Man
Professional
- Messages
- 2,956
- Reaction score
- 477
- Points
- 83
Izvestia's investigation is about the ideologist of foreign call centers and the supplier of stolen data about Russians.
One of the key distributors of personal data of Russians in the interests of telephone scammers may be Ukrainian hacker Vladislav Khorokhorin, convicted of stealing $9 million from US citizens and making a deal with US intelligence agencies. In 2022, he created a special service for breaking into fraudulent call centers, using the website of a company founded in New York by the lawyer of Russian hackers Arkady Bukh. Izvestia's investigation is about how a veteran of post-Soviet cybercrime could turn into an ideologist of telephone scammers, ordered hacking of nuclear power plants, confessed to killing Russian servicemen and threatened to kill their children.
The media has a tradition of calling all criminals who use social engineering methods under the guise of bank, police or special services employees scammers. Last year, the material damage from them reached a gigantic sum of 200 billion rubles, and the number of Russians affected was 449 thousand. However, often the actions of scammers go beyond selfish motives and are classified as terrorist attacks, destruction of property or incitement to suicide.
In August 2023, 76-year-old Valery Ershov from the Leningrad Region committed suicide after, on instructions from unknown persons, he sold his apartment, transferred the proceeds to the perpetrators, and set fire to a military registration and enlistment office. In December 2024, 18-year-old MIPT student Petr Vetchinkin committed suicide after he was first swindled out of a loan and then persuaded to commit a terrorist attack. In February 2023, a 56-year-old woman from Zelenograd was convinced to give 2.6 million rubles and get tattoos with the words "VOR" and "GUR".
More than two-thirds of the arsons of military registration and enlistment offices and infrastructure facilities since the beginning of the SVO have been committed by victims of telephone scammers, and not by financially or ideologically motivated saboteurs, according to the content of sentences under the relevant articles of the Criminal Code. Their peak occurred in December 2024.
The reason for the fraudsters' aggressive behavior is well known - over 90% of such calls come from Ukraine, explained Deputy Chairman of the Board of Sberbank Stanislav Kuznetsov. "In total, we are recording 800-900 call centers throughout Ukraine", he said.
An important tool in the hands of fraudsters is leaks of personal data. Their diversity allows attackers to have not only basic information about victims (full name, contact information, age), but also to create detailed digital profiles of citizens, collecting data on marital status, income level, hobbies, purchasing patterns, as explained by the analytical agency InfoWatch.
"The more information about a person in fraudulent databases, the easier it is for attackers to formulate possible options for deceiving a person", experts state.
In 2024, Russia became a leader in the number of leaked data (457 million lines), according to the February report of the cybersecurity company F6 (former Group-IB). "As before, criminals posted most of the stolen databases in the public domain for free in order to cause the greatest damage to companies and their clients", the experts point out.
In 90% of cases, the providers of illegally obtained personal data of Russian citizens are Ukrainian hackers, Ashot Oganesyan, author of the Telegram channel “Information Leaks”, explained to Izvestia.
On November 8, 2024, CyberSec's announced the hacking of more than 30 thousand Russian corporate servers on the Bitrix platform. The attackers actively published the obtained databases in the BadB on the Base channel. From September to December, 22 databases of Russian citizens were published there.
F6 calls Shadow "a purely anti-Russian project": for more than a year of the group's existence, not a single attack has been detected outside the Russian Federation. In turn, the leader of CyberSec's, under the pseudonym BadB, has not only published data leaks from Russia since the beginning of 2022, but has also been actively engaged in political propaganda, the researchers specify.
As Izvestia has found out, BadB also maintains its own service for checking Russians for Ukrainian call centers and special services. Moreover, the cybercriminal admits to closely cooperating with them and calls for crimes against ordinary Russian citizens, including children. For example, he offered cryptocurrency rewards for attacks or reprisals against family members of long-range aviation pilots: "Don't be surprised if your gets their heads cut off or a sharp reprimand on the way home from school".
BadB recently reported adding databases of underage Russians to his service for call centers. He accompanied the publication with an appeal to scammers: "Work, brothers!"
