Google wins lawsuit against alleged Russian botnet herders

A New York judge has issued a default judgment against two Russian nationals who are alleged to have helped create the "Glupteba" botnet, sold fraudulent credit card information, and generated cryptocurrency using the network.

The ad giant said Glupteba had infected one million compromised devices across the globe, where it went on steal users' account data, sometimes growing at a speed of thousands per day.

The New York district court judge overseeing the case, Denise Cote, also sanctioned the men and their attorney, Igor B Litvak, for what she described as a "willful campaign to resist discovery and mislead the court," ruling that their attorney had been complicit.

Google sued Dmitry Starovikov and Alexander Filippov – along with 15 other John and Jane Does – in December 2021, saying in the original complaint [PDF] that the botnet "is distinguished from conventional botnets in its technical sophistication: unlike other botnets, the Glupteba botnet leverages blockchain technology to protect itself from disruption."

According to the court docs, the Glupteba malware instructs the computers it has infected to look for the addresses of its command-and-control servers by "referencing transactions associated with specific accounts on the... blockchain." Basically, if the botnet's C2 servers are disabled, its operators can simply set up new servers and broadcast their addresses on the blockchain.

Judge Cote said in her opinion and order [PDF] that the Defendants had "attempted to negotiate a discovery plan in bad faith, requesting an exchange of electronic devices" – although they knew they could not provide the devices they said they had.

According to the judge, the defendants and their lawyer told Google that pertinent discovery information was held by their former employer Valtron LLC, (OOO ВАЛЬТРОН in Russian), a limited liability company based in Moscow. Both defendants had said they worked for Valtron LLC "as a software engineer" but later told the court "they been fired by Valtron at the end of 2021 and had left their laptops with Valtron in mid-January 2022."

The pair appeared to have led Google on a merry chase, at least according to the contents of the order.

Discovery is the common law process where each party in a trial can get evidence from the other side, sometimes asking the court to help them (under the rules) or getting third parties to produce evidence using subpoenas.

According to the order, Starovikov and Filippov's lawyer apparently proposed discovery of "any computers or devices used in Google's investigation of the defendants, and limiting discovery of the Defendants' devices to those devices 'over which the Defendants have actual physical control and possession'."

Google rejected this and the device exchange never happened.

• Google launches lawsuit against a blockchain-enabled botnet
• Dissected: A dropper-as-a-service miscreants pay to push their malware onto potentially 1,000s of victims
• FBI: Russian hacktivists achieve only 'limited' DDoS success
• Feds accuse Ukrainian of renting out PC-raiding Raccoon malware to fiends

In an order on June 9, the district judge went on to explain, the court found there was reason to believe that the defendants sought discovery only "to learn whether they could circumvent the steps that Google has taken to block the malware described in its complaint."

Google's claims against the men and their co-defendants fell under the Racketeer Influenced and Corrupt Organizations Act, the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act and the Lanham Act.

According to the order:

According to the order, Google then rejected the Defendants' offer as extortionate, and reported it to law enforcement.

The defendants subsequently asked the court for sanctions "against Google for threatening to make a criminal referral against them in order to obtain an advantage in a civil matter." Judge Cote denied this motion.

The New York judge also sanctioned the pair's attorney, Litvak, saying he has "a duty of candor to the court – including a duty to promptly correct any unintentional misrepresentations." The trio will have to pay Google LLC's attorney fees and expenses.

We should also note that Starovikov, Filippov, and Litvak all dispute that they ever "made any intentional misrepresentation to either Google or to the court."

The pair have never appeared in court.

We have asked Google for comment.

Litvak emailed The Reg this statement: "All I can say is that it was an erroneous decision that will be appealed. I am very confident that it will be overturned on appeal." ®