A malware operator and administrator of two online hacking forums was sentenced last week to 41 months in prison for his role in the distribution of the Zeus malware and for selling online the personal data he stole from infected victims.
The crook’s name is Sergey Vovnenko, a 31-years-old man born in Sankt Petersburg, Russia, who later became a citizen of the Ukraine, and then moved to Naples, Italy, where he was arrested in June 2014, after a joint operation by the US Secret Service and Italian law enforcement.
After a 15-month extradition trial, Vovnenko was sent to the US, where he was indicted in October 2015, and later pleaded guilty in January 2016.
Vovnenko tried to send heroin to journalist’s home
According to court documents, Vovnenko was known online under a plethora of different aliases, such as “Tomas Rimkis,” “Flycracker,” “Flyck, “Centurion,” “MUXACC1,” “Stranier,” and “Darklife.”
Probably his most famous nickname was “Fly,” which he used when he attempted to frame veteran infosec journalist Brian Krebs by buying and sending a pack of heroin to his house.
Fortunately, Krebs was tipped off to Vovnenko’s plan, and he, in turn, tipped off authorities before the situation escalated, and Vovnenko could frame him as a drug dealer.
Vovnenko continued to engage with Krebs, as he later sent a floral arrangement in the form of a giant cross to his home, and then a signed Christmas card from Naples, as he was awaiting extradition.
Vovnenko controlled a botnet of 13,000 devices
Putting all the fun trolling aside, court documents also reveal that Vovnenko was a serious player on the malware market, where he and his acolytes managed a Zeus botnet that infected over 13,000 computers.
Investigators say the malware allowed Vovnenko and his friends to collect sensitive user information such as credit card details and credentials for various online accounts.
Authorities say that Vovnenko put this data for sale on different underground carding forums, including two forums that he ran himself, named TheCC.bz and Mazafaka.
One OpSec slip-up doomed Vovnenko
Following his arrest in June 2014, as payback for Vovnenko’s constant trolling, Krebs published a blog post detailing the flaw in the crook’s operation.
His revelations showed that security researchers managed to gain access to one of Vovnenko’s email addresses, where they found the logs from a keylogger the crook installed on his wife’s computer. Those logs included conversations where his wife revealed the crook’s real name and their general location.
Besides the 41-month prison sentence, the court also sentenced the crook to three years of supervised release and ordered Vovnenko to pay $83,368 in restitution for the damage he caused.