"Our tool is primarily aimed at finding detailed information about an individual based on complex and often implicit criteria", BadB writes. For example, there is a function "beloved by call centers" that "allows you to select all men living, say, in Syktyvkar, aged 50 to 60, whose name is Vasily". The hacker encourages call centers to specifically attack residents of closed territorial entities and single-industry towns around defense enterprises and military facilities.
"We can find family members and connections between people. We can find personal data, correspondence, password hashes, we do not delete data from the databases that come to us. We do not delete data of Russians under any circumstances. We have developed an API and flexible tariffs for call centers. However, to work with the tool, you need to have sufficient knowledge and understanding of the logic of working with the database. We are open to cooperation and will adapt the tool to your needs", writes BadB.
He has repeatedly published ads for the purchase of access to internal information in Russian corporations and government agencies. And he claims that his service deliberately collects personal data of Russians in relation to financial information. "We will not limit ourselves to only Russian databases, but are ready to go further, provided that we identify Russian citizens", writes BadB.
He admits that he personally receives part of the funds from fraudulent schemes against Russian citizens or ransoms after hacks: "I will spend Russian money on the Armed Forces of Ukraine!"
BadB also provides assistance to the 93rd Mechanized Brigade "Kholodny Yar", which is considered an elite unit of the Ukrainian Armed Forces. In his blog, BadB expresses gratitude from the brigade's fighters to call center workers who "took an active part in the collection and donated significant amounts". In 2023, BadB claimed that during his visit to the contact line, he "had fun" "personally" participating in the murder of Russian soldiers.
"We continue to financially destroy, destabilize and demoralize the occupiers, while providing not only for ourselves, but also for those people who stand behind us. Everything as we love, in CyberSec's style. Who needs certificates, support, contact us", writes BadB and reminds about his service for call centers with "the most up-to-date databases".
BadB also offers help with software for drug dealers working in Russia.
Many of his former colleagues in the Russian-speaking hacker community, including those from Ukraine, harshly condemn BadB for his views and actions. He, in turn, speaks disdainfully of pro-Russian hackers. In his opinion, they have no choice because of the persecution of American intelligence agencies around the world. On the other hand, there are no guarantees against reprisals by Russian law enforcement agencies.
In response to his public pro-Russian position, he threatens persecution outside the Russian Federation, targeted attacks involving criminals, drones, and criminal cases using corrupt law enforcement officers.
BadB's real name is well known to domestic cybersecurity specialists. However, most of them are reluctant to comment on his activities: many know him personally.
The video was published by one of the creators of CarderPlanet, the largest forum for cybercriminals of the 2000s. The platform brought together several thousand people whose main income was stealing bank card data and then cashing it out. The backbone of the community was made up of people from the former Soviet Union and Eastern Europe. The key investor was future Verkhovna Rada deputy from the Petro Poroshenko Bloc Dmitry Golubov, and the site was designed by the future leader of the ruling Servant of the People faction David Arakhamia.
In March 2025, when Telegram deleted the CyberSec's channel for violating the platform's rules, BadB created a new one - with a characteristic cartoon character on the profile picture. Now, instead of a star on his ushanka, the unshaven hacker has a cockade with the symbol of the Bitcoin cryptocurrency. The channel's author does not hide the fact that he is the cybercrime veteran Vladislav Khorokhorin, known under the pseudonym BadB, the creator of that very cartoon for CarderPlanet. This is easy to verify.
An archive copy of the deleted CyberSec's channel is available on the TGStat service. The channel was created in February 2020 and is listed as an official account on the CyberSec.org website. This is the domain of the company of the same name, which describes itself as a team of former hackers. They united to legally earn money on data protection services "from leak prevention to immediate response to threats to your cybersecurity".
"Our company includes the famous lawyer Arkady Bukh, who, if necessary, will come to the rescue and provide advice on any legal issue", the description specifies.
The same section contains publications about CyberSec on the websites of the Russian version of Forbes, CNN and Fortune. From them it follows that the company was founded in 2015 by New York lawyer Arkady Bukh. In the 2010s, he earned a reputation as the leading defender of Russian hackers in US courts. Bukh became known as a master of making deals with US intelligence agencies. The harsh US justice system threatened those detained with long prison terms, but Bukh offered his clients minimal punishment in exchange for cooperation with various agencies.
