Four men plead guilty to being go-to ‘bulletproof’ hosts for cybercriminals

The charging documents describe a professionally run criminal enterprise with each of the defendants playing a unique role.
dark web, hacker, transaction
(Getty Images)

Four Eastern European men pleaded guilty to a scheme overseeing websites that hosted malware used to cause victims hundreds of millions of dollars in losses, the Justice Department said Friday.

Russian nationals Aleksandr Grichishkin and Andrei Skvortsov, along with Aleksandr Skorodumov from Lithuania and Pavel Stassi of Estonia, allegedly oversaw an organization that rented IP addresses, computers servers and domains to cybercriminals between 2008 and 2015.  The practice, known as “bulletproof hosting,” is popular with digital thieves trying to evade law enforcement agencies.

Grichishkin, Skvortsov, Skorodumov and Stassi pleaded guilty to one count of RICO conspiracy. They each face up to 20 years in prison.

Crooks have used the hacking tools allegedly hosted by the defendants’ organizations to repeatedly infect U.S. financial institutions and defraud victims. That includes Zeus, a notorious piece of malicious code that a variety of criminals have used to steal over $100 million from victims. Despite the Justice Department’s 2014 disruption of a Zeus-based botnet, strains of the malicious code have continued to infect organizations.


Another hacking tool allegedly hosted by the defendants is the Blackhole exploit kit which, at its height in 2012, accounted for a large chunk of malware infections detected by anti-virus vendors.

Law enforcement officials target bulletproof hosting services because of the breadth of illicit activity the services enable. Russian national Kirill Firsov in January pleaded guilty to running another such service, known as, which let scammers operate independent web stores where they sold access to hacked online accounts.

In the latest guilty pleas, the charging documents describe a professionally run criminal enterprise with each of the defendants playing a unique role.

Skvortsov was allegedly in charge of smoothing things over with unhappy clients, while Grichishkin oversaw the organization’s employees. Skorodumov handled IT administration for the organization, while Stassi ran the marketing department and set up new hosting accounts using fake or stolen information, according to the indictment.

One of the most helpful services that the four men provided clients was monitoring websites used to block internet infrastructure that is suspected of being used in a crime, according to U.S. prosecutors. Once one of those “blocklists” emerged, the accused would promptly configure new infrastructure for their criminal clients under fake or stolen identities, prosecutors said.


You can read the indictment against the four men online.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts