Mastermind behind Scan4you gets 14 years, helped steal £15 billion

News by Doug Olenick

A Latvian resident was sentenced to 14 years in prison for operating the Scan4you service which helped cyber-criminals more effectively attack their targets enabling more than US$ 20.5 billion (£15.6 billion).

A Latvian resident was sentenced to 14 years in prison for operating the Scan4you service which helped cyber-criminals more effectively attack their targets enabling more than US$ 20.5 billion (£15.6 billion).

Ruslans Bondars, a former Soviet Union national residing in Latvia, was sentenced after being found guilty by a jury on 16 May on one count of conspiracy to violate the Computer Fraud and Abuse Act, one count of conspiracy to commit wire fraud, and one count of computer intrusion with intent to cause damage and aiding and abetting, the Department of Justice reported.

Bondars service used software capable of checking if a potential target used cyber-security software that would detect an attack.

"Ruslans Bondars designed and operated a service that provided essential aid to some of the world’s most destructive hackers," said US Attorney G. Zachary Terwilliger, "This prosecution demonstrates our commitment to combating global computer crime by taking away the essential tools upon which hackers rely."

Scan4you operated from between 2009 and 2016. According to the DOJ, Bondars for a fee for would scan targets, particularly US retailers, financial institutions and government agencies from computer intrusions, to check if they were vulnerable prior to an attack. The service, which had thousands of users, was so successful it enabled threat actors to steal more than 40 million credit card numbers, 70 million addresses, phone numbers and other PII. One cyber-attack that was launched in conjunction with Scan4you lost US$ 292 million (£222 million). Total losses were estimated at US$ 20.5 billion (£15.6 billion).

Scan4you was used to assist those developing Citadel malware which eventually infected more than 11 million computers worldwide resulting in US$ 500 million (£380 million) in fraud-related losses, the DOJ said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event