Two men from Latvia ran a malware service that has been in operation for over a decade and used in major attacks against American businesses, according to an indictment unsealed Wednesday in federal court in Alexandria.
The men, along with a co-conspirator in Virginia, designed a buffet of hacking software that they marketed on cybercrime websites, according to prosecutors.
The hidden service was accessible via the encrypted network Tor and has been operational since late 2006, prosecutors said. The tools they sold include “some of the most prolific malware known to the Federal Bureau of Investigation,” according to the indictment, and the software “has been used in major computer intrusions committed against American businesses.” One of the largest services of this kind, it had at least 30,000 users, according to prosecutors.
The indictment does not detail which businesses allegedly were impacted by the malware, or what damage was done by the attacks. The defendants were identified as Ruslans Bondars and Jurijs Martisevs.
Among the offerings provided by the defendants: toolkits to create customized malicious files, software that hides those malicious files from antivirus programs, “Remote Access Trojans” that let a hacker take control of a computer, and “keyloggers” that record anything typed on a computer, the indictment says.
A co-conspirator described in the indictment only as “Z.S.” operated out of Great Falls, Va. and is accused of designing a keylogger used by 3,000 customers to infect 16,000 computers in 2012.
Martisevs also gave customer support to clients, according to the indictment.
Bondars will appear in court Wednesday for a detention hearing. Jurijs Martisevs appeared at a sealed hearing last week. Bondars is a permanent resident of Latvia; Martisevs is a Latvian citizen who also lived in Moscow. They are both charged with conspiracy, conspiracy to commit wire fraud, wire fraud and computer hacking.
Subscribe to the Morning Review newsletter
Get the day’s top headlines delivered to your inbox every morning by subscribing to our newsletter