Last week, a well-connected Russian cybercrime boss, Aleksei Burkov, pleaded guilty to running an online criminal marketplace and a site that sold stolen credit and debit card data. What's even more intriguing, than the $20 million in fraudulent purchases that Burkov's site facilitated and the exclusive cybercrime ring he ran, is how badly Russia wanted to prevent Burkov from being extradited to the US.
Burkov was arrested in 2015 at an airport near Tel Aviv. In 2017, an Israeli district court approved his extradition to the US, but Russia fought that decision for years. As Krebs on Security points out, the Russian government may be concerned that Burkov knows too much.
In late 2019, Burkov was extradited to the US, and according to the US Attorney's Office, he pleaded guilty to access device fraud and conspiracy to commit computer intrusion, identity theft, wire and access device fraud and money laundering. He faces up to 15 years in prison when he's sentenced on May 8th.
Burkov ran a website called Cardplanet, which sold card data, much of which belonged to US citizens. He also ran DirectConnection, an invitation-only website, where elite cybercriminals could advertise stolen goods, like personally identifying information and malicious software, as well as services, like money laundering and hacking. According to the US Attorney's Office, members had to be vouched for by three existing members and provide a sum of money, normally $5,000, as insurance.
Other DirectConnection members included Maksim Yakubets of Moscow and Russian national Peter Levashov. In December, the FBI offered a $5 million reward for info leading Yakubets' arrest, and as you may remember, Levashov ran the notorious global spam botnet Kelihos. Burkov's plea represents another symbolic victory for American law enforcement's fight against international cybercriminals.