A 37-year-old man has been given a 14-year prison sentence for developing and running a scam service called Scan4You, which aids in malware attacks and other cybercrimes. The culprit, Ruslan Bondars, a Latvian citizen, was found guilty of one count of conspiracy to violate the Computer Fraud and Abuse Act and one count of conspiracy to commit wire fraud in Virginia following an April arrest in 2017. He, however, received another count of computer intrusion with intent to cause damage and to aid and abet.
During the five-day jury trial on May 16, in U.S. District Court for the Eastern District of Virginia, a co-conspirator indicted in the case told the court that, he together with Bonders had previously worked with Russian law enforcement. Bonders was liable for as many as 35 years in prison and was subsequently extradited to the United States where a four-count indictment was awaiting him.
Brian A. Benczkowski, Assistant Attorney General of the Justice Department’s criminal division, after the trial told reporters that, Bondars assisted malware developers in attacking American businesses, and often. He continued that, The Department of Justice together with its law enforcement partners do not see any difference between service providers like Scan4You and the hackers they aid. “We will hold them accountable for all of the significant harm they cause and work tirelessly to bring them to justice, wherever they may be located,” he added.
According to court filings, Bondars claimed that his service wasn’t responsible in any way for the huge data breach which left Target swimming in losses of over millions of dollars. Fact of the matter is that one person was using his service when they committed the 2013 hack that was responsible for the theft of credit card information on over 40 million Target customers.
He argued that Target’s security system was partly at fault because they detected his malware but chose to ignore it, as it was running through a mainstream virus-detection service. A court testimony further backed Bondars’ claim that his service didn’t help break into Target’s system nor was it responsible for the actual theft of information. Defense Attorney Jessica Carmichael also stated that their position protects all online businesses and all online businesses have legitimate and illegitimate users.
Additional reports, however, revealed that the tested files in Bondars’ Scan4You had another motive and that was to find out where payment information was hidden. “At the beginning, Scan4You was so small,” Bondars stated after his hearing, adding that “It got much bigger very quickly; it happened so fast.” Target has since demanded an undisclosed amount from the culprit as compensation for their loss.
Taylor Huddleston, a co-conspirator also took Bondars’ strategy, claiming that he was being prosecuted for the wrong reasons as the software that he designed was never supposed to be malicious. He, however, entered a guilty plea to a hacking-related crime in Alexandria and one of his co-defendants testified against Bondars.
Judge Liam O’Grady, however, saw possibility in Bondars’ claims, stating that, “It’s an interesting theory,” but not one that applies in criminal cases. He told Bondars that there’s zero chance that he didn’t know his service could harm people.
Scan4You is a service, which enables cybercrime by allowing malware developers to develop a code to bypass any anti-virus defense easily. It has however been broken down amid reports of the damage it’s causing. Scan4You is popularly known amongst security researchers and malware creators as a “counter antivirus” or a “no-distribute-scanner,” in the InfoSec industry.
The service is synonymous with Google’s legal VirusTotal web service regarding the ways it works. It combines scan engines from numerous antivirus firms and enables a user to run files against multiple antivirus programs at the same time. The Scan4You service has been the go-to for malware developers whenever they want to test out malware before they execute it into real world campaigns, perfecting them to avoid detections.
Reports suggest that Bondars created this service back in 2009 and soon became a hot cake in the hacker community. Bondars is reported to have remained an active participant of the hacker community since 2006 and was also involved in distribution of both the ZeuS and SpyEye banking Trojans.
His service was allegedly hosted on the servers of Amazon while malware developers used to pay to get full access to its complete features.