back to article DOJ convicts second bloke for helping malware go undetected

The US Federal government has got its second conviction in the dismantling of a service that helped malware writers get around security software. A jury in the Eastern Virginia District Court convicted 37 year-old Ruslan Bondars, on charges of computer intrusion, conspiracy to commit wire fraud, and conspiracy to violate the …

Silver badge

is there more to this story?

Because the service allowed anonymous uploading and did not share any of samples

Is that the illegal part?

4
0
Silver badge

Nice to see people get taken down for this kind of thing, but dang, 35 years!?

6
3
Silver badge
Megaphone

35 years

for accepting money from criminals to give them critical assistance (apparently) in causing millions of dollars of damages.

If it had been assisting 'bank fraud' for millions of dollars, I think the 35 years would be about right. "white collar crime" needs to be punished like anything else, to put a stop to it. Long jail terms are a deterrent to OTHERS who might try this, thinking "slap on the wrist" at worst. nope. IRON BAR HOTEL STAY for half your life, instead.

Yeah, KEEP THEM OUT of law abiding society, k-thanks.

5
9
Bronze badge
Alert

Indeed, this is more than what a murderer would get in Aussie. Remind me not to fart (or murder anyone) next time I'm in the States.

1
0

Wait a minute

Don't a lot of services do this? I know many of them make you identify yourself, but it wouldn't be all that hard to start one of these. I'm surprised people who are willing to pay haven't just built one of those themselves, or that there isn't a convenient one that doesn't pretend to be a business and just stays hidden.

Also, exactly what do you have to do with a business like this to make yourself legal? Is it just the fact that they were being used for malicious purposes and they knew it, or is there something inherently illegal about the type of business?

9
1
Anonymous Coward

Re: Wait a minute

I'm trying to figure out what the difference is between something like this and VirusTotal. All I can come up with is that they accepted money that they knew (or should have known) was from criminal origin.

12
0
Silver badge
WTF?

Re: Wait a minute

Aiding and abetting.

Handling stolen goods.

Conspiracy to rob.

Failure to report criminal activity.

Computer misuse.

Wire fraud

Those ideas are just for starters, I am sure that some jurisdictions could come up with some more colourful ideas.

It would have been a shame if they were paid using a stolen credit card...

What is wrong with 35 years, it would be best if they were put to some useful activity while serving as guests of the country's hospitality.

3
6
Silver badge

Re: Wait a minute

"I'm trying to figure out what the difference is between something like this and VirusTotal."

You and me both. The most I can think of is Virustotal might be using scanners that let the scanner's maker take a look at anything that triggers an alarm - which would be rather counter-productive for a malware writer - while this guy probably used strictly offline scanners. Still nowhere near law-breaching IMHO, but it's all I got...

0
0
Silver badge

Missing detail

... living in Latvia at the time of his arrest,

OK, two guys with names suggestive of not merely living in Latvia but having roots in that part of the world. Convicted in the US.

So were they:

(a) legally arrested and extradited?

(b) kidnapped like that Libyan couple who just got an apology from the UK government?

(c) ambushed like Hutchins?

12
1
Silver badge

Re: Missing detail

I was wondering the same.. either that or Team America:world police force is actually now a thing....

10
0
Silver badge

Re: Missing detail

The link to the attorney's office document does give a little more:

Scan4you differed from legitimate antivirus scanning services in multiple ways. For example, while legitimate scanning services share data about uploaded files with the antivirus community and notify their users that they will do so, Scan4you instead informed its users that they could upload files anonymously and promised not to share information about the uploaded files with the antivirus community.

I personally don't think that is good enough, but the prosecutors obviously did. Does that show intent? There are lots of reasons for favouring anonymity, for example when working on proprietary software.

7
0
Anonymous Coward

Re: Missing detail

2 minutes of searching

"...says that Martyshev acted together with Ruslan Bondar who, just like Martyshev, was arrested in Latvia and extradited to the US...."

More:

http://tass.com/world/955053

2
2
Anonymous Coward

Re: Missing detail

The crime was failing to assist the NSA getting the finest bits of malware developed.

2
0
Anonymous Coward

Re: Missing detail

>Scan4you instead informed its users that they could upload files anonymously and promised not to share

>information about the uploaded files with the antivirus community.

What if for instance I received a document via email that purported to be be some sort of personal or private information pertaining to me, lets say a bank statement and I wanted to scan it before opening it.

I might want to use a service that promises not to share that bank statement with security researchers and companies.

1
0
Anonymous Coward

35 years is a good start

Add on a $10 billion fine in retribution and the punishment may fit the crime.

0
9

I do find it hard to believe that not sharing some information with an anti-virus company can be considered a criminal offence. It doesn't make what they were doing illegal. They were providing a service that others provide, but with the ability to keep things anonymous, as someone else stated, you might be testing proprietary software and not want an analysis of it shared with security researchers, if it flagged up a false positive.

I'm not saying they weren't in business to help malware authors, but I'm sure it was all written in a way that made it look legit, they didn't call it test-your-malware.com. Which brings it down to, they didn't do anything to stop criminals using their service. But then, there are many services used by criminals, WhatsApp isn't called TerroristSafeChat, they don't actively stop criminals using it, because its encrypted, they can't see who is talking about what, so can't do anything about it.

Just seems a bit of a stretch to me.

The whole extradition thing is crazy. Jurisdiction is such a grey area now the internet is a thing.

8
0
Bronze badge

Apparently, if you make crowbars and a crook uses it, you're liable.

Obama era judges. They take a whole different approach to the 4th and 5th amendments. It will take years before many of them are out of the system.

I get the wire fraud charge, but this is the only one which makes sense. The other two just don't make sense, unless they can, without a doubt, prove the intent was only for use by criminals and not security research and/or academia.

0
1

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018