Russian Hacker Pleads Guilty to Ebury Botnet Role

Written by

A Russian hacker has pleaded guilty to playing a major role in building the infamous Ebury botnet, which helped to fraudulently generate millions of dollars.

Maxim Senakh, 41, of Velikii Novgorod, pleaded guilty on Tuesday to conspiracy to violate the Computer Fraud and Abuse Act and to commit wire fraud.

Along with co-conspirators, Senakh is said to have helped develop the Ebury malware, which targeted the log-ins of servers running Solaris, Linux and similar Unix-like operating systems.

It’s a rootkit/backdoor Trojan designed to steal SSH log-in credentials from incoming and outgoing SSH connections.

They then combined these remotely controlled servers into a botnet, monetizing it via click fraud and spam campaigns, according to the Department of Justice.

The scams apparently compromised tens of thousands of servers around the world and earned Senakh and his co-conspirators millions of dollars in the process.

“As part of the plea, Senakh admitted that he supported the criminal enterprise by creating accounts with domain registrars which helped build the Ebury botnet infrastructure and personally profited from traffic generated by the Ebury botnet,” noted the DoJ.

The Ebury malware leaped to notoriety in 2011 when it was used to hack the Linux Kernel Organization and Linux Foundation.

Last year, a Florida computer programmer was arrested on suspicion of the crime. He’s said to have used the Ebury malware to harvest the credentials of administrators responsible for four targeted servers used to maintain and distribute the Linux operating system.

Senakh was indicted on 13 January 2015 and subsequently arrested by Finnish law enforcers, who agreed to extradite him to the United States. His sentencing is expected on 3 August.

The DoJ is lucky to have gotten hold of its man, given the breakdown in co-operation between US and Russian law enforcers and cybersecurity experts of late.

Reports have claimed that the recent arrests for treason of current and former FSB operatives – one of whom is a Kaspersky Lab research boss – were intended in part to send a clear message to those thinking of sharing sensitive information with the West.

What’s hot on Infosecurity Magazine?