Hacker accuses ex-Kaspersky employee of forcing him to break into Sberbank and VTB accounts
The Popelysh brothers were sentenced to the longest term for hacker attacks that has ever been given in Russia.
Hacker Dmitry Popelysh, who is held in the special unit of the Motrosskaya Tishina jail, has written a statement addressed to the ICR head. The document says that his case had been fabricated with the involvement of a Kaspersky Lab employee.
Popelysh and his twin brother Yevgeny have been convicted of stealing money from the accounts of Sberbank and VTB.
Dmitry spoke about his written complaint addressed to Alexander Bastrykin at a court hearing on September 5. According to the hacker, all evidence in the case was fabricated and Ruslan Stoyanov, the former head of the Kaspersky Lab’s computer incident investigation department, forced him to do the hacks.
He also conducted a technical examination in the cases brought against the brothers, but a few years later, he was jailed himself, for treason. The first arrest of the twin hackers took place in 2011, when they were suspected of organizing phishing attacks, which led to financial losses from 170 bank customers throughout Russia. About 13 million rubles ($204.000) were withdrawn from the bank accounts then. The brothers pleaded guilty and were sentenced to a six-year probation in September 2012.
In May 2015, the Popelysh brothers were re-detained.
They were charged with creating and using malicious software (Art. 273 of the Criminal Code of the Russian Federation), unlawful access to computer information (Art. 272 of the Criminal Code of the Russian Federation) and swindling (Art. 159 of the Criminal Code). Examination by Group-IB showed that the Popelysh brothers had obtained an access to 7,000 bank accounts and stole more than 12.5 million rubles ($200.000) between March 2013 and May 2015. In June 2018, the Savelovsky court of Moscow sentenced the hackers to 8 years in prison.
It is worth noting that it is the longest term ever given for hacker attacks in the country. Last March, the judicial board of criminal cases quashed the verdict, as "violations were made during the preliminary investigation." The Popelysh case was passed on for re-consideration to the Prosecutor General, but after the sentence was canceled, the men faced new charges on other counts that had just been established.
Dmitry Popelysh claims that Ruslan Stoyanov blackmailed and threatened him, forcing to commit the theft from the accounts. The hacker refused and Stoyanov got back at him.
“Stoyanov was present at my detention in May 2015 and said that he has always kept his promises and I would now go to prison,” Popelysh said at the court hearing.
The case file contains a confession of a certain Kaspersky employee who had participated in the investigation of the brothers’ first criminal case. The document says that he was trying to force Popelysh to hack into bank accounts. The man repented in 2015, a few months after the brothers were arrested.
Popelysh also said in earlier interrogations that after the first suspended sentence, someone he had never met contacted him and demanded 3 million rubles from him, otherwise “the suspended sentence would be replaced with a regular one”. When the blackmailer realized that the man didn’t have that kind of money, he demanded that Popelysh gave him all the passwords, accesses and malicious software that had been used to attack the banks.
The man also forced Popelysh to technically support his servers.
According to the trial transcript, when Popelysh was being arrested in May 2015, a Kaspersky IT expert approached him and said, “Remember me? If you as much as say a word about the way we worked, I’ll find you in prison, too, so take the blame on yourself and I’ll get you out.”
In total, the brothers have been in prison for four years and four months.