Citadel Botnet Operator Gets 4.5 Years In Prison 42
An anonymous reader writes: The U.S. Department of Justice has announced that Dimitry Belorossov, a.k.a. Rainerfox, an operator of the "Citadel" malware, has been sentenced to 4.5 years in prison following a guilty plea. Citadel was a banking trojan capable of stealing financial information. Belorossov and others distributed it through spam emails and malvertising schemes. He operated a 7,000-strong botnet with the malware, and also collaborated to improve it. The U.S. government estimates Citadel was responsible for $500 million in losses worldwide. Belorossov will have to pay over $320,000 in restitution.
the penalty is way to light (Score:5, Insightful)
Re: (Score:2)
For $500,000,000.00 in losses. Who knows how much of that money he actually managed to get his hands on?
If you were to break the San Fransisco bridge down, and sell it as scrap metal, you would make a lot less than the losses you'd be responsible for.
Re: (Score:1)
Even if its 1/100th of that money, its still a great deal. $5 million in return for 4.5 years and $320K. Wow! Crime does pay and that's why we have so many aspiring criminals.
Re: (Score:2)
Bah ... how long were the guys on Wall Street who robbed the world by lying about the junk debt they'd repacked sentenced to? How about the ratings agencies who signed off and said the junk debt was AAA rated? What did they get?
Yes, it's widespread fraud ... but $500 million worldwide is a drop in the bucket compared to what "legitimate" corporations have been doing.
If we hadn't see people do far worse and get away with almost no penalty I'd be doing something other than guffawing and saying "yeah, right"
Re: (Score:2)
You can do fraud on much larger scales if you're a corporation and have made the right campaign donations. And you'll be hailed as a fucking hero.
You catch the ones you can. The corporate bastards that steal often do it within the limitations of our legal system. It takes a collective effort to punish those corporations. People would rather write a blog about it and stop there instead trying to influence people into taking action such as boycotting. Proof of this is Apple. They used kids to build their products and they managed to escape the tax man yet they are the number 1 brand in the world and continue to make money like it grows on trees.
Re: (Score:3)
Hold up, as the summary doesn't jive with the facts. From the DOJ's release, emphasis mine,
According to industry estimates, Citadel, and other botnets like it, infected approximately 11 million computers worldwide and are responsible for over $500 million in losses. In 2012, Belorossov downloaded a version of Citadel, which he then used to operate a Citadel botnet primarily from Russia. Belorossov remotely controlled over 7,000 victim bots, including at least one infected computer system with an IP address resolving to the Northern District of Georgia.
This guy didn't create the malware, he wasn't responsible for 11 million infections, nor was he responsible for $500 million in losses. He downloaded and tweaked some existing bank trojan, got it onto 7,000 computers, and stole some undetermined amount of money, which the DOJ has not disclosed but which is probably much closer to his restitution amount of ~$320K than it is to $500M.
Re: (Score:1)
$500000000/11000000 * 7000 = ~$320,000, is how the courts arrived at the damages I guess.
Hail! (Score:1, Funny)
trojan capable of stealing financial information
What about Microsoft, Google etc that do the same thing? Wait, never mind, they're not stealing your information, they're collecting it to "improve their services". I know I can trust a publicly traded American corporation. Hail Satan.
Hmmm (Score:2, Interesting)
$500M in losses...$320k in restitution...hmmmm
Re:Hmmm (Score:4, Insightful)
He's 22 now... so kitty or hacker? IDK.
He was wrong, he is certainly a thief, and should be punished; but he's not responsible for anywhere near the whole Citadel fiasco.
Re: (Score:2)
Just because he caused that much damage (debatable) it is very likely he got nowhere near that amount of money.
Also, you can't get blood from a stone.
Maybe it's time (Score:1)
To have my own botnet. 4.5yrs for software that's responsible for $500M losses. Eve if his cut was just 1%, 4.5yrs in jail for $5M seems like a good deal to me.
Re: Maybe it's time (Score:2)
The only sausage hiding would be consensual.
Re: (Score:2)
As George Carlin said "I'd let a epileptic shave my testicles with a hatchet for 10 million dollars!" (in response to Gillette or some other razor company offering ZZTop $10M to shave their beards on camera.)
EU prison in not like that (Score:2)
EU prison in not like that
Re: (Score:1)
Wait! (Score:1)
Re: (Score:1)
Re: (Score:1)
And if you want music, rob a physical music store, instead of using a computer.
He should have incorporated (Score:4, Insightful)
He should have incorporated his business. Then he could have just apologized as CEO and given himself a huge severance package as he walked out the door.
Re: (Score:1)
Re: (Score:2)
Yeah... 500M - 320k = ~499 / 1642.5days of jail time = ~300k a day for being in jail... not bad! I guess they really want more botnets!
A modest prediction (Score:2)
I bet he plans to surreptitiously allocate just a few days of his to sentence to each of his fellow prisoners. Of course, they would NOT appreciate that if they knew but if it's done carefully, they won't know. Heck, they won't even notice the difference.
With his sentence fully processed in distributed form by his peers, I predict he'll be out in no time.
Re: (Score:2)
You mean besides the people he paid someone to kill?
500m in losses != 500m takeaway (Score:1)
my 2c
Citadel was a banking trojan? (Score:2)
Malware and botnets are awful (Score:2)
Hurray! Somebody went to jail! Did he actually do it, or was he some random schmuck railroaded into a guilty plea by overzealous cops and prosecutors? Who cares! Somebody went to jail! Hurray!