Bukh announced the creation of CyberSec together with Igor Klopov and Dmitry Naskovets, convicted of cybercrimes. Khorokhorin became the third partner while still in an American prison. The CyberSec.org website is still listed on Bukh’s social networks as his current place of work.
The “Contacts” section on CyberSec.org lists Khorokhorin’s personal accounts, among others. He begins his autobiography with his own description from a 2018 interview: “A fantastic inadequate (the word has been replaced with a censored one. — Izvestia). Was, is, and will be”.
The 42-year-old citizen of Russia, Ukraine, and Israel was born in Donetsk. After the collapse of the Soviet Union, he lived first with his father in Vorkuta, then with his mother in Israel. In 2010, Khorokhorin was detained in Nice at the request of the United States as part of the investigation into CarderPlanet. At first, he resisted extradition, but eventually admitted his guilt and, as Khorokhorin later recalled, “gave up many, but not all”. After his release in 2017, the US authorities deported him to Israel.
In 2018, Khorokhorin returned to Russia to find independent work in the legal field, but ultimately decided to move to Ukraine. He describes his departure as follows: “I threw away the SIM card right after I left after a five-hour interrogation at the border, threw it away along with some spitting and swearing at the border guards”.
Until 2022, Khorokhorin willingly gave comments to Russian media about his research on the FSB and Gosuslugi websites. Now, his Telegram profile description includes the motto of the Main Intelligence Directorate of the Ministry of Defense of Ukraine: Sapiens dominabitur astris (“The wise rule the stars”). Since 2016, the GUR has used this phrase in defiance of the Russian military intelligence motto “Only the stars are above us”.
Arkady Bukh, contacted by Izvestia, said that he had no idea that his name was mentioned on the site that publishes the personal data of Russians for fraudsters. According to Bukh, his partnership with Khorokhorin ended several years ago. “He is no longer a partner in my company, and I am not a partner in his business”, Bukh said. “Khorokhorin turned out to be too creative for us, I would say. I sold him the Cybersec.org domain. Since then, we sometimes call each other, maybe once a year. I used it to place advertisements for my services for our potential clients on the relevant forums”.
Bukh also told Izvestia that he plans to purge his social media and website of any mention of Cybersec.org in order to avoid being associated with Khorokhorin’s company. Bukh declined to comment on the fate of his former client, citing attorney ethics.
When asked about his connections with American intelligence agencies, Bukh replied that he acts primarily in the interests of his clients and always offers them a choice of three options: “The first is to go to a jury and prove your innocence. We really like this option, because it is a lot of work for lawyers, but it will also cost the most - up to $ 1 million. The second is to admit guilt, but not to rat anyone out. After all, many gangsters believe that then there is a chance to get a discount. For example, not 50, but 15 years. The third option is to offer an interesting project to one of the agencies and get a minimum term, often already spent in prison before the trial”.
According to Bukh, a person can offer to create a service for laundering cryptocurrency in order to use it to identify drug dealers and sellers of child pornography: “I go to the agencies with this and offer: let's say the FBI is not interested, the CIA is not interested either, but the DEA is interested. Such deals are classified. The public record will show that the person simply admitted guilt and received a discount".
At the end of March, the State Duma adopted an extensive bill that introduces almost 30 new measures to combat telephone fraud. Among them are a ban on government agencies, banks and telecom operators using foreign messengers, mandatory labeling of calls with the display of the organization's name, a ban on the transfer of a telephone number to third parties and the ability to limit the issuance of cash in suspicious transactions.
According to Bukh, telephone fraudsters from Ukraine, if the phenomenon is so widespread, may become subjects of investigations by American intelligence agencies.
- Like any other. Where there are thousands of victims, there will always be US citizens or US companies, says Bukh, and this, according to him, is already grounds for American jurisdiction. - In Russia, there are also many people with US citizenship. One or two victims who complain to the authorities are enough, and then the entire scheme can be investigated.
