Jury Convicts Cyber-Criminal of Operating Counter Antivirus Service
ALEXANDRIA, Va. – A federal jury convicted a Latvian “non-citizen,” meaning a citizen of the former USSR who had been residing in Riga, Latvia, of three counts related to his operation of “Scan4you,” an online counter antivirus service that helped computer hackers to determine whether the computer viruses and other malicious software they created would be detected by antivirus software.
Ruslan Bondars, 37, was convicted after a five-day jury trial of one count of conspiracy to violate the Computer Fraud and Abuse Act, one count of conspiracy to commit wire fraud, and one count of computer intrusion with intent to cause damage.
“Ruslan Bondars designed and operated a service that provided essential aid to some of the world’s most destructive hackers,” said Tracy Doherty-McCormick, Acting U.S. Attorney for the Eastern District of Virginia. “This verdict demonstrates our commitment to holding such actors accountable. I commend the work of the agents and prosecutors, both in the United States and in Latvia, who worked together to bring him to justice.”
According to court records and evidence presented at trial, from at least 2009 until 2016, Ruslans Bondars, 37, operated Scan4you, which for a fee provided computer hackers with information they used to determine whether their malware would be detected by antivirus software, including and especially by antivirus software used to protect major U.S. retailers, financial institutions and government agencies from computer intrusions.
“Ruslans Bondars helped hackers test and improve the malware they then used to inflict hundreds of millions of dollars in losses on American companies and consumers,” said John P. Cronan, Acting Assistant Attorney General of the Justice Department’s Criminal Division. “Today’s verdict should serve as a warning to those who aid and abet criminal hackers: the Criminal Division and our law enforcement partners consider you to be just as culpable as the hackers whose crimes you enable—and we will work tirelessly to identify you, prosecute you, and seek stiff sentences that reflect the seriousness of your crimes.”
For example, one Scan4you customer used the service to test malware that was subsequently used to steal approximately 40 million credit and debit card numbers, as well as approximately 70 million addresses, phone numbers and other pieces of personal identifying information, from retail store locations throughout the United States, causing one retailer approximately $292 million in expenses resulting from the intrusion.
Another Scan4you customer used the service to assist the development of “Citadel,” a widely used malware strain that was used to infect over 11 million computers worldwide, including in the United States, and resulted in over $500 million in fraud-related losses. The Citadel developer took advantage of a special feature of Scan4you that allowed its integration directly into the Citadel malware toolkit through an Application Programming Interface, or API. The API tool allowed Scan4you users the flexibility to scan malware without the need to directly submit the malware to Scan4you’s website.
At its height, Scan4you was the largest service of its kind and had at least thousands of users. Malware developed with the assistance of Scan4you included some of the most prolific malware known to the FBI and was used in major computer intrusions committed against American businesses.
Scan4you differed from legitimate antivirus scanning services in multiple ways. For example, while legitimate scanning services share data about uploaded files with the antivirus community and notify their users that they will do so, Scan4you instead informed its users that they could upload files anonymously and promised not to share information about the uploaded files with the antivirus community.
Bondars faces a maximum penalty of 35 years in prison when sentenced on September 21. Actual sentences for federal crimes are typically less than the maximum penalties. A federal district court judge will determine any sentence after taking into account the U.S. Sentencing Guidelines and other statutory factors.
Tracy Doherty-McCormick, Acting U.S. Attorney for the Eastern District of Virginia, John P. Cronan, Acting Assistant Attorney General of the Justice Department’s Criminal Division, and Matthew J. DeSarno, Special Agent in Charge of the FBI Washington Field Office’s Criminal Division, made the announcement after U.S. District Judge Liam O’Grady accepted the verdict. Assistant U.S. Attorneys Kellen S. Dwyer and Laura Fong, along with Trial Attorneys C. Alden Pelker and Ryan Dickey of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS), prosecuted the case.
The Government of Latvia, including the Latvia State Police International Cooperation Department, the Latvia State Police Cybercrime Unit, and the General Prosecutor’s Office of the Republic of Latvia – International Cooperation Division, provided assistance and support during the investigation. Additional assistance was provided by the Criminal Division’s Office of International Affairs, the FBI’s Atlanta Field Office and the Operational Technology Division, and the U.S. Attorney’s Offices for the District of Minnesota and the Northern District of Georgia.
A copy of this press release is located on the website of the U.S. Attorney’s Office for the Eastern District of Virginia. Related court documents and information is located on the website of the District Court for the Eastern District of Virginia or on PACER by searching for Case No. 1:16-cr-228.