'Bulletproof' Web Site Hosting Ransomware Finally Seized, Founder Indicted (cnbc.com) 16
An anonymous reader shared this report from CNBC:
The mastermind behind a ransomware hosting service that allegedly helped criminals collect more than 5,000 bitcoin in ransom from hundreds of victims was indicted in federal court this week, prosecutors announced Thursday. Artur Grabowski's LolekHosted service operated for about a decade and advertised itself as a haven for "everything but child porn," according to Florida prosecutors. Clients allegedly used the hosting service to deploy ransomware viruses that infected around 400 networks around the world... [That's 400 just for the Netwalker ransomware, which the announcement calls "one of the ransomware variants facilitated by LolekHosted."]
Grabowski was charged with computer fraud, wire fraud, and conspiracy to commit international money laundering. Grabowski himself is also the subject of a $21.5 million seizure order... Grabowski, a Polish national, faces a maximum sentence of 45 years, if he is ever detained and convicted.
Grabowski also "remains a fugitive," according to an announcement from the U.S. Department of Justice. It notes that the 36-year-old's site — registered in 2014 — also "facilitated" brute-force attacks, and phishing.
"Grabowski allegedly facilitated the criminal activities of LolekHosted clients by allowing clients to register accounts using false information, not maintaining Internet Protocol (IP) address logs of client servers, frequently changing the IP addresses of client servers, ignoring abuse complaints made by third parties against clients, and notifying clients of legal inquiries received from law enforcement."
Grabowski was charged with computer fraud, wire fraud, and conspiracy to commit international money laundering. Grabowski himself is also the subject of a $21.5 million seizure order... Grabowski, a Polish national, faces a maximum sentence of 45 years, if he is ever detained and convicted.
Grabowski also "remains a fugitive," according to an announcement from the U.S. Department of Justice. It notes that the 36-year-old's site — registered in 2014 — also "facilitated" brute-force attacks, and phishing.
"Grabowski allegedly facilitated the criminal activities of LolekHosted clients by allowing clients to register accounts using false information, not maintaining Internet Protocol (IP) address logs of client servers, frequently changing the IP addresses of client servers, ignoring abuse complaints made by third parties against clients, and notifying clients of legal inquiries received from law enforcement."
Hmmm.... (Score:1)
Isn't this guy a "respected" open source contributor? I seem to remember the name on a lot of commits at one time.
Failing to gather logs isnt criminal (Score:4)
There are no rules that you have to gather logs. No one is a criminal for not keeping meticulous logs filling up harddrives they have to pay for and backup.
The other things going on are illegal but slipping that in there too is basically a grab. Associating people who donâ(TM)t keep logs with criminals is what is bullshit here.
Re: (Score:1)
There are a lot of reasons to not keep logs!
Re: (Score:2)
Re:Failing to gather logs isnt criminal (Score:4, Interesting)
Like, failing to lock your car is not in itself a crime. But if your gun was stolen out of your car by a felon who left $400 in its place, the fact that you 'forgot' to lock your car so the whole thing could be done quickly and quietly would be relevant.
"Remains a fugitive" (Score:2)
So, a new domain name, hosting site and country of residence. And then it's back to business as usual. Major coup for law enforcement. Way to go there, guys!
So they weere about as bullet-proof... (Score:2)
...as the bullet-proof monk, not at all.
Just use a bigger gun (Score:3)
If you need to fight something bulletproof, just use a bigger gun.
And if you are a nation state you always have some siege cannons at your disposal.
A decade? (Score:2)
Why did it take a decade to take the website down?
The guy behind it has already disappeared and taken his money with him. With the amount of money he has, he can buy anonymity. He can buy a new identity.
This should be a case that the IRS and DOJ don't want to talk about, because it's been handled terribly.
Re: (Score:2)
Ip logs are going to die (Score:1)
Re: Ip logs are going to die (Score:1)
Grabowski? (Score:1)
So, business opportunity? (Score:2)
Nah, Cloudflare has cornered the market.