ChronoPay founder and owner Pavel Vrublevsky, in handcuffs, at his sentencing. Photo: Novayagazeta.ru/KrebsOnSecurity
Pavel Vrublevsky, the owner of Russian online payments provider ChronoPay, which claims 3000 transactions per minute, was sentenced to two-and-half years in a Russian penal colony last week after being found guilty of hiring botnet masters to attack a rival payment processing firm.
Vrublevsky was accused of hiring Igor and Dmitri Artimovich in 2010 to use their Festi spam botnet to attack Assist, a competing payments firm. Prosecutors allege that the resulting outage at Assist prevented Russian airline Aeroflot from selling tickets for several days, costing the company millions of dollars.
According to Russian prosecutors, Vrublevsky, the subject of an upcoming book by this author, directed ChronoPay's chief security officer Maxim Permyakov to pay $US20,000 and hire the Artimovich brothers to launch the attacks. The Artimovich brothers also were found guilty and sentenced to 2.5 years. Permyakov received a slightly lighter sentence of 2 years after reportedly assisting investigators in the case.
My previous reporting also highlights Vrublevsky's and ChronoPay's role in nurturing the market for fake antivirus or scareware products. One such story, published just days before Vrublevsky's initial arrest, showed how ChronoPay executives set up the domains and payment systems for MacDefender, a scareware scam that targeted millions of Mac users. A notice on ChronoPay's website after Vrublevsky's arrest in June said the company would continue to operate "normally".
Vrublevsky co-founded ChronoPay in 2003 along with Igor Gusev, another Russian businessman who is facing criminal charges in Russia. Those charges stem from Gusev's alleged leadership role at GlavMed and SpamIt, sister programs that until recently were the world's largest rogue online pharmacy affiliate networks. Huge volumes of internal documents leaked from ChronoPay in 2010 indicate Vrublevsky ran a competing rogue internet pharmacy - Rx-Promotion - although Vrublevsky publicly denies this.
Earlier this year, I signed a deal with Sourcebooks to publish several years worth of research on the business of spam, fake antivirus, rogue internet pharmacies, shadow economies and that I believe were aided immensely by ChronoPay and by Vrublevsky himself.
The latest article in my Pharma Wars series documents the rise and fall of the pharmacy spam business and how a simmering grudge match between Gusev and Vrublevsky ultimately brought down their respective businesses.
It might be tempting to conclude from Vrublevsky's sentencing that perhaps the Russian government is starting to crack down on cybercriminal behavior in its own backyard. But all the evidence I've seen suggests this is merely the logical outcome of bribes paid by Gusev to some of Russia's most powerful, payments that were meant to secure the opening of a criminal case against Vrublevsky.
Sign up for CIO Asia eNewsletters.