For greater than a decade, Vyacheslav Igorevich Penchukov—a Ukrainian who used the web hacker identify “Tank”—managed to evade cops. When FBI and Ukrainian officers raided his Donetsk apartment in 2010, the place was abandoned and Penchukov had vanished. However the prison spree got here to a juddering halt on the finish of 2022, when he traveled to Switzerland, was arrested, and extradited to the US.
As we speak, at a US federal court docket in Lincoln, Nebraska, a choose sentenced Penchukov to 2 concurrent nine-year sentences, after he pleaded responsible to 2 costs of conspiracy to take part in racketeering and a conspiracy to commit wire fraud. United States District Choose John M. Gerrard additionally ordered Penchukov to pay greater than $73 million, in line with court docket data. The court docket additionally ordered three years of supervised launch for every depend and stated they need to run concurrently.
Each costs carried a most sentence of as much as 20 years every. Nonetheless, in line with court docket paperwork, the US authorities and Penchukov’s attorneys each requested a much less extreme sentence following him signing a plea settlement in February. It’s unclear what the phrases of the plea deal embody. On the time, documents show, Penchukov might additionally face having to repay as much as $70 million. “I perceive this, however I don’t have such quantities of cash,” he stated in court docket earlier this yr.
The US prosecution of Penchukov—who has been on the FBI’s “most wished” cyber listing for greater than a decade—is a uncommon blow in opposition to one of the crucial well-connected leaders of a prolific 2010s cybercrime gang. It additionally highlights the continued challenges Western legislation enforcement officers face when taking motion in opposition to Jap European cybercriminals—significantly these based mostly in Russia or Ukraine, which don’t have extradition agreements with the US.
Forward of the sentencing, the Division of Justice refused to touch upon the case, and the FBI and Penchukov’s attorneys didn’t reply to WIRED’s requests for remark.
When the Ukrainian pled responsible in February—a variety of costs have been dropped following him signing the plea settlement—he admitted to being one of many leaders of the Jabber Zeus hacking group, beginning in 2009, that used the Zeus malware to contaminate computer systems and steal individuals’s checking account info. The group used the small print to log into accounts, withdraw cash, after which ship it to varied cash mules—stealing tens of thousands and thousands from small US and European companies.
“The defendant performed an important position, a management position, on this scheme by directing and coordinating the trade of stolen banking credentials and cash mules,” prosecutors said in court earlier this year. They’d steal hundreds from sufferer corporations, usually draining their accounts.
Penchukov, who was additionally a well-known DJ in Ukraine, additionally admitted to a key position organizing the IcedID (additionally identified Bokbot) malware, which collected the sufferer’s monetary particulars and allowed ransomware to be deployed on methods. He was concerned from November 2018 to a minimum of February 2021, officers say. Investigators discovered he saved a spreadsheet detailing the $19.9 million revenue IcedID made in 2021.
