Russian Malware Developer Sentenced to 5 Years in Prison
The Department of Justice called it "one of the most advanced crimeware tools available in the underground market," malware that infected almost 11 million computers worldwide and caused over $500 million in losses. And its creator was just sentenced to five years in prison.
The "banking trojan" software, dubbed Citadel, targeted password managers and financial institutions, and Mark Vartanyan is the second Russian to be sentenced to prison over its use.
Illicit Functionality
When announcing Vartanyan's sentencing, the Justice Department described Citadel and how it worked:
'Citadel' is a malware toolkit designed to infect computer systems and steal financial account credentials and personally identifiable information from victim computer networks. Beginning in or about 2011, Citadel was offered for sale on invite-only, Russian-language internet forums frequented by cybercriminals. Users of Citadel targeted and exploited the computer networks of major financial and government institutions around the world, including several financial institutions in the United States. According to industry estimates, Citadel infected approximately 11 million computers worldwide and is responsible for over $500 million in losses.
The DOJ claims Vartanyan, known online as "Kolypto," worked on the "development, improvement, maintenance and distribution of Citadel" from 2012 to 2014.
Infection and Incarceration
Vartanyan was extradited from Norway to face charges in the United States in late 2016 and pleaded guilty to computer fraud in March of this year. Ars Technica reports Vartanyan was aiding prosecutors with their investigation and will receive two years' credit for time already served in Norway.
In 2015, Dimitry Belorossov, another Russian who the DOJ says developed Citadel, was sentenced to four and a half years in federal prison.
Related Resources:
- FindLaw Criminal Defense Lawyers Near You (FindLaw's Lawyer Directory)
- Blackshades Malware Co-Creator Sent to Prison (FindLaw Blotter)
- DOJ: Hacker Stole 130 Million Credit Card Numbers (FindLaw Blotter)
- Are Programmers Liable If Hackers Misuse Software? (FindLaw Blotter)