Blackhole gang shipping off to Russian penal colony

Seems like just yesterday, the whole infosec world was obsessed with Blackhole. And we had every right to be.

Blackhole brought together complete, easy-to-use tools for criminals who wanted to take control of your computers, and complete systems for managing huge networks of infected devices. Of course, once they “owned” you, they could deliver malware to attack you in infernally creative ways, from stealing passwords and financial account credentials to encrypting and ransoming your data.

While Blackhole’s component technologies weren’t all new, the global reach of its modern “rental” business model was. Blackhole dominated the worldwide crimeware market throughout 2012 and into early 2013. And huge profits went straight into the pockets of a team of Russian criminals.

Until they were arrested in October 2013 – and convicted this week.

The notorious “Paunch” – real-name Dmitry Fedotov – has been sentenced to seven years in a Russian penal colony. It may be awhile before he drives this Porsche Cayenne again (photo shared by prominent security researcher Brian Krebs.)

Fedotov’s confederates also received prison sentences, ranging from 5 and a half to 8 years. According to the Russian news agency TASS, one was sentenced in absentia, and remains at large. (He’s Vladimir Popov Artem Palchevsky. Keep an eye out.)

As we reported in October 2013, Blackhole had come to account for only a small percentage of new malware infections. But it had already established a template for other gangs and other exploit kits (think of Angler, which we covered in great depth here, and recently exposed as the source of a new wave of ransomware attacks).

After Fedotov’s arrest, remaining Blackhole activity plummeted. And, sitting in jail, Fedotov’s gang couldn’t keep advancing its even more sophisticated and exclusive Cool Exploit Kit.

Nobody has ever come up with a true estimate of how much money Blackhole earned for its creators – much less, a true estimate of what it cost its victims, who were attacked en masse by all the criminals who rented it. (By one estimate, Blackhole served over 1,000 “customers.”)

We do know that, according to TASS, Fedotov and his compatriots were convicted of causing 25 million rubles in damage, by breaking into several bank websites, illegally accessing protected information, and stealing funds from legal entities and entrepreneurs. (Nowadays, that’s roughly $375,000 US or £265,000 – less than half the value of those crimes when the ruble was stronger in 2013.)

According to Bank Info Security, Russia’s Ministry of Internal Affairs had alleged that the gang was responsible for 70 million rubles in fraud – probably still just a fraction of the damage they caused worldwide.

Quoted in Data Breach Today, Sergey Nikitin of the Moscow-based cybersecurity firm Group-IB says the severity of these sentences was unusual, because the prosecutors proved monetary theft and fraud, not just intrusion.

Whatever the reason, it looks like Fedotov and his fellow prisoners will have some time on their hands to think about it.

Image of Black Hole courtesy of