Lurk hacker rescinds plea deal

Lurk hacker rescinds plea deal
Konstantin Melnik (Tester) Photo: Kommersant

After hearing the public prosecutor, the gang organizer decided to receive the term in the usual order.

The Kirov District Court in Yekaterinburg considers criminal cases of Konstantin Melnik (Tester) and Igor Makovkin, accused of organizing a criminal community of hackers who stole more than 1.2 billion rubles ($18.1m) from bank accounts using the Lurk virus, and in participating in the gang, respectively. The defendants fully admitted their guilt by concluding pre-trial cooperation agreements with the Prosecutor General's Office. However, after listening to the public prosecutor's speech, Tester decided to rescind the plea deal so that he would be tried in the usual order.

Yekaterinburg starts hearings on the first two criminal cases related to the inter-regional criminal community of hackers. Alleged organizer of the gang structural subdivision Konstantin Melnik finds himself on the dock within one case, and in the second - member of the community Igor Makovkin. The Investigative Department of the Ministry of Internal Affairs of Russia accused them of organizing and participating in the criminal community (parts 1 and 2 of Article 210 of the Criminal Code of the Russian Federation), seven episodes of improper access to computer information and seven facts of the creation, use and distribution of malicious computer programs (part 3 of Article 272 and part 2 of Article 273 of the Criminal Code of the Russian Federation), as well as six frauds in the field of computer information (part 4 of Article 159.6 of the Criminal Code).

Both admitted their guilt, concluded plea deals with the Prosecutor General's Office, within which they gave testimony to alleged accomplices. In this regard, their cases were separated from the main investigation into the actions of 24 hackers.

According to the materials of the criminal case, a group of hackers was created in December 2013 in Yekaterinburg. Its founders are Konstantin Kozlovsky and Vladimir Gritsan. There were departments of developers, system administrators, testers, burglars, menders, and cashiers. The community has started its criminal activity since 2015. The scheme of the work was as follows: the participants of the group selected vulnerable companies with an internal corporate network through a botnet. They put files infected with the Lurk virus (aka HBS) and got access to the computers of the company management and accountants.

Hackers ensured that antivirus could not detect them, and then they replaced the accounting documents and got access to the Bank of Russia Customer automated workstation. As a result of the introduction, they made out transfers of money to the accounts of the firms under far-fetched grounds (for example, purchase of construction materials) and card accounts of individuals, and then cashed them through ATMs. After successful transactions, hackers remotely sectored victim computers to destroy traces of the crime.

At the same time, hackers observed specific measures of conspiracy. The communication of the accomplices took place in the Jabber instant messenger, where everyone knew each other only by nickname: the founders were calling each other Cash-out and Bandit, and the rank-and-file participants had nicknames Karapuz, Asterix, Obelix and so on.

There are five affected entities have appeared, they lost more than 1.2 billion rubles: St. Petersburg company Stroyinvest, Rostov snack company and three banks - the Siberian branch of the bank Taata, Garant-Invest and Metallinvestbank. According to the investigation, the most significant damage amounting to 677 million rubles was inflicted on the latter.

During the first sessions, representatives of the Prosecutor's Office did not have time to read the indictments, which occupy the whole volume. The next meeting on the case of Konstantin Melnik is scheduled for October 3. He explained to a Kommersant correspondent that after the announcement of the indictment, he intends to petition for the consideration of his case in the usual order. "I admit that I was engaged in testing, which was not legal, but I did not manage any department. The department could not consist of one person," explained Mr. Melnik. The case of Igor Makovkin will be considered in a special order - on October 11.



1 / 3