Russian Citadel Hacker Sentenced to 4.5 Years

Written by

The FBI celebrated the scalp of another cyber-criminal this week after a Russian hacker was sentenced to four-and-a-half years in prison for downloading and operating the infamous Citadel botnet.

Dimitry Belorossov, 22, pleaded guilty last year to conspiracy to commit computer fraud. The St Petersburg-based hacker, who also went by the online moniker ‘Rainerfox’, is said to have downloaded a version of Citadel in 2012.

Operating from Russia, he used the banking trojan to remotely control over 7,000 victim machines, including one with an IP address resolving to the Northern District of Georgia, according to an FBI statement.

Not only did Belorossov steal online banking, credit card and personally identifiable information from his victims, but he also apparently helped develop Citadel by suggesting improvements in “numerous postings” to online forum citadelmovement.com.

Citing industry estimates, the FBI claimed that Citadel, “and other botnets like it,” infected 11 million computers worldwide and is responsible for the loss of over $500m.

The case is a coup for the FBI as it looks to strengthen partnership with cybercrime investigators abroad. Belorossov was actually arrested in Spain in 2013 and extradited to the US.

“The FBI, in working with its international partners, continues to demonstrate that international boundaries no longer provide a safe haven for cyber-criminals targeting US individuals or interests domestically,” said J. Britt Johnson, special agent in charge, FBI Atlanta Field Office.  

“Successful investigation and prosecution of cases such as this are directly attributable to the increased capabilities and determination of our cyber trained investigators and our foreign based legal attachés working collectively to not only disrupt and dismantle these foreign based hacking efforts, but also to bring those individuals responsible to justice.”

The Russian hacker, who was convicted on 18 July last year after pleading guilty, has also been ordered to pay $322,409 in restitution.

What’s hot on Infosecurity Magazine?