Disgraced ex-Kaspersky guy made me do it, says bloke in Russian court on hacking charges

Oh no I didn't, says disgraced ex-Kaspersky guy


An accused Russian hacker has claimed Kaspersky's former head of investigations blackmailed him into stealing approximately £150,000 from local banks.

Dmitry Popelysh is on trial in Moscow over allegations that he helped pinch more than 12 million roubles from financial institutions including Sberbank and VTB. But he told the court that one-time Kaspersky staffer Ruslan Stoyanov made him do it.

"Popelysh claims that the evidence in his case was fabricated, and that Ruslan Stoyanov, the former head of the Kaspersky Lab's computer incident investigation department, forced him to break into [the bank accounts]," reported local news agency RBC today. Popelysh made his courtroom statement on 5 September.

In February, former police major Stoyanov was sentenced to 14 years in prison for treason after allegedly passing details of an FSB (post-Soviet spy agency) investigation to the US FBI.

Popelysh had been found guilty of hacking in 2012 but was given a suspended sentence. He claimed that Stoyanov, whom he said initially contacted him anonymously, had blackmailed him by threatening to activate his sentence and have him sent to prison unless he co-operated.

The accused further claimed that Stoyanov, whom he said had posed as an anonymous law enforcement person, demanded that Popelysh give him precise details of all the malware, access methods and login credentials used to hack the banks.

"In the course of further communication," Popelysh claimed, "he reminded me that I was convicted of fraudulent acts against VTB24 Bank and that there were episodes of Sberbank that were not included in the case, but he 'will give them a go' if I contact the law enforcement bodies or I won't co-operate with him."

At his arrest for a fresh batch of bank hacks in May 2015, the anonymous person's identity was revealed as Stoyanov, who was "personally present... and said that he was always faithful to his words and that I would now be in prison," Popelysh told the court.

"Remember me? If you say a word about how we worked, I'll find you in prison too, take everything on yourself and I will pull you out," Stoyanov reportedly told Popelysh at his arrest, via Google Translate.

Stoyanov told the RBC news agency, through his lawyer, that Popelysh's claims were untrue and said the hacker had told him personally that he intended to break into more banks' systems and buy himself luxury goods with the proceeds.

Popelysh was charged in 2016 with hacking banks again. Although found guilty and sentenced to eight years, his conviction was overturned in March this year and a retrial was ordered.

RBC also reported that one Konstantin Kozlovsky, another convicted hacker currently serving a prison sentence, "claimed that he had been cooperating with the FSB for about 10 years" and said his FSB handler had ordered him to hack the US Democratic National Committee, Hilary Clinton's private email server and the World Anti-Doping Agency. ®

Similar topics

Broader topics


Other stories you might like

  • Most organizations hit by ransomware would pay up if hit again
    Nine out of ten organizations would do it all over again, keeping attackers in business

    Almost nine in 10 organizations that have suffered a ransomware attack would choose to pay the ransom if hit again, according to a new report, compared with two-thirds of those that have not experienced an attack.

    The findings come from a report titled "How business executives perceive ransomware threat" by security company Kaspersky, which states that ransomware has become an ever-present threat, with 64 percent of companies surveyed already having suffered an attack, but more worryingly, that executives seem to believe that paying the ransom is a reliable way of addressing the issue.

    The report, available here, is based on research involving 900 respondents across North America, South America, Africa, Russia, Europe, and Asia-Pacific. The respondents were in senior non-IT management roles at companies between 50 and 1,000 employees.

    Continue reading
  • APT gang 'Sidewinder' goes on two-year attack spree across Asia
    Launches almost 1,000 raids, plenty with upgraded malware

    Black Hat Asia The advanced persistent threat gang known as SideWinder has gone on an attack spree in the last two years, conducting almost 1,000 raids and deploying increasingly sophisticated attack methods.

    Noushin Shaba, a senior security researcher on Kaspersky's global research and analysis team, today told the Black Hat Asia conference that SideWinder mostly targets military and law enforcement agencies in Pakistan, Bangladesh and other South Asian nations. The gang has previously been associated with Indian actors, but Shaba said previous indicators that led to that attribution have disappeared – she was not confident tying the group to any nation.

    Shaba was, however, happy to declare that SideWinder has become one of the planet's most prolific attackers. Why the gang has stepped up its activities is not known. The Kaspersky researcher opined that perhaps its resources have increased, by means unknown.

    Continue reading
  • Emotet reestablishes itself at the top of the malware world
    Botnet infrastructure shut down last year, now central to a fast-spreading email scam, researchers say

    More than a year after essentially being shut down, the notorious Emotet malware operation is showing a strong resurgence.

    In a March threat index, Check Point researchers put the Windows software nasty at the top of its list as the most widely deployed malware, menacing or infecting as much as 10 percent of organizations around the globe during the month – a seemingly unbelievable estimate, and apparently double that of February.

    Now Kaspersky Labs says a rapidly accelerating and complex spam email campaign is enticing marks with fraudulent messages designed to trick one into unpacking and installing Emotet or Qbot malware that can steal information, collect data on a compromised corporate network, and move laterally through the network and install ransomware or other trojans on networked devices.

    Continue reading
  • Kaspersky cracks Yanluowang ransomware, offers free decryptor
    Step one, get some scrambled files back. Steps two through 37...

    Kaspersky has found a vulnerability in the Yanluowang ransomware encryption algorithm and, as a result, released a free decryptor tool to help victims of this software nasty recover their files.

    Yanluowang, named after a Chinese deity and underworld judge, is a type of ransomware that has been used against financial institutions and other firms in America, Brazil, and Turkey as well as a smaller number of organizations in Sweden and China, Kaspersky said yesterday. The Russian security shop said it found a fatal flaw in the ransomware's encryption system and those afflicted can get a free fix to restore their scrambled data.

    Symantec's threat hunters uncovered this Windows ransomware strain in the fall and said unknown fiends have been using it to infect US corporations since at least August 2021.

    Continue reading
  • Stolen-data market RaidForums taken down in domain seizure
    Suspected admin who went by 'Omnipotent' awaits UK decision on extradition to US

    After at least six years of peddling pilfered personal information, the infamous stolen-data market RaidForums has been shut down following the arrest of suspected founder and admin Diogo Santos Coelho in the UK earlier this year.

    Coelho, 21, who allegedly used the mistaken moniker "Omnipotent" among others, according to the US indictment unsealed on Monday in the Eastern District of Virginia, is currently awaiting the outcome of UK legal proceedings to extradite him to the United States.

    The six-count US indictment [PDF] charges Coelho with conspiracy, access device fraud, and aggravated identity theft following from his alleged activities as the chief administrator of RaidForums, an online market for compromised or stolen databases containing personal and financial information.

    Continue reading
  • Germany advises citizens to uninstall Kaspersky antivirus
    Russian biz founder calls it 'an insult'

    Germany's BSI federal cybersecurity agency has warned the country's citizens not to install Russian-owned Kaspersky antivirus, saying it has "doubts about the reliability of the manufacturer."

    Russia-based Kaspersky has long been a target of suspicious rumors in the West over its ownership and allegiance to Russia's rulers.

    In an advisory published today, the agency said: "The BSI recommends replacing applications from Kaspersky's virus protection software portfolio with alternative products."

    Continue reading

Biting the hand that feeds IT © 1998–2022