In his opinion, the issue of prosecuting fraudsters can be raised at the level of political negotiations between Russia and the US. Usually, such agreements are concluded informally, and then expressed in non-public notes - internal documents of federal agencies that set a certain vector or priorities in investigations: terrorists from the Middle East, cybercrime from Eastern Europe, and so on. The Russian Ministry of Internal Affairs also has its own experience and capabilities for prosecution in other jurisdictions, Bukh believes.
Many cybersecurity experts in a conversation with Izvestia assured that Khorokhorin's influence on telephone fraud and hacker attacks is exaggerated by him due to his own vanity and desire to gain popularity in Ukraine.
— If Khorokhorin’s confessions about his cooperation with call centers are confirmed, this could become the basis for initiating criminal cases under articles on fraud and illegal data turnover, — believes Igor Beder, head of the Internet Search company.
Khorokhorin is not on the open list of people wanted by Russia on the website of the Ministry of Internal Affairs, as well as there are no mentions of his arrest in absentia in the court databases. However, in his channel, back in 2023, he claimed that he knew about searches in the apartments of people associated with him.
One of the key distributors of personal data of Russians in the interests of telephone scammers may be Ukrainian hacker Vladislav Khorokhorin, convicted of stealing $9 million from US citizens and making a deal with US intelligence agencies. In 2022, he created a special service for breaking into fraudulent call centers, using the website of a company founded in New York by the lawyer of Russian hackers Arkady Bukh. Izvestia's investigation is about how a veteran of post-Soviet cybercrime could turn into an ideologist of telephone scammers, ordered hacking of nuclear power plants, confessed to killing Russian servicemen and threatened to kill their children.
THIEF and GUR
"Couldn't you have come 10 minutes later? "There would be no such thing as your degenerate and home", said an unknown person over the phone to the father of an 11-year-old child who caught his son with a lighter in his hands in an apartment filled with gas. In June 2024, a resident of Severodvinsk, a city known primarily as the center for the construction of Russian nuclear submarines, contacted law enforcement agencies with such a story. Good ventilation in the apartment building saved him from a tragedy. The Investigative Committee opened a case of attempted murder of a minor in a socially dangerous way.The media has a tradition of calling all criminals who use social engineering methods under the guise of bank, police or special services employees scammers. Last year, the material damage from them reached a gigantic sum of 200 billion rubles, and the number of Russians affected was 449 thousand. However, often the actions of scammers go beyond selfish motives and are classified as terrorist attacks, destruction of property or incitement to suicide.
In August 2023, 76-year-old Valery Ershov from the Leningrad Region committed suicide after, on instructions from unknown persons, he sold his apartment, transferred the proceeds to the perpetrators, and set fire to a military registration and enlistment office. In December 2024, 18-year-old MIPT student Petr Vetchinkin committed suicide after he was first swindled out of a loan and then persuaded to commit a terrorist attack. In February 2023, a 56-year-old woman from Zelenograd was convinced to give 2.6 million rubles and get tattoos with the words "VOR" and "GUR".
More than two-thirds of the arsons of military registration and enlistment offices and infrastructure facilities since the beginning of the SVO have been committed by victims of telephone scammers, and not by financially or ideologically motivated saboteurs, according to the content of sentences under the relevant articles of the Criminal Code. Their peak occurred in December 2024.
The reason for the fraudsters' aggressive behavior is well known - over 90% of such calls come from Ukraine, explained Deputy Chairman of the Board of Sberbank Stanislav Kuznetsov. "In total, we are recording 800-900 call centers throughout Ukraine", he said.
An important tool in the hands of fraudsters is leaks of personal data. Their diversity allows attackers to have not only basic information about victims (full name, contact information, age), but also to create detailed digital profiles of citizens, collecting data on marital status, income level, hobbies, purchasing patterns, as explained by the analytical agency InfoWatch.
"The more information about a person in fraudulent databases, the easier it is for attackers to formulate possible options for deceiving a person", experts state.
In 2024, Russia became a leader in the number of leaked data (457 million lines), according to the February report of the cybersecurity company F6 (former Group-IB). "As before, criminals posted most of the stolen databases in the public domain for free in order to cause the greatest damage to companies and their clients", the experts point out.
