ChronoPay co-founder allegedly linked to DDoS attacks

According to Brian Krebs of the KrebsOnSecurity newswire - and who has been investigating ChronoPay for some time - Pavel Vrublevsky, "the embattled co-founder of ChronoPay - "has reportedly fled the country after the arrest of a suspect who confessed that he was hired by Vrublevsky to launch a debilitating cyber-attack against a top ChronoPay competitor."

The security researcher notes that, back in the summer of last year, rumours started circulating that Vrublevsky had hired a hacker to launch a distributed denial of service (DDoS) attack against Assist, a rival company that was processing payments for Russia's Aeroflot airline.

Aeroflot subsequently award a contract for online payments to Alfa-Bank, rather than Assist, reportedly because of the downtime - presumably caused by the DDoS attack on the service.

"According to documents leaked to several Russian security blogs, investigators with the Russian Federal Security Service (FSB) this month arrested a St. Petersburg man named Igor Artimovich in connection with the [DDoS] attacks", says Krebs in his latest security blog.

"The documents indicate that Artimovich - known in hacker circles by the handle `Engel' - confessed to having used his botnet to attack Assist after receiving instructions and payment from Vrublevsky. The same blogs say Vrublevsky has fled the country. Sources close to the investigation say he is currently in the Maldives. Vrublevsky did not respond to multiple requests for comment", he adds.

And it gets worse, Infosecurity notes, as Krebs goes on to say that the allegations against Artimovich and Vrublevsky were supported by evidence collected by Russian computer forensics firm Group-IB, who assisted the FSB in its investigation,.

"Group-IB presented detailed information on the malware and control servers used to control more than 10,000 infected PCs, and shared with investigators screen shots of the botnet control allegedly used to co-ordinate the DDoS attack against Assist", he says.

"Group-IB said Artimovich's botnet also was used to attack several rogue pharmacy programs that were competing with Rx-Promotion, including Glavmed and Spamit", he adds.

Krebs detailed analysis into the actions of ChronoPay's co-founders are an excellent read, but the bad news is that ChronoPay is widely used as the primary payment mechanism on a number of Central and Eastern websites.

Infosecurity strongly advises the use of a prepaid debit card - such as the IDT Prime and similar MasterCard/Visa cards - and which can be bought pre-loaded at most newsagents.

These cards, which can be managed online and funded through newsagent and Post Office top-ups (recommended for absolute security and ringfencing) cost about £5.00 or so to obtain, and are a sure-fire way of controlling what money can be debited by ChronoPay and similar services, if internet users choose to use such facilities.

What’s hot on Infosecurity Magazine?