Slashdot Mirror

← Back to Stories (view on slashdot.org)

Citadel Botnet Operator Gets 4.5 Years In Prison

Posted by Soulskill on from the in-the-jailhouse-now dept.

An anonymous reader writes: The U.S. Department of Justice has announced that Dimitry Belorossov, a.k.a. Rainerfox, an operator of the "Citadel" malware, has been sentenced to 4.5 years in prison following a guilty plea. Citadel was a banking trojan capable of stealing financial information. Belorossov and others distributed it through spam emails and malvertising schemes. He operated a 7,000-strong botnet with the malware, and also collaborated to improve it. The U.S. government estimates Citadel was responsible for $500 million in losses worldwide. Belorossov will have to pay over $320,000 in restitution.

27 of 42 comments (clear)

  1. the penalty is way to light by liquid_schwartz · · Score: 4, Insightful

    For the damage and grief he caused people I'd be happy if he was locked up and the key thrown away. 4.5 years is far too light.

    1. Re:the penalty is way to light by gstoddart · · Score: 1

      Bah ... how long were the guys on Wall Street who robbed the world by lying about the junk debt they'd repacked sentenced to? How about the ratings agencies who signed off and said the junk debt was AAA rated? What did they get?

      Yes, it's widespread fraud ... but $500 million worldwide is a drop in the bucket compared to what "legitimate" corporations have been doing.

      If we hadn't see people do far worse and get away with almost no penalty I'd be doing something other than guffawing and saying "yeah, right".

      You can do fraud on much larger scales if you're a corporation and have made the right campaign donations. And you'll be hailed as a fucking hero.

      --
      Lost at C:>. Found at C.
    2. Re:the penalty is way to light by ShaunC · · Score: 2

      Hold up, as the summary doesn't jive with the facts. From the DOJ's release, emphasis mine,

      According to industry estimates, Citadel, and other botnets like it, infected approximately 11 million computers worldwide and are responsible for over $500 million in losses. In 2012, Belorossov downloaded a version of Citadel, which he then used to operate a Citadel botnet primarily from Russia. Belorossov remotely controlled over 7,000 victim bots, including at least one infected computer system with an IP address resolving to the Northern District of Georgia.

      This guy didn't create the malware, he wasn't responsible for 11 million infections, nor was he responsible for $500 million in losses. He downloaded and tweaked some existing bank trojan, got it onto 7,000 computers, and stole some undetermined amount of money, which the DOJ has not disclosed but which is probably much closer to his restitution amount of ~$320K than it is to $500M.

      --
      Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
    3. Re:the penalty is way to light by Ravaldy · · Score: 1

      You can do fraud on much larger scales if you're a corporation and have made the right campaign donations. And you'll be hailed as a fucking hero.

      You catch the ones you can. The corporate bastards that steal often do it within the limitations of our legal system. It takes a collective effort to punish those corporations. People would rather write a blog about it and stop there instead trying to influence people into taking action such as boycotting. Proof of this is Apple. They used kids to build their products and they managed to escape the tax man yet they are the number 1 brand in the world and continue to make money like it grows on trees.

    4. Re:the penalty is way to light by nikkipolya · · Score: 1

      $500000000/11000000 * 7000 = ~$320,000, is how the courts arrived at the damages I guess.

  2. Hail! by Anonymous Coward · · Score: 1, Funny

    trojan capable of stealing financial information

    What about Microsoft, Google etc that do the same thing? Wait, never mind, they're not stealing your information, they're collecting it to "improve their services". I know I can trust a publicly traded American corporation. Hail Satan.

  3. Hmmm by Anonymous Coward · · Score: 2, Interesting

    $500M in losses...$320k in restitution...hmmmm

    1. Re:Hmmm by rmdingler · · Score: 3, Insightful
      He purchased and downloaded a Citadel banking trojan.

      He's 22 now... so kitty or hacker? IDK.

      He was wrong, he is certainly a thief, and should be punished; but he's not responsible for anywhere near the whole Citadel fiasco.

      --
      Happiness in intelligent people is the rarest thing I know.

