A Russian national recently received eight years in prison for his role in operating a complicated scheme to steal and send sensitive personal and financial information that resulted in an estimated loss of over $100 million.
He worked with other cybercriminals to monetize data which had been stolen through "botnets," which are networks of infected computers.
Who is the Russian cybercriminal?
The criminal's name is Aleksandr Brovko, who is 36 years old and formerly of the Czech Republic. He plead guilty in February to conspiracy to commit bank and wire fraud.
Court documents show that Brovko was an active member of several elite online forums designed for Russian-speaking cybercriminals to gather and exchange their criminal tools and services.
Acting Assistant Attorney General Brian C. Rabbitt of the U.S. Justice Department's Criminal Division had this to say regarding Brovko's crimes:
"For over a decade, Brovko participated in a scheme to gain access to Americans' personal and financial information, causing more than $100 million in intended loss. This prosecution and the sentence imposed show the department's commitment to work with our international and state counterparts to bring cybercriminals to justice no matter where they are located."
U.S. Attorney G. Zachary Terwilliger for the Eastern District of Virginia also chimed in on Brovko:
"Aleksandr Brovko used his programming skills to facilitate the large-scale theft and use of stolen personal and financial information, resulting in over $100 million in intended loss. Our office is committed to holding these criminals accountable and protecting our communities as cybercrime becomes an ever more prominent threat. I also want to thank our prosecybercutors and investigative partners for their terrific work on this complex case."
The cybercrimes of Aleksandr Brovko
A DOJ press release goes into detail of the cybercrimes that Brovko committed.
From 2007 through 2019, he worked with other criminal hackers to monetize data that had been stolen through botnets. He wrote software scripts to analyze botnet logs and did extensive manual searches of the data to extract information that could be easily monetized. This information included online banking credentials and other personally identifiable information (PII).
On top of that, he would confirm the stolen account credentials were valid and assess whether the accounts had enough funds to make the attempt worthwhile.
Court documents show that he possessed and trafficked more than 200,000 unauthorized access devices during the course of his cybercrime campaign. These access devices consisted of either PII or financial account details. Under the U.S. Sentencing Guidelines, the estimated intended loss in this case has been calculated as exceeding $100 million.
