The author of the notorious Blackhole exploit kit has been sentenced to seven years in a Russian penal colony.
Until they were arrested in October 2013—and convicted this week.
Paunch—the hacker-handle of Dmitry Fedotov—and his ring of cyber-gang members will all serve anywhere from five and a half to eight years, with Paunch himself drawing seven. Russian news agency TASS said that one confederate, Vladimir Popov Artem Palchevsky, remains at large and was convicted in absentia.
The ring was convicted of “causing 25 million rubles in damage, by breaking into several bank websites, illegally accessing protected information and stealing funds from legal entities and entrepreneurs,” according to Sophos—which is about $750,000 in 2013 exchange rate values.
Blackhole was long the dominant EK on the internet before Paunch was arrested in 2014. Security researcher Brian Krebs noted that Blackhole pioneered the rent-a-kit model, charging $500 to $700 per month to use its services. For an extra $50 a month, Paunch also rented customers “crypting” services, designed to obfuscate malicious software to get past antivirus software. In total, the attractive pricing and the depth of exploits available made the kit the go-to for hackers worldwide.
“Paunch worked with several other cyber-criminals to purchase new exploits and security vulnerabilities that could be rolled into Blackhole and help increase the success of the software,” Krebs said.
Paunch has made enough money from Blackhole to fund the development and expansion of another, pricier kit, Cool Exploit.
Krebs quoted an associate of Paunch from an underground forum: “We are setting aside a $100K budget to purchase browser and browser plug-in vulnerabilities, which are going to be used exclusively by us, without being released to public (not counting the situations, when a vulnerability is made public not because of us). Not only do we purchase weaponized (ready) exploits, but also their descriptions and proof of concepts (with subsequent joint work with our specialists).”
While Blackhole could be rented from the Paunch gang for $500 per month, Paunch confirmed to Krebs that Cool Exploit cost $10,000 per month.
It all came crashing down with Paunch’s arrest; and the source code was eventually leaked online, effectively defanging Blackhole and paving the way for new EK development.
Photo © Vadim Sadovski