Hacker Sentenced for Running “Scan4you” Malware Scanning Service

Latvian hacker Rusland Bondars, who had developed and run the Scan4you” Malware Scanning Service, has been sentenced to 14 years in prison.

Ruslans Bondars, 38, who was tried for conspiracy to violate the Computer Fraud and Abuse Act, conspiracy to commit wire fraud, and for computer intrusion with intent to cause damage and aiding and abetting, was convicted on May 16. The sentence on him was passed recently.

A press release (dated September 21, 2018) by the U.S Department of Justice reads, “A Latvian “non-citizen,” meaning a citizen of the former USSR who resided in Riga, Latvia, was sentenced to 168 months in prison today for offenses related to his operation of “Scan4you,” an online counter antivirus service that helped computer hackers determine whether the computer viruses and other malicious software they created would be detected by antivirus software, announced Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division, U.S. Attorney G. Zachary Terwilliger of the Eastern District of Virginia, and Special Agent in Charge Matthew J. DeSarno of the FBI Washington Field Office’s Criminal Division.”

Scan4you, which is a multi-engine website virus scanning tool just like VirusTotal, Google’s legitimate web service, had helped many cybercriminals run their code through many mainstream antiviruses and later launch them into malware campaigns. Ruslans Bondars had operated Scan4you for about seven years, from 2009 to 2016, during which Scan4you provided hackers with various information, including details that could help them determine if their malware codes would be detected by antivirus programs. The information provided, which was provided for a fee, focussed on antivirus software which were used to protect many U.S. retailers, financial institutions and government agencies from cyberattacks.

Assistant Attorney General Benczkowski has clarified, “Ruslans Bondars helped malware developers attack American businesses. The Department of Justice and its law enforcement partners make no distinction between service providers like Scan4You and the hackers they assist: we will hold them accountable for all of the significant harm they cause and work tirelessly to bring them to justice, wherever they may be located.”

The Department of Justice press release also details two examples of how Scan4you helped people execute cyberattacks. The release explains, “A Scan4you customer, for example, used the service to test malware that was subsequently used to steal approximately 40 million credit and debit card numbers, as well as approximately 70 million addresses, phone numbers and other pieces of personal identifying information, from retail store locations throughout the United States, causing one retailer approximately $292 million in expenses resulting from the intrusion.”

The release also explains how another customer used Scan4you to help develop “Citadel”, a malware strain that was used to infect more than 11 million computers across the world and caused losses amounting to over $500 million. “The Citadel developer took advantage of a special feature of Scan4you that allowed its integration directly into the Citadel malware toolkit through an Application Programming Interface, or API. The API tool allowed Scan4you users the flexibility to scan malware without the need to directly submit the malware to Scan4you’s website”, says the press release.

The release further adds, “At its height, Scan4you was one of the largest services of its kind and had at least thousands of users. Malware developed with the assistance of Scan4you included some of the most prolific malware known to the FBI and was used in major computer intrusions committed against American businesses.”

Unlike other legitimate antivirus scanning services, Scan4you desisted from sharing data about uploaded files with the antivirus community. Instead, it permits its users to upload files anonymously.

The court, which has found the loss caused by Scan4you to be around $20.5 billion, has also ordered Rusland Bondars to serve three years of supervised release. A decision would also be taken regarding forfeiture and payment of restitution to those who have suffered losses.

FBI Special Agent in Charge DeSarno has stated, “We continue to face sophisticated cyber threats from state-sponsored hackers, hackers for hire, organized cyber syndicates, and terrorists…This prosecution should serve as an example to those who assist or facilitate criminal hacking activity that they will be exposed and held accountable no matter where they are in the world.”