Latvian programmer who designed program linked to Target data breach gets 14 years in prison
|National Post 22 Sep 2018 at 09:30|
ALEXANDRIA, Va. ‚ÄĒ A Latvian computer programmer was sentenced to 14 years in prison for designing a program that helped hackers improve malware ‚ÄĒ including some used in the 2013 Target breach.
Ruslan Bondars, a 37-year-old Latvian citizen, was found guilty at a May trial in Alexandria federal court, during which a co-conspirator revealed the pair had worked with Russian law enforcement.
Hackers used their ‚ÄúScan4You‚ÄĚ program to see if anti-virus programs would identify their software as malicious; it could be adapted into malware kits sold to cybercriminals. Bondars argued there are legal uses for the product and he was not responsible for when it was used illegally.
‚ÄúOur position protects all online businesses; all online businesses have legitimate and illegitimate users,‚ÄĚ defense attorney Jessica Carmichael said in court Friday.
‚ÄúIt‚Äôs an interesting theory,‚ÄĚ Judge Liam O‚ÄôGrady responded, but not one that applies in criminal cases. He told Bondars, ‚ÄúThere‚Äôs zero chance that you didn‚Äôt know the harm being done by the malware hackers used your service to perfect.‚ÄĚ
Prosecutors said it is common and perfectly legal to hold software developers liable for creating products that could be used for good as well as ill.
I feel ashamed that some of the website users used it for such terrible things
‚ÄúThe defendant apparently thinks he is unique in being charged for creating and selling a computer product that had theoretical lawful uses. He is not. Malware often has theoretical lawful uses,‚ÄĚ Assistant U.S. Attorney Kellen Dwyer wrote in his sentencing argument.
One Scan4You user was behind the 2013 theft of credit card information from about 40 million of Target customers.
‚ÄúI feel ashamed that some of the website users used it for such terrible things,‚ÄĚ Bondars told the court in halting English Friday.
But Bondars argued in court filings that the service had little to do with the massive data breach, which cost the retailer hundreds of millions of dollars. He emphasized the malware was also run through a mainstream virus-detection service and that Target‚Äôs own security system saw the breach but it was ignored. Bondars‚Äôs product was not actually used to help get into Target‚Äôs system or steal the information, according to court testimony. An expert from Verizon who helped investigate the hack said the files tested in Scan4You were likely used to figure out where payment information was stored.
Cybersecurity experts have said the hacker, identified in court as ‚ÄúProfile 958,‚ÄĚ is likely a Ukrainian named