Operator of a proxy botnet that redirected malicious traffic pleads guilty

Estonian citizen Pavel Tsurkan pleaded guilty in an American court to the creation and management of a proxy botnet from hacked routers that redirected malicious traffic from other cybercriminal groups.

According to court documents, the botnet, which Turcan controlled through the website russian2015.ru, allegedly infected more than 1,000 routers. The defendant modified the settings of the compromised routers to use them as proxies, which allowed him to redirect third-party Internet traffic through home routers without the knowledge of their owners.

According to the US Department of Justice, in some cases, one router was used to forward traffic from several cybercriminal groups at once. The jailbroken devices served a variety of purposes, including sending spam. The amount of traffic passing through the infected routers ranged from 3 GB to 6 GB per day. Some victims suffered hundreds of thousands of dollars in damage.

Turcan was arrested in Estonia in 2019 and extradited to the United States. On charges of creating a botnet, he faces up to 10 years in prison. In addition, Turcan pleaded guilty to running the Crypt4U service, which allowed cybercriminals to disguise the malicious behaviour of malware. For this crime, the man also faces up to 10 years in prison.

The Estonian is currently released on bail. The court hearing in the Crypt4U case is scheduled for September 27, 2021, and in the Russian2015 botnet case – for November 10 of this year.

Catch up on more articles here

Follow us on Twitter here


Must read


Related Posts