A Russian national who was extradited to the U.S. last year over Kremlin objections pleaded guilty in a Virginia federal courtroom Monday to conspiracy and aiding and abetting computer intrusion, admitting he operated a dark web service that helped thousands of hackers conceal malware from detection.
Jurijs Martisevs, a 36-year-old Moscovite arrested on a trip to Latvia, helped run a service called Scan4you that filled a crucial niche in the underground economy. Before deploying a piece of malware, hackers need to know it won't be immediately detected and quarantined by the dozens of consumer and commercial security products on the market. That’s where Scan4you comes in. For fifteen cents a pop, a hacker could upload their pre-launch code to Scan4you, which would then automatically check it against 30 different security scanners and report back the results.
Armed with that information, a hacker can make iterative changes to their code until the detection rate is sufficiently low, or even zero. Scan4you was the most successful of a slew of similar offerings advertised on underground forums, and operated from at least 2009 until the arrest of Martisevs and a co-defendant last year.
"Throughout its lifetime, the service has had thousands of users,” reads a statement of facts agreed to by Martisevs, “and has received and scanned millions of malicious files.”
According to Martisevs' plea documents, Scan4you's customers included some serious players, including the perpetrators of a national retail breach in November 2013. The retailer is unnamed, but the timing and description coincides with that month’s massive Target hack. The hackers submitted variations of their credit card stealing code to Scan4you four times over the course of two weeks before finally deploying the malware on Black Friday weekend. The Target breach ultimately netted thieves some 40 million credit and debit cards, and resulted in a $10 million consumer class action against Target.
Ruslans Bondars, Martisevs' co-defendant, was allegedly the creator and technical brains behind Scan4you. Bondars is a Latvian national extradited along with Martisevs. He’s in custody pending a May trial date.
Martisevs’ responsibilities included advertising, technical support and franchising, by which entrepreneurs outside of Russia could pay to launch their own localized scanning site using Scan4you's infrastructure. Scan4you even boasted an API so it could be wrapped into other cybercrime-as-a-service offerings, including the notorious Citadel toolkit used to initiate wire transfers out of a victim’s bank account.
As a Russian citizen operating inside Russia, Martisevs was safe from American prosecutors until he made the mistake of leaving the country last April. He was pulled off a train as he crossed the Latvian border and quickly extradited to the U.S. – one in a string of Russian hacking defendants who’ve been picked up on U.S. warrants while abroad.
The Russian government protested Martisevs’ arrest and extradition, condemning it in a statement at the time as “another case of kidnapping of a Russian citizen by the US authorities.”
Under the terms of his plea agreement, Martisevs likely faces no more than 30 months in prison. Sentencing is set for July 6 in Alexandria, Virginia. The case was prosecuted by assistant U.S. attorney Kellen Dwyer, and initially by Justice Department senior counsel Ryan Dickey, a cybercrime specialist who left the case to join special counsel Robert Mueller’s investigation in January.