Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
Behind the hosting service Spamdot, which was one of the leaders in its segment in 2005-2013, are two Russians from Cherepovets. But if the story of one of them is well known, the second remained a mystery to the general public, although American justice has known everything for at least several years. Cybersecurity journalist Brian Krebs managed to link a nickname on Spamdot with a specific first and last name.
He recalled that the forum was led by users of Icamis and Salomon. The site has become home to the owners of many of the botnets that Krebs calls “the most disgusting in the world,” as well as malware distributors such as Rustock, Cutwail, Mega-D, Festi, Waledac and Grum. The founders of the resource also took an active part in infections through spamming and constantly collected passwords and other data from victims’ devices. They were subsequently used to attack individuals and legal entities in the United States.
Salomon's identity was established without much difficulty. After checking the email address he used on Spamdot with the databases of leak tracking services, first the American security forces, and then Krebs, found a resident of Cherepovets, Alexander Grichushkin. For him, his own indiscretion in cyberspace had disastrous consequences: he was arrested in 2020 outside of Russia and stood trial on charges of creating, with the participation of three accomplices, a cybercriminal infrastructure that was used to attack companies and citizens in the United States.
Grichushkin made a deal with the investigation, admitted guilt and received only four years, which expire on February 8, 2024. Now he is only 36 years old, while his wife and children live permanently in Thailand.
As Krebs managed to find out, among the three accomplices that American investigators knew about and were even able to arrest, along with citizens of Estonia and Lithuania, was Icamis. His first mistake was using Cherepovets IP addresses. The second is the love for the names Icamis, Andrew Artz and Andrew Hertz when registering various services and mailboxes, as well as indicating WMPay as the account owner. In particular, a user with the nickname icamis.ru (the domain was registered with Andrew Artz) in 2003 left a comment on the forum of the Cherepovets general education lyceum AMTEC, which is still posted online. On the same site it is mentioned that photographs of graduates for 2004 can be found on the portal 41.wmpay.com.
It was not possible to index the photographs, but the names of 16 students were preserved. An entry about one of them, according to the Wayback Machine, was at some point deleted by the resource administrator, who turned out to be the man he was looking for, Andrey Skvortsov. He stood trial in the Grichushkin case, was convicted, but was eventually deported from the United States. His further whereabouts are unknown.
He recalled that the forum was led by users of Icamis and Salomon. The site has become home to the owners of many of the botnets that Krebs calls “the most disgusting in the world,” as well as malware distributors such as Rustock, Cutwail, Mega-D, Festi, Waledac and Grum. The founders of the resource also took an active part in infections through spamming and constantly collected passwords and other data from victims’ devices. They were subsequently used to attack individuals and legal entities in the United States.
Salomon's identity was established without much difficulty. After checking the email address he used on Spamdot with the databases of leak tracking services, first the American security forces, and then Krebs, found a resident of Cherepovets, Alexander Grichushkin. For him, his own indiscretion in cyberspace had disastrous consequences: he was arrested in 2020 outside of Russia and stood trial on charges of creating, with the participation of three accomplices, a cybercriminal infrastructure that was used to attack companies and citizens in the United States.
Grichushkin made a deal with the investigation, admitted guilt and received only four years, which expire on February 8, 2024. Now he is only 36 years old, while his wife and children live permanently in Thailand.
As Krebs managed to find out, among the three accomplices that American investigators knew about and were even able to arrest, along with citizens of Estonia and Lithuania, was Icamis. His first mistake was using Cherepovets IP addresses. The second is the love for the names Icamis, Andrew Artz and Andrew Hertz when registering various services and mailboxes, as well as indicating WMPay as the account owner. In particular, a user with the nickname icamis.ru (the domain was registered with Andrew Artz) in 2003 left a comment on the forum of the Cherepovets general education lyceum AMTEC, which is still posted online. On the same site it is mentioned that photographs of graduates for 2004 can be found on the portal 41.wmpay.com.
It was not possible to index the photographs, but the names of 16 students were preserved. An entry about one of them, according to the Wayback Machine, was at some point deleted by the resource administrator, who turned out to be the man he was looking for, Andrey Skvortsov. He stood trial in the Grichushkin case, was convicted, but was eventually deported from the United States. His further whereabouts are unknown.
