Russian bust nabs alleged mastermind of Blackhole cyber scam

Dec 13, 2013
No Comments Yet

Russia’s Interior Ministry says it has arrested the creator of the infamous Blackhole tool used to install malware on computers around the world and steal login information, IDG News Service reports.

The ministry announced 6 December that it has charged the person, who reportedly goes by the alias “Paunch,” and 12 others with “creating and participating in a criminal organization.” Paunch was arrested 4 October arrest in his home city of Tolyatti in central Russia. Officials did not publicize his arrest at the time, but it and the Paunch alias were leaked, IDG reports. The leak was subsequently confirmed by an arm of Europol that probes cyber crimes.
The Interior Ministry investigation found the group withdrew money from several banks across Russia using information from customers’ Blackhole-infected computers, causing damage worth 70 million rubles ($2.1 million), according to IDG. 


 Screenshot of a prevented Blackhole attack. Image from video by ZeroVulnLabs/YouTube


The website says Blackhole first surfaced in 2010 and was rented on the black market. Blogger Brian Krebs writes that Blackhole is likely responsible for a huge increase in cyber crimes in the last three years. Citing a security firm that assisted the Russian investigation, Krebs said Paunch was earning $50,000 per month from the software.

Blackhole’s development could be taken over by another group or it could disappear, Alex Gostev of Internet security firm Kaspersky Lab told IDG in October after news of Paunch’s arrest broke.

“Whilst the arrest would be significant …, there are still many functioning kits out there compromising machines and stealing data all over the world,” Carl Leonard of Websense, a computer security company, told TechWeek Europe in October.

Indeed, creators of other “exploit” kits could be rushing to fill the gap left by Blackhole. In October the price for another kit, Neutrino, went up to $10,000 a month for non-Russians, IDG noted, citing a tweet by an independent malware researcher who goes by the name Kafeine.


About the Author

Transitions Online

  • Twitter feed loading...