Two men from Latvia ran a malware service that has been in operation for more than a decade and used in major attacks against U.S. businesses, according to an indictment unsealed Wednesday in federal court in Alexandria, Va.
The men, along with an alleged co-conspirator in Virginia, designed a buffet of hacking software that they marketed on cybercrime websites, according to prosecutors.
The indictment does not detail which businesses allegedly were affected by the malware or what damage was done by the attacks. The defendants were identified as Ruslans Bondars and Jurijs Martisevs. Both were arrested overseas.
The hidden service the pair allegedly operated was accessible via the encrypted network Tor and has been operational since late 2006, prosecutors said. The tools that they are accused of selling include “some of the most prolific malware known to the Federal Bureau of Investigation,” according to the indictment, and the software “has been used in major computer intrusions committed against American businesses.” One of the largest services of this kind, it had at least 30,000 users, according to prosecutors.
Among the offerings allegedly provided by the defendants: tool kits to create customized malicious files, software that hides those malicious files from anti-virus programs, “Remote Access Trojans” that let a hacker take control of a computer, and “keyloggers” that record anything typed on a computer.
The alleged co-conspirator, described in the indictment as “Z.S.,” operated out of Great Falls, Va., and is accused of designing a keylogger used by 3,000 customers to infect 16,000 computers in 2012.
Martisevs, who appeared at a closed court hearing last week, also gave customer support to clients, according to the indictment. He is being held without bond, and his attorney declined to comment Wednesday.
In a brief court hearing for Bondars on Wednesday, defense attorney Joshua Jacob Horowitz said he expects 25 to 50 terabytes of evidence in the case.
Horowitz argued unsuccessfully for Bondars’s release. “My client came here voluntarily . . . to face these charges,” the attorney said.
Horowitz said Bondars’s employer in Latvia was willing to post a “substantial bond” and pay for the defendant to find a residence in Alexandria. He did not name the employer.
Assistant U.S. Attorney Kellen Dwyer noted that when Bondars was arrested he was carrying $30,000 in U.S. cash and said he has bank accounts in various countries.
U.S. Magistrate Judge Ivan Davis said he could not release a “homeless” defendant who faces arrest by immigration authorities if he is not in jail.
Bondars is a permanent resident of Latvia.
Although Martisevs is described as a Latvian citizen in the indictment, prosecutors said on Thursday they have since determined that he is a Russian citizen who was living in Latvia. The Russian government has protested his arrest, saying it violates a 1999 agreement between the U.S. and Russia dealing with criminal matters. A post on the Facebook page of the Russian Embassy in the United States yesterday describes the arrest as “another case of kidnapping of a Russian citizen.”
Diplomatic staff have spoken with Martisevs and asked permission to meet with him, according to the Facebook post.
The U.S. Attorney’s Office for the Eastern District of Virginia declined to comment on the Russian Embassy’s accusations.
Both men are both charged with conspiracy, conspiracy to commit wire fraud, wire fraud and computer hacking.