Over the past few years, the ubiquity of cryptocurrency has made cybercrime easier to monetize. The promise of a quick buck has attracted would-be cybercriminals who lack the traditional skill set required to engage in anything beyond a low-level hack. Much like their aboveboard capitalist counterparts, black market entrepreneurs have stepped in to fill that skills gap. In doing so, they have created a burgeoning cybercrime-as-a-service (CAAS) marketplace.
On Wednesday, May 16, 2018, the Department of Justice released a statement announcing the conviction of one of the larger CAAS operators of the past decade. Ruslans Bondars, a noncitizen of the former U.S.S.R. living in Latvia, was convicted following a 5-day jury trial on one count of “conspiracy to violate the Computer Fraud and Abuse Act, one count of conspiracy to commit wire fraud, and one count of computer intrusion with intent to cause damage and aiding and abetting.”
Bondars ran Scan4you, a service that scanned malware for cybercriminals, testing against current antivirus software and helping hackers fine-tune their malware so that it beat detection. Regardless of how much he made through Scan4you, from 2009 through 2016, Bondars helped to increase the overall destruction caused by threat actors to “U.S. retailers, financial institutions, and government agencies.”
The press release states that Scan4you was used by thousands of threat actors at its peak. Two of these attacks account for almost $800 million in business losses alone.
According to researchers at cybersecurity firm Trend Micro, which helped shut down Scan4you, the arrest of Bondars and his associate Jurijs Martisevs (who pleaded guilty) has helped chill counter-antivirus services. After Bondars and Martisevs were arrested, Trend Micro noticed that there was no growth in the number of Web reputation scans by the cybercriminals operating the VirusCheckMate counter-antivirus service, the only known remaining operator in this market.
Gizmodo reports that Trend Micro first recognized Scan4you in 2012 when “it noticed Latvian corporate servers kept pinging them to test URLs related to a private exploit kit called g01pack.” After a little leg work, it figured out what was happening and shared its information with the Federal Bureau of Investigation in 2014 while continuing to track Scan4you’s activity.