Latvian programmer who designed program linked to Target data breach gets 14 years in prison

Latvian programmer who designed program linked to Target data breach gets 14 years in prison
Top Stories
ALEXANDRIA, Va. — A Latvian computer programmer was sentenced to 14 years in prison for designing a program that helped hackers improve malware — including some used in the 2013 Target breach.

Ruslan Bondars, a 37-year-old Latvian citizen, was found guilty at a May trial in Alexandria federal court, during which a co-conspirator revealed the pair had worked with Russian law enforcement.

Hackers used their “Scan4You” program to see if anti-virus programs would identify their software as malicious; it could be adapted into malware kits sold to cybercriminals. Bondars argued there are legal uses for the product and he was not responsible for when it was used illegally.

“Our position protects all online businesses; all online businesses have legitimate and illegitimate users,” defense attorney Jessica Carmichael said in court Friday.

“It’s an interesting theory,” Judge Liam O’Grady responded, but not one that applies in criminal cases. He told Bondars, “There’s zero chance that you didn’t know the harm being done by the malware hackers used your service to perfect.”

Prosecutors said it is common and perfectly legal to hold software developers liable for creating products that could be used for good as well as ill.

I feel ashamed that some of the website users used it for such terrible things

“The defendant apparently thinks he is unique in being charged for creating and selling a computer product that had theoretical lawful uses. He is not. Malware often has theoretical lawful uses,” Assistant U.S. Attorney Kellen Dwyer wrote in his sentencing argument.

One Scan4You user was behind the 2013 theft of credit card information from about 40 million of Target customers.

“I feel ashamed that some of the website users used it for such terrible things,” Bondars told the court in halting English Friday.

But Bondars argued in court filings that the service had little to do with the massive data breach, which cost the retailer hundreds of millions of dollars. He emphasized the malware was also run through a mainstream virus-detection service and that Target’s own security system saw the breach but it was ignored. Bondars’s product was not actually used to help get into Target’s system or steal the information, according to court testimony. An expert from Verizon who helped investigate the hack said the files tested in Scan4You were likely used to figure out where payment information was stored.

Cybersecurity experts have said the hacker, identified in court as “Profile 958,” is likely a Ukrainian named Andrey Hodirevski.

Target is demanding restitution from Bondars; an amount has yet to be decided.

While Bondars was never charged with direct involvement in any hacking and made little money from Scan4You, court documents show he had used malware to rob people and to trick people into buying anti-virus services they did not need.

Services like Scan4You remain easy to find online; prosecutors say it was an “innovation” in malware that has inspired copycats.

“At the beginning Scan4You was so small,” Bondars said Friday. “It got much bigger very quickly; it happened so fast.”

It starts with lobsters. You have to understand about the lobsters

A compelling argument can be made that the rightful king of Canadian eats is an apple — which is why Nancy McIntosh gets depressed whenever she drives past where it ...
Read more on National Post
News Topics :
In what appears to be the first successful hack of a software program using DNA, researchers say malware they incorporated into a genetic molecule allowed them to take control of a...
Top Stories
Tech savvy iPhone users who jailbreak their phones to add new features could be putting their personal information at risk, after a recent data breach revealed the iOS devices are not...
Top Stories
In the last couple of years, we have seen a huge influx in the number of hackers targeting smartphones, says a security expert with Kaspersky Labs. Phishing scam emails, texts...
EBay Inc said that hackers raided its network three months ago, accessing some 145 million user records in what is poised to go down as one of the biggest data...
Computer malware can often evade antivirus security software if the author changes a few lines of code or designs the program to automatically mutate before each new infection. Artificial neural...