Analysis

U.S. Secret Service Documents Show How Russian Hacker's Network Slashed Their Prison Time

Files passed to Israeli law enforcement and obtained by Haaretz show how Aleksey Burkov's associates struck plea deals with U.S. authorities to hand over partners in cybercrime schemes

Russian hacker Aleksey Burkov at the High Court, November 3, 2019.
Oren Ben Hakoon

U.S. Secret Service documents obtained by Haaretz shed light on a Russian-speaking network of hackers that included Aleksey Burkov, whom Moscow proposed trading for Naama Issachar, an Israeli American jailed in Russia on drug charges.

Israel decided instead to extradite Burkov to the United States, but on Sunday, the High Court of Justice stayed the extradition until it hears a petition by Issachar’s family.

The documents show Burkov’s centrality to the network of Eastern European hackers, some of whom were involved in internet crime for almost two decades.

The documents also show that the American authorities often sign agreements with hackers they catch. This enables them to access their computers and uncover other members of the network.

Hackers who signed such agreements after being extradited to the United States generally receive lenient sentences compared to the maximum permitted by American law. For instance, two members of Burkov’s network were sentenced to six and three and a half years in prison, respectively, whereas a third, who didn’t sign a deal, was sentenced to 27 years.

A source familiar with the American case said the U.S. authorities generally favor such agreements, so as to avoid a trial in which they would have to reveal how they obtained the evidence.

One document that the Secret Service gave to Israeli law enforcement agencies details the evidence against a hacker arrested in Israel in 2016 who is thought to be Burkov’s partner – Ruslan Yeliseyev, a Russian-speaking Ukrainian. Another document is an affidavit submitted to a Virginia court by Secret Service agent John Szydlik, who investigated both Burkov and Yelisayev.

Both documents deal mainly with Yeliseyev, but Burkov and his key role in the network are mentioned several times.

What led to the network’s capture was the arrest of Dmitry Fomichev, a Russian who immigrated to America in 2003 and married an American citizen. According to the documents, he was a senior member of CarderPlanet, a Russian-language forum for internet criminals that the Secret Service considers an organized crime ring.

When the Secret Service searched Fomichev’s California home in 2009, it found two years’ worth of conversations between him and his online colleagues. Later that year, he signed a cooperation agreement under which he gave the authorities passwords to his computer’s encrypted files. According to the documents, these files contained thousands of pages of conversations with other cybercriminals, including CarderPlanet members like Yeliseyev.

Yeliseyev was arrested in Israel when he came here on vacation in December 2016 and was extradited to the United States a year later. Last year, he signed a plea bargain in which he confessed that he and his partners sold the credit card information of 62,000 people, most of them Americans, and hacked into some 40,000 computers.

He was sentenced to six years in prison, but will be released in 2022 due to credit for time served since his arrest. Jacob Margolov, the lawyer who represented him during his Israeli extradition proceedings, said Yeliseyev fought extradition for about a year.

The documents show that following Burkov’s arrest in December 2015, the Secret Service obtained an updated database of an internet forum he ran that had been visited by hundreds of cybercriminals trafficking in stolen credit cards, including Yeliseyev. The forum, called Direct Connection, was one of three sites run by Burkov that trafficked in credit card data. The others were Card Planet LLC (whose internet address was cardplanet.cc) and Cyber Crime.

Szydlik’s affidavit says a search of Burkov’s phone conducted after his arrest confirmed that he ran both Direct Connection and Card Planet LLC.

A document submitted to the Israeli authorities cites messages posted by Yeliseyev on various forms about trafficking in credit card and bank account data, as well as his correspondence with other cybercriminals, including Burkov. Among other things, he offered to sell databases containing information about thousands of private bank accounts obtained via malware introduced into computers.

A chat on Direct Connection between Yeliseyev (under the username Assassin) and Burkov (under the username k0pa) that took place in November 2011 was particularly interesting to the Secret Service. “Bro, set up a search by partial ZIP code, for example by the first three letters or so, clients will appreciate this as well as if there would be an option to buy cards where the cardholders are using a PO Box instead of a street address – this would also be cool, but that’s for consideration,” the message said, according to the Secret Service’s English-language translation of the original Russian.

According to the document submitted to the Israeli authorities, the two discussed this suggestion and three days later, Burkov told Yeliseyev the desired search option had been added to the “card shop,” i.e. Card Planet LLC. The ZIP code search function allowed a criminal to buy cards from his own geographic region, and thereby avoid rousing the credit card companies’ suspicions.

The evidence against Yeliseyev shows that the hacker network also trafficked in email passwords. The documents mention another Ukrainian hacker involved in this business, Sergey Vovnenko, who was arrested in Italy in 2014. After Vovnenko was extradited to the U.S., he signed a cooperation agreement and opened his encrypted computer to the authorities.

In a chat with a person the Secret Service identified as Yeliseyev, Vovnenko agreed to send him half a million email addresses and passwords that he obtained from dating sites. After checking tens of thousands of addresses, Yeliseyev said the passwords had proved accurate and he was starting to sell them.

Vovnenko, like Burkov, was charged with running several forums frequented by hackers and trafficking in stolen credit cards. He was sentenced to three and a half years in jail.