
Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2020-6568
PUBLISHED: 2020-09-21
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.