Notorious Hacker Kingpin âTankâ Is Finally Going to Prison WIRED

pTo revisit this article visit My Profile then View saved storiesppFor more than a decade Vyacheslav Igorevich Penchukovâa Ukrainian who used the online hacker name âTankââmanaged to evade cops When FBI and Ukrainian officials raided his Donetsk apartment in 2010 the place was deserted and Penchukov had vanished But the criminal spree came to a juddering halt at the end of 2022 when he traveled to Switzerland was arrested then was extradited to the United StatesppToday at a US federal court in Lincoln Nebraska a judge sentenced Penchukov to two concurrent nineyear sentences after he pleaded guilty to two charges of conspiracy to participate in racketeering and a conspiracy to commit wire fraud United States District Judge John M Gerrard also ordered Penchukov to pay more than 73 million according to court records The court also ordered three years of supervised release for each count and said they should run concurrentlyppBoth charges carried a maximum sentence of up to 20 years each According to court documents however the US government and Penchukovâs lawyers both requested a less severe sentence following him signing a plea agreement in February It is unclear what the terms of the plea deal include At the time documents show Penchukov could also face having to repay up to 70 millionâless than the combined amount hes ordered to pay in restitution and forfeited funds âI understand this but I donât have such amounts of moneyâ he said in court earlier this yearppThe US prosecution of Penchukovâwho has been on the FBIs âmost wantedâ cyber list for more than a decadeâis a rare blow against one of the most wellconnected leaders of a prolific 2010s cybercrime gang It also highlights the ongoing challenges Western law enforcement officials face when taking action against Eastern European cybercriminalsâparticularly those based in Russia or Ukraine which do not have extradition agreements with the USppAhead of the sentencing the Department of Justice refused to comment on the case and the FBI and Penchukovâs lawyers did not respond to WIREDâs requests for commentppWhen the Ukrainian pleaded guilty in Februaryâa number of charges were dropped following him signing the plea agreementâhe admitted to being one of the leaders of the Jabber Zeus hacking group starting in 2009 that used the Zeus malware to infect computers and steal peopleâs bank account information The group used the details to log in to accounts withdraw money and then send it to various money mulesâstealing tens of millions from small US and European businessesppâThe defendant played a crucial role a leadership role in this scheme by directing and coordinating the exchange of stolen banking credentials and money mulesâ prosecutors said in court earlier this year They would steal thousands from victim companies often draining their accountsppPenchukov who was also a wellknown DJ in Ukraine also admitted to a key role organizing the IcedID also known Bokbot malware which collected the victimâs financial details and allowed ransomware to be deployed on systems He was involved from November 2018 to at least February 2021 officials say Investigators found he kept a spreadsheet detailing the 199 million income IcedID made in 2021ppâI never thought that we would ever see any of Jabber Zeus crewâ face justice in the US says Jim Craig a senior director at cybersecurity firm Intel 471 who was previously a special agent in the FBI and helped lead the investigation into the Zeus cybercriminals and Penchukov who is in his late thirties starting in July 2009 Craig who attended the sentencing said he was happy with the result Penchukov has aged since US investigators originally published photos of him Craig says and the criminal boss spoke during the sentencing hearing to apologize for his actionsppThe Zeus malware linked to FBIwanted Russian Evgeniy Bogachev first appeared online around the end of 2006 and in part used keyloggers to steal peopleâs banking information when they entered it online The cybercriminals would log into accounts and send money to people acting as mules who would cash out the funds âIt was just a really big jump in capabilitiesâ Keith Jarvis a senior researcher at cybersecurity company Secureworks says of the Zeus malware âThe volume of it was so out of control and the banks didnt have a really good handle on itâppBy 2009 when the FBIâs investigations were starting the Zeus gang had developed Jabber Zeus adding the Jabber instant messenger into the setup âWhen there was a compromise they would get notified and they could immediately have an operator jump on and start conducting the fraud automaticallyâ Jarvis says They later developed Gameover Zeus and the groupâs membersâincluding Bogachev and according to US prosecutors an FBIwanted Maksim Yakubetsâeventually morphed into building some of the most disruptive ransomware of the past decade Bogachev and Yakubets respectively have 3 million and 5 million rewards on their heads from the US governmentppIn 2010 as detailed by WIREDâs 2017 cover story chronicling the hunt for the Zeus creators the FBI and other law enforcement agencies had identified Penchukov and other members by analyzing their Jabber chat messages seized from a USbased server âUltimately we ran across a message where Tank had talked about his daughterâ Craig says Penchukov disclosed her date of birth name and birth weight which were used in cooperation with Ukraineâs security service to determine there was only one girl born that day with those details and Penchukov was her father The FBI investigators traveled to Donetsk Ukraine to arrest members of the gangppOperation Trident Breach collared more than 50 people around the world in September 2010âwith some members later being sentencedâbut Penchukov wasnât one of them âIt was quite obvious that Tank was tipped offâ Craig says âThere was no sign of him and it was quite clean You could definitely tell no one had been there a few daysâ Craig recounts of the raid on Penchukovâs apartment As detailed by MIT Technology Review officials suspected corruption and family connections to highlevel Ukrainian officials Plus Russian investigators involved in the case âghostedâ other officials on the day the arrest was due to take placeppPenchukov was first publicly named in a February 2012 indictment detailing his and other Zeus membersâ alleged crimes In 2015 he changed his name to Vyacheslav Igoravich Andreev Jarvis from Secureworks says Penchukov can be considered one of the âelder statesmenâ of this era of cybercrime and everything has always indicated he was in charge of ârunningâ the money mules the groups used and organizing the financesppIn November 2022 it was reported that Penchukov had been arrested in Geneva when he was âtraveling to meet up with his wifeâ The circumstances of his arrest are unclear and Swiss authorities declined to comment on the caseppSince the Zeus gang were at their height their particular brand of bank fraudâdirectly accessing victims accounts and moving money from themâhas declined in prominence Ransomware and data extortion using cryptocurrency to launder money has become the primary tactic of Russialinked cybercriminals earning them more than 11 billion in 2023ppCraig the former FBI investigator says one outstanding question will be how much Penchukov cooperated with officials and if he revealed anything about other criminals âThe significance of him being caught is important to show that law enforcement is not going to stopâwherever they go theres going to be a chance and opportunity for them to get caughtâ Craig saysppUpdate 7112024 1240 pm ET Updated to clarify the amount of money Penchukov will be forced to turn over to authoritiesppPolitics Lab Get the newsletter and listen to the podcastppWhat happens when you give people free moneyppNot everyone loses weight on OzempicppThe Pentagon wants to spend 141 billion on a doomsday machineppEvent Join us for the Energy Tech Summit on October 10 in BerlinppMore From WIREDppReviews and Guidespp 2024 Condà Nast All rights reserved WIRED may earn a portion of sales from products that are purchased through our site as part of our Affiliate Partnerships with retailers The material on this site may not be reproduced distributed transmitted cached or otherwise used except with the prior written permission of Condà Nast Ad Choicesp