Evil Corp: "My hunt for the most wanted hackers in the world"

Russians are a majority of those on the FBI's Cyber Most Wanted List.

Evil Corp: "My hunt for the most wanted hackers in the world"

Russians are a majority of those on the FBI's Cyber Most Wanted List. Some allegedly work for government and earn a regular salary. Others are accused of making a fortune through ransomware attacks or online theft. They would be arrested if they fled Russia, but they are allowed to stay in Russia.

As I watched the cat eating the carcass of a take-out chicken, I thought "We're wasting time."

It is unlikely that there would be any trace of an alleged cyber-criminal multi-millionaire on the dilapidated estate in a small town 700km (400 mi) east of Moscow.

I continued to push with an interpreter, cameraman and shooed the cat away from the block's entrance.

We knocked on one of the doors and a young man answered. A curious, elderly woman looked around the corner from the kitchen at us.

"Igor Turashev? He said, "No, I don’t recognize the name."

"His family is here, so who's he?" We asked.

After a friendly conversation, we explained that we were BBC reporters. The mood instantly changed.

"I'm not going to tell you where he's at, and I don't recommend that you try to find him." The young man swore angrily that he shouldn't have arrived here.

I didn't get a good night's sleep that night because of the contradicting advice I was given by security personnel.

Some claimed that it was dangerous to try and track down cyber-criminals at home. I was informed that they would have armed guards. Another warned that you would end up in a ditch somewhere. Others agreed that it was fine because they are computer geeks.

We said that we would not get them anywhere.

Two years ago, the FBI formally named nine members of Evil Corp, a Russian hacking group. They accused Maksim Yakubets (the gang's leader) and Igor Turashev of stealing more than $100m in hacks that affected 40 countries.

These victims include small businesses, multinationals like Garmin and charities as well as schools. These are just the victims we know of.

According to the US Department of Justice, these men are cyber-enabled bank thieves who have launched ransomware attacks or hacked into accounts in order to steal money.

Maksim Yakubets (32 at the time) was made a poster boy for the Russian hacker playboy.

The footage of the gang was obtained by the UK’s National Crime Agency. It showed the men driving custom Lamborghinis and laughing with wads upon wads of money while playing with a pet Lion cub.

Two years of hard work culminated in the FBI's indictment against the men. This included interviews with former gang members as well as the use of cyberforensics. Some of the information dates back to 2010, when Russian police were still willing to collaborate with American colleagues.

Those days are gone. Russian officials routinely ignore US hacking accusations made against their citizens.

The hackers are allowed to continue, but they are also recruited by the security forces.

Our investigation into Maksim Yankubets began in an unusual place: a golf course located two hours from Moscow.

This was the location for his 2017 spectacular wedding. Radio Free Europe/Radio Liberty shared it widely.

It is clear that Yakubets's face is not shown in the footage. However, Yakubets can be seen dancing under beautiful lighting to live music performed and recorded by a Russian singer.

Natalia, a wedding planner, didn't give any details about Yakubets’ big day, but she showed us around the important locations including a pillared structure carved from the hills near a lake.

She said, "It's our only room." "The newlyweds love getting inside for romance and photo shoots."

I did some maths as we drove around in a golf cart. Based on what I was told, this grand wedding would have been significantly more expensive than the estimated $250,000. It was possible that the price tag could have been closer to half a billion dollars or $600,000.

Although we don't know the exact cost of the day, it is a good indicator of his lavish lifestyle.

Igor Turashev (40) is not keeping a low profile.

My colleague Andrey Zkharov, BBC Russia’s Cyber Reporter, discovered three companies that were registered under his name using public records.

All of them have offices in Moscow’s prestigious Federation Tower. This is a shining skyscraper in Moscow’s financial district that would look right at home in Manhattan or London's Canary Wharf.

The receptionist was puzzled and searched for a number. However, she did manage to locate a phone number for the company and was able to connect us.

We called it, and waited. After about five minutes of Frank Sinatra music, someone finally picked up. He sounded like he was walking along a busy street, but hung up when we told him we were journalists.

Andrey explained that Turashev isn't wanted in Russia, so no one is stopping him from renting expensive office space in a city-centre location.

It might also make it easier for him to be found among financial companies. This includes those that deal with cryptocurrencies such as Bitcoin. Evil Corp is accused of collecting ransomware victims' money - $10 million in one case.

According to a Bloomberg report, Chainalysis's research on Bitcoin analysts has shown that the Federation Tower contains many crypto companies that act as "cash machines" for cyber-criminals.

We tried two more addresses that were linked to Turashev as well as another key Evil Corp figure, Denis Gusev. We made many phone calls and emails, but no one answered.

Andrey and me spent a lot of time searching for a job for Maksim Yakubets.

