According to court documents, Pavel Tsurkan, 33, operated a criminal proxy botnet by remotely accessing and compromising more than 1,000 computer devices and internet routers worldwide, including at least 60 victims in Alaska. He used the victims’ devices to build and operate an Internet of Things (IoT)-based botnet dubbed the “Russian2015” using the domain Russian2015.ru. He modified the operation of each compromised internet router so it could be used as a proxy to transmit third-party internet traffic without the owners’ knowledge or consent. He then sold access to global cybercriminals who channeled their traffic through the victims’ home routers, using the victims’ devices to engage in spam campaigns and other criminal activity. The Alaska victims experienced significant data overages even when there were no home computers connected to the victims’ home networks. The data overages resulted in hundreds to thousands of dollars per victim.
“Today’s cybercriminals rely on increasingly sophisticated techniques to hijack computers and personal electronic devices for their criminal activities. Botnets like the ‘Russian2015’ are a dangerous threat to all Americans and today’s guilty plea demonstrates we can and will hold accountable foreign cybercriminals and their enablers,” said Acting U.S. Attorney Bryan Wilson, District of Alaska. “Our success in disrupting this botnet was the result of a strong partnership between private industry experts and law enforcement.”
Tsurkan is scheduled to be sentenced on November 10, 2021 and faces a maximum penalty of 10 years in prison. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.
The FBI’s Anchorage Field Office is investigating the case in partnership with GCI and Palo Alto Networks Unit 42. The FBI’s New Haven, Connecticut, Field Office provided assistance and support during the investigation.
Assistant U.S. Attorney Adam Alexander and Trial Attorney Alden Pelker of the Criminal Division’s Computer Crime and Intellectual Property Section are prosecuting the case.