Some of the world’s most notorious criminals have been brought to Atlanta in recent years.
Known online by such names as M.U.R.D.E.R.E.R., Kolypto, RainerFox, Gribodemon and Track2, they are cybercriminals, involved in schemes that collectively stole hundreds of millions of dollars.
Now, there’s news that two investigations out of Atlanta have ties to the takedown of AlphaBay, described as the largest criminal marketplace on the internet — said to be 10 times the size of the notorious Silk Road. AlphaBay sold malware, illegal drugs, stolen and fraudulent documents, counterfeit goods, firearms and toxic chemicals worldwide, federal officials said.
An AlphaBay staffer living in the U.S. was identified through an ongoing investigation here, U.S. Attorney John Horn announced. No other details on that case were released.
The second investigation that aided the international effort involved a vendor on AlphaBay: Aaron James Glende, aka IcyEagle, nailed by Horn’s office and the FBI-Atlanta Field Division.
Atlanta has developed a reputation for going after hackers and other cybercriminals, so its involvement in the AlphaBay probe shouldn’t be too much of a surprise. Consider these recent cases out of Georgia:
- The same day U.S. Attorney Jeff Sessions announced that AlphaBay was dismantled, Horn’s office announced that Evgeny Tarasovich Levitskyy, known as M.U.R.D.E.R.E.R as well as Vinch and Vinchenco, was sentenced to 46 months in prison. Levitskyy, who is from the Ukraine, took part in a hacking scheme where cybercriminals stole more than $9 million in 12 hours from ATMs worldwide. That scheme infiltrated customer data on payroll debit cards processed by Atlanta-based RBS WorldPay, which was then an arm of Royal Bank of Scotland Group. Levitskyy’s role was to withdraw cash using the stolen information. Prosecutors alleged he was responsible for cashing out nearly $500,000 associated with a single hacked debit card number. He was extradited from the Czech Republic to stand trial here.
- On Wednesday, Russian citizen Mark Vartanyan, aka Kolypto, was sentenced to five years in federal prison for playing a key role in a malware scheme that resulted in more than $500 million in losses.
Prosecutors said Vartanyan, working from residences in Ukraine and Norway, played a key role in developing, maintaining and distributing a malware toolkit known as Citadel, which aimed at stealing financial account credentials. He was nabbed in Norway in 2014 and brought to Atlanta for trial. In 2015, another Russian, Dimitry Belorossov, aka Rainerfox, was sentenced to four years, six months in prison for computer fraud for distributing and installing Citadel.
- In May, Roman Selezney, aka Track2, was arraigned in federal court in Atlanta, brought here after being convicted in the state of Washington a scheme that caused $169 million in damages to restaurants and other businesses. The son of a prominent Russian lawmaker, he is facing multiple felony counts in the RBS Worldpay scheme that also involved Levitskyy along with some dozen other people, most of them foreign nationals. Selezney had been apprehended in the Maldives as he was about to board a flight home to Russia.
- Earlier this year, Nigerian citizen Damilola Solomon Ibiwoye pleaded guilty to computer fraud in a scheme involving a phishing scam that targeted U.S. universities. The case against his alleged cohort, Olayinka Olaniy, is pending, with trial set for August, court records show. Both were extradited from Malaysia to face charges here.
- In 2016, Aleksandr Andreevich Panin, aka Gribodemon, and Hamza Bendelladj, aka Bx1, were sentenced for their roles in a malware program known as SpyEye, which infected computers around the world and caused an estimated $1 billion in financial harm. They were busted after the FBI in 2011 searched and seized the SpyEye command and control computer in Georgia. It was operated by Bendelladj from his home in Algeria, prosecutors said. The trail eventually led to Panin, a Russian who prosecutors said developed SpyEye. Panin was arrested when he flew through Hartsfield-Jackson Atlanta International Airport. Vendelladj was caught in Thailand and extradited here.
- Also in 2016, Glende — the lone U.S. resident among recent high-profile defendants — was sentenced to 50 months in prison after pleaded guilty to access device fraud and aggravated identity theft in a scheme that targeted SunTrust Bank.
The 36-year-old first came to attention of authorities in Minnesota after a postal inspector intercepted a package containing the opioid oxycodone. When police went to his home, they discovered packages ready to be mailed containing Valiu, Xanax and oxycodone. Later, FBI connected him to his dark net user names. He advertised his criminal services on AlphaBay, selling information on hacked SunTrust accounts to customers who paid him with Bitcoin, according to court records. One ad, titled “High Balance SunTrust Logins 30k-150k available,” said this in the listing: “I bring you freshly hacked Sun Trust Bank Account logins. The accounts are notorious for having weak security.”
Late last year, Horn’s office announced that it had launched a cybercrime unit and was staffing it with five federal prosecutors to assist federal agencies in investigations around the world, he said.
Working with federal prosecutors here are cybercrime experts with the FBI along with agents with the Secret Service’s Atlanta Field Office.