In 90% of cases, the providers of illegally obtained personal data of Russian citizens are Ukrainian hackers, Ashot Oganesyan, author of the Telegram channel “Information Leaks”, explained to Izvestia.
"Spend Russian money on the Ukrainian Armed Forces"
Based on the results of 2024, F6 identified several hacker groups that are noticeable in the Russian personal data market. An important place among them is occupied by the hacktivist group CyberSec's and its leader, who goes by the pseudonym Badb. Their favorite tactic is publishing data on Russian companies and calling for further attacks through contractors, cybersecurity experts say.On November 8, 2024, CyberSec's announced the hacking of more than 30 thousand Russian corporate servers on the Bitrix platform. The attackers actively published the obtained databases in the BadB on the Base channel. From September to December, 22 databases of Russian citizens were published there.
F6 Research
The Shadow group (also known as Twelve, Comet, and DARKSTAR) is likely associated with CyberSec's, F6 believes. From February 2023 to July 2024, cybersecurity experts recorded 50 Russian companies attacked by Shadow. The ransom amounts announced by the hackers varied from 4.5 million to 320 million rubles, the average price was about 90 million rubles (in BTC or XMR).F6 calls Shadow "a purely anti-Russian project": for more than a year of the group's existence, not a single attack has been detected outside the Russian Federation. In turn, the leader of CyberSec's, under the pseudonym BadB, has not only published data leaks from Russia since the beginning of 2022, but has also been actively engaged in political propaganda, the researchers specify.
As Izvestia has found out, BadB also maintains its own service for checking Russians for Ukrainian call centers and special services. Moreover, the cybercriminal admits to closely cooperating with them and calls for crimes against ordinary Russian citizens, including children. For example, he offered cryptocurrency rewards for attacks or reprisals against family members of long-range aviation pilots: "Don't be surprised if your gets their heads cut off or a sharp reprimand on the way home from school".
BadB recently reported adding databases of underage Russians to his service for call centers. He accompanied the publication with an appeal to scammers: "Work, brothers!"
"Our tool is primarily aimed at finding detailed information about an individual based on complex and often implicit criteria", BadB writes. For example, there is a function "beloved by call centers" that "allows you to select all men living, say, in Syktyvkar, aged 50 to 60, whose name is Vasily". The hacker encourages call centers to specifically attack residents of closed territorial entities and single-industry towns around defense enterprises and military facilities.
"We can find family members and connections between people. We can find personal data, correspondence, password hashes, we do not delete data from the databases that come to us. We do not delete data of Russians under any circumstances. We have developed an API and flexible tariffs for call centers. However, to work with the tool, you need to have sufficient knowledge and understanding of the logic of working with the database. We are open to cooperation and will adapt the tool to your needs", writes BadB.
He has repeatedly published ads for the purchase of access to internal information in Russian corporations and government agencies. And he claims that his service deliberately collects personal data of Russians in relation to financial information. "We will not limit ourselves to only Russian databases, but are ready to go further, provided that we identify Russian citizens", writes BadB.
He admits that he personally receives part of the funds from fraudulent schemes against Russian citizens or ransoms after hacks: "I will spend Russian money on the Armed Forces of Ukraine!"
BadB also provides assistance to the 93rd Mechanized Brigade "Kholodny Yar", which is considered an elite unit of the Ukrainian Armed Forces. In his blog, BadB expresses gratitude from the brigade's fighters to call center workers who "took an active part in the collection and donated significant amounts". In 2023, BadB claimed that during his visit to the contact line, he "had fun" "personally" participating in the murder of Russian soldiers.
"We continue to financially destroy, destabilize and demoralize the occupiers, while providing not only for ourselves, but also for those people who stand behind us. Everything as we love, in CyberSec's style. Who needs certificates, support, contact us", writes BadB and reminds about his service for call centers with "the most up-to-date databases".
BadB also offers help with software for drug dealers working in Russia.
Many of his former colleagues in the Russian-speaking hacker community, including those from Ukraine, harshly condemn BadB for his views and actions. He, in turn, speaks disdainfully of pro-Russian hackers. In his opinion, they have no choice because of the persecution of American intelligence agencies around the world. On the other hand, there are no guarantees against reprisals by Russian law enforcement agencies.