      Ernest Hemingway

    2. Re:Hmmm by Nukenbar · · Score: 1

      Just because he caused that much damage (debatable) it is very likely he got nowhere near that amount of money.

      Also, you can't get blood from a stone.

  4. Maybe it's time by Anonymous Coward · · Score: 1

    To have my own botnet. 4.5yrs for software that's responsible for $500M losses. Eve if his cut was just 1%, 4.5yrs in jail for $5M seems like a good deal to me.

    1. Re:Maybe it's time by coolmoe2 · · Score: 1

      That does not mean he made $5M a lot of that loss is expenses the companies had in cleaning up the aftermath and patching systems etc..

    2. Re: Maybe it's time by O('_')O_Bush · · Score: 1

      Except he would be going to a minimum security prison (nonviolent offenders) where life wouldn't be that much different from living in a crappy motel.

      The only sausage hiding would be consensual.

      --
      while(1) attack(People.Sandy);
    3. Re:Maybe it's time by nitehawk214 · · Score: 1

      As George Carlin said "I'd let a epileptic shave my testicles with a hatchet for 10 million dollars!" (in response to Gillette or some other razor company offering ZZTop $10M to shave their beards on camera.)

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
  5. Wait! by pruedz · · Score: 1

    4.5 of prison for Bank Fraud!?!? $320.000 restitution for $500 million in losses!?!? Totally worth it! Too bad for me that work hard on my honest daily job... That is BS!

    1. Re:Wait! by coolmoe2 · · Score: 1

      Hey nobody is holding a gun to your head if you want you can be as "cool" as he is starting today if you wanted. You could start a whole new life as your own Lex Luthor if you wanted. He still gets to eat off a green plastic tray for the next four and a half years so does it really sound that appealing now?

  6. Re:Sends a clear message by Anonymous Coward · · Score: 1

    And if you want music, rob a physical music store, instead of using a computer.

  7. He should have incorporated by Anonymous Coward · · Score: 4, Insightful

    He should have incorporated his business. Then he could have just apologized as CEO and given himself a huge severance package as he walked out the door.

  8. A modest prediction by Marginal+Coward · · Score: 1

    I bet he plans to surreptitiously allocate just a few days of his to sentence to each of his fellow prisoners. Of course, they would NOT appreciate that if they knew but if it's done carefully, they won't know. Heck, they won't even notice the difference.

    With his sentence fully processed in distributed form by his peers, I predict he'll be out in no time.

  9. EU prison in not like that by Joe_Dragon · · Score: 1

    EU prison in not like that

  10. Re:4.5 years? by coolmoe2 · · Score: 1

    Yeah we should make an example out of them like we did with the fraud in US banks. Lets give them billions in bail out money.

  11. Re:4.5 years? by GerardAtJob · · Score: 1

    Yeah... 500M - 320k = ~499 / 1642.5days of jail time = ~300k a day for being in jail... not bad! I guess they really want more botnets!

    --
    I can't call that English ;-)
  12. 500m in losses != 500m takeaway by Anonymous Coward · · Score: 1

    my 2c

  13. Citadel was a banking trojan? by nickweller · · Score: 1

    Citadel was a Microsoft Windows trojan ..

  14. Re:Crime does pay! by Tuidjy · · Score: 1

    For $500,000,000.00 in losses. Who knows how much of that money he actually managed to get his hands on?

    If you were to break the San Fransisco bridge down, and sell it as scrap metal, you would make a lot less than the losses you'd be responsible for.

    --
    No good deed goes unpunished...
  15. Re:That's all? by Coren22 · · Score: 1

    You mean besides the people he paid someone to kill?

    --
    APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  16. Malware and botnets are awful by Lost+Race · · Score: 1

    Hurray! Somebody went to jail! Did he actually do it, or was he some random schmuck railroaded into a guilty plea by overzealous cops and prosecutors? Who cares! Somebody went to jail! Hurray!

  17. Re:Crime does pay! by nikkipolya · · Score: 1

    Even if its 1/100th of that money, its still a great deal. $5 million in return for 4.5 years and $320K. Wow! Crime does pay and that's why we have so many aspiring criminals.