In Newark, New Jersey, the administrator of two so-called “hacking forums” pleaded guilty to two charges from a six-count indictment. The administrator end International hacker admitted that he committed wire fraud and aggravated identity theft in New Jersey and many known and unknown locations in the United States. The hacker/admin, Sergey Vovnenko, worked with an international criminal investigation from 2010 until his arrest in 2014.
He used several aliases, according to the indictment: Sergey Vovnencko,” “Tomas Rimkis,” “Flycracker,” “Flyck,” “Fly,” “Centurion,” “MUXACC1,” “Stranier,” and “Darklife.” In an international investigation, Italian law enforcement caught Vovnenko while he used the pseudonym dark life. Vovnenko landed in custody on June 13th, 2014. Italian law enforcement then begin the extradition process that he fought for more than a year. Finally, the Secret Service—the agency behind the investigation—received the suspect and began the criminal prosecution procedure.
According to the indictment, Vovnenko, along with his known and unknown conspirators, breached computers that belonged to companies in the United States. The indictment mentions elsewhere but not specific locations. The defendant admitted that he hacked the computers of US companies. He then stole usernames and passwords for various financial services. Most notably, banks, debit cards, and credit cards.
Vovnenko, the indictment continued, used his administrative or high ranking privileges on two separate hacking forums to sell the stolen credentials. He used a botnet to control 13,000 computers. He infected the computers with the Zeus Trojan or bot, specifically designed to log keystrokes and steal banking information. The advertisements and listings occurred three forums, but only two proved relevant to the case.
It was further part of the conspiracy that one of the forms of malware that
defendant VOVNENKO and others installed on infected computers was known as “Zeus,” which was malware designed to steal banking information and record the keystrokes of the users of infected computers.
Charges three through six came from acts of aggravated identity theft in 2011. The indictment lists a victim named J.H. as the recipient of several forms of identity theft. He used, the login details for J.H. to access a bank, health insurance plan, internal company resources, and a second set of internal company resources.
According to the announcement from U.S. Attorney Paul J. Fishman, Vovnenko pleaded guilty to count one and count three; one wire fraud charge and one identity theft charge. The usual US cybercrime agencies were thanked in the press release as well as Italian law enforcement officials.