In response to his public pro-Russian position, he threatens persecution outside the Russian Federation, targeted attacks involving criminals, drones, and criminal cases using corrupt law enforcement officers.
BadB's real name is well known to domestic cybersecurity specialists. However, most of them are reluctant to comment on his activities: many know him personally.
Fantastic cartoonist
You can still find an animated video about Russian carders created in the early 2000s to the track "Bobi-Boba" with incoherent lyrics imitating foreign speech on the Internet. The composition gained popularity thanks to the patriotic TV series "Spetsnaz". In the video, a grotesque character - in a striped shirt and a fur hat with a red star - establishes connections from cold Russia with his colleague in sunny Italy. A Russian hacker sends stolen bank card data to an Italian, who stamps counterfeit credit cards and uses them. While the accomplices are happy with their cushy earnings, somewhere overseas, US citizens are fainting, discovering zero balances on their accounts. In the end, then-US President George Bush finds nothing better to do than commit suicide right in the Oval Office.The video was published by one of the creators of CarderPlanet, the largest forum for cybercriminals of the 2000s. The platform brought together several thousand people whose main income was stealing bank card data and then cashing it out. The backbone of the community was made up of people from the former Soviet Union and Eastern Europe. The key investor was future Verkhovna Rada deputy from the Petro Poroshenko Bloc Dmitry Golubov, and the site was designed by the future leader of the ruling Servant of the People faction David Arakhamia.
In March 2025, when Telegram deleted the CyberSec's channel for violating the platform's rules, BadB created a new one - with a characteristic cartoon character on the profile picture. Now, instead of a star on his ushanka, the unshaven hacker has a cockade with the symbol of the Bitcoin cryptocurrency. The channel's author does not hide the fact that he is the cybercrime veteran Vladislav Khorokhorin, known under the pseudonym BadB, the creator of that very cartoon for CarderPlanet. This is easy to verify.
An archive copy of the deleted CyberSec's channel is available on the TGStat service. The channel was created in February 2020 and is listed as an official account on the CyberSec.org website. This is the domain of the company of the same name, which describes itself as a team of former hackers. They united to legally earn money on data protection services "from leak prevention to immediate response to threats to your cybersecurity".
"Our company includes the famous lawyer Arkady Bukh, who, if necessary, will come to the rescue and provide advice on any legal issue", the description specifies.
The same section contains publications about CyberSec on the websites of the Russian version of Forbes, CNN and Fortune. From them it follows that the company was founded in 2015 by New York lawyer Arkady Bukh. In the 2010s, he earned a reputation as the leading defender of Russian hackers in US courts. Bukh became known as a master of making deals with US intelligence agencies. The harsh US justice system threatened those detained with long prison terms, but Bukh offered his clients minimal punishment in exchange for cooperation with various agencies.
Bukh announced the creation of CyberSec together with Igor Klopov and Dmitry Naskovets, convicted of cybercrimes. Khorokhorin became the third partner while still in an American prison. The CyberSec.org website is still listed on Bukh’s social networks as his current place of work.
The “Contacts” section on CyberSec.org lists Khorokhorin’s personal accounts, among others. He begins his autobiography with his own description from a 2018 interview: “A fantastic inadequate (the word has been replaced with a censored one. — Izvestia). Was, is, and will be”.
The 42-year-old citizen of Russia, Ukraine, and Israel was born in Donetsk. After the collapse of the Soviet Union, he lived first with his father in Vorkuta, then with his mother in Israel. In 2010, Khorokhorin was detained in Nice at the request of the United States as part of the investigation into CarderPlanet. At first, he resisted extradition, but eventually admitted his guilt and, as Khorokhorin later recalled, “gave up many, but not all”. After his release in 2017, the US authorities deported him to Israel.
In 2018, Khorokhorin returned to Russia to find independent work in the legal field, but ultimately decided to move to Ukraine. He describes his departure as follows: “I threw away the SIM card right after I left after a five-hour interrogation at the border, threw it away along with some spitting and swearing at the border guards”.