Although he was once a director at his mother's cattle-feed company, he seems to no longer have a registered business or employer.

We did however find addresses where he may still be living so we decided to go knocking one night.

One man laughed as we explained our origins over the intercom.

"Maksim Yakubets has moved on. He hasn’t been there for about 15 years. He said, "I'm his father."

Surprised, Yakubets senior came out of the hall and gave us a 20-minute interview. He slammed the US authorities for his son's indictment.

The $5m US reward for information that led to the arrest of his son - the largest ever bounty for a cyber-criminal named - had caused the family to live in fear, Mr Yakubets stated, demanding that we publish his words.

"The Americans caused a problem for me and my family. It was also for many of our relatives. What was its purpose? American justice has become Soviet justice. He wasn't interrogated or questioned and there weren't any procedures to prove his guilt.

He said that his son wasn't a cyber-criminal. I asked him how he got so rich. He laughed and said that I exaggerated the cost of the wedding and that the luxury cars had been rented. Maksim said that Maksim earned more than the average salary because he worked, got paid and has a job.

"What is he doing for work?" I was curious.

"Why should you tell me?" He replied. He replied, "What about our private lives?"

He claimed he had not been in contact with his son in the past two years and could not get in touch with us.

As the West fights cyber-attacks, Yakubets Turashev and Turashev join the growing number of Russian citizens who have cyber-sanctions.

Russians have seen more people and organizations indicted and sanctioned than any other nation.

The indictments stop hackers from traveling abroad. However, the sanctions freeze assets they have in Western countries and prohibit them from doing business.

The European Union began issuing cyber-sanctions last year, following the US's lead. It's mostly Russians that have been named on this list.

These lists include a large number of people who are believed to be connected to Russia. They hack in order to spy on, project power, or exert pressure. All nations hack one another, but the US, EU, and its allies insist that some Russian attacks are unacceptable.

The men are accused of hacking into power grids and causing widespread blackouts across Ukraine. Others are wanted in connection with an attempt to hack into a chemical weapon testing facility.

The Kremlin refutes all allegations and routinely laughs them off as Western hysteria or "Russophobia".

We focused our investigation on those accused of hacking for profits, as there are no clear guidelines.

Cyber-sanctions for "criminal" hackers also work.

Yakubets' father said that the impact they had on Yakubets was minimal.

Evil Corp seems to have been unaffected.

Cyber-security researchers claim that the crew is still operating lucrative cyber-attacks against mainly Western targets.

Researchers and ex-hackers agree that the "golden rule" in Russian hacking is that criminal hackers who aren't employed by the state can hack into any victim anywhere, provided they aren't in Russian-speaking or ex-Soviet territories.

Cyber-security researchers have observed a decrease in attacks in these countries over the years. Some malware can also be designed to work with Russian language systems.

Lilia Yapparova is an investigative reporter at Meduza, one the few independent news organizations in the country. She says that the golden rule is useful for intelligence services because they can exploit the skills hackers have acquired while working for themselves.

"It is more valuable for the FSB that hackers in Russia are enlisted by them than to send them to jail. She says that one of my sources is an ex-FSB officer who tried to enlist some Evil Corp guys to do some work for her.

According to the US, Maksim Yakubets is among those who claim that Maksim Yakubets (and other wanted hackers such as Evgeniy Bogachev) worked directly for intelligence services.

It is possible that Yakubets father-in law, as seen in the wedding video below, was a former high-ranking member of the FSB.

We asked the Russian government for comment on hackers operating freely in Russia. They did not respond.

This summer, when Joe Biden and Vladimir Putin were asked about it at the Geneva summit, Putin denied that the high-profile cyber-attacks originated in Russia. He even claimed that the majority of cyber-attacks started in the USA. He said that he would cooperate with the US to "bring about order".

The US and its allies have been using a more aggressive tactic in the past six months, going beyond cyber-sanctions.

They began hacking against cyber-crime gangs, and were able to take some of them offline temporarily. REvil and DarkSide announced that they were no longer in operation due to law enforcement action.

Two times, US government hackers managed to recover millions of dollars worth of Bitcoin from victims.

A multinational effort that involved Europol and the US Department of Justice saw hackers also arrested in South Korea and Kuwait, Romania, and Ukraine.

Cyber security experts say that hackers are becoming more common and are attacking more often every week. They believe the phenomenon will continue to grow as long as hackers are able to thrive in Russia.

Russian rapper Plinofficial dreamed once of becoming the most successful rap artist on Earth. What went wrong?

How the FBI was attracted to a rapper's posts on social media

Yorum yapabilmek için üye girişi yapmanız gerekmektedir.

Üye değilseniz hemen üye olun veya giriş yapın.