Until 2022, Khorokhorin willingly gave comments to Russian media about his research on the FSB and Gosuslugi websites. Now, his Telegram profile description includes the motto of the Main Intelligence Directorate of the Ministry of Defense of Ukraine: Sapiens dominabitur astris (“The wise rule the stars”). Since 2016, the GUR has used this phrase in defiance of the Russian military intelligence motto “Only the stars are above us”.
Arkady Bukh, contacted by Izvestia, said that he had no idea that his name was mentioned on the site that publishes the personal data of Russians for fraudsters. According to Bukh, his partnership with Khorokhorin ended several years ago. “He is no longer a partner in my company, and I am not a partner in his business”, Bukh said. “Khorokhorin turned out to be too creative for us, I would say. I sold him the Cybersec.org domain. Since then, we sometimes call each other, maybe once a year. I used it to place advertisements for my services for our potential clients on the relevant forums”.
Bukh also told Izvestia that he plans to purge his social media and website of any mention of Cybersec.org in order to avoid being associated with Khorokhorin’s company. Bukh declined to comment on the fate of his former client, citing attorney ethics.
When asked about his connections with American intelligence agencies, Bukh replied that he acts primarily in the interests of his clients and always offers them a choice of three options: “The first is to go to a jury and prove your innocence. We really like this option, because it is a lot of work for lawyers, but it will also cost the most - up to $ 1 million. The second is to admit guilt, but not to rat anyone out. After all, many gangsters believe that then there is a chance to get a discount. For example, not 50, but 15 years. The third option is to offer an interesting project to one of the agencies and get a minimum term, often already spent in prison before the trial”.
According to Bukh, a person can offer to create a service for laundering cryptocurrency in order to use it to identify drug dealers and sellers of child pornography: “I go to the agencies with this and offer: let's say the FBI is not interested, the CIA is not interested either, but the DEA is interested. Such deals are classified. The public record will show that the person simply admitted guilt and received a discount".
Even the US can persecute
In March, Russian President Vladimir Putin held a special meeting with the government, the main topic of which was comprehensive measures to combat telephone and Internet fraud. "The damage to citizens, and therefore to the state, from telephone and Internet fraudsters has reached simply unacceptable proportions, very large. Therefore, we need to act quickly", Vladimir Putin urged.At the end of March, the State Duma adopted an extensive bill that introduces almost 30 new measures to combat telephone fraud. Among them are a ban on government agencies, banks and telecom operators using foreign messengers, mandatory labeling of calls with the display of the organization's name, a ban on the transfer of a telephone number to third parties and the ability to limit the issuance of cash in suspicious transactions.
According to Bukh, telephone fraudsters from Ukraine, if the phenomenon is so widespread, may become subjects of investigations by American intelligence agencies.
- Like any other. Where there are thousands of victims, there will always be US citizens or US companies, says Bukh, and this, according to him, is already grounds for American jurisdiction. - In Russia, there are also many people with US citizenship. One or two victims who complain to the authorities are enough, and then the entire scheme can be investigated.
In his opinion, the issue of prosecuting fraudsters can be raised at the level of political negotiations between Russia and the US. Usually, such agreements are concluded informally, and then expressed in non-public notes - internal documents of federal agencies that set a certain vector or priorities in investigations: terrorists from the Middle East, cybercrime from Eastern Europe, and so on. The Russian Ministry of Internal Affairs also has its own experience and capabilities for prosecution in other jurisdictions, Bukh believes.
Many cybersecurity experts in a conversation with Izvestia assured that Khorokhorin's influence on telephone fraud and hacker attacks is exaggerated by him due to his own vanity and desire to gain popularity in Ukraine.
— If Khorokhorin’s confessions about his cooperation with call centers are confirmed, this could become the basis for initiating criminal cases under articles on fraud and illegal data turnover, — believes Igor Beder, head of the Internet Search company.
Khorokhorin is not on the open list of people wanted by Russia on the website of the Ministry of Internal Affairs, as well as there are no mentions of his arrest in absentia in the court databases. However, in his channel, back in 2023, he claimed that he knew about searches in the apartments of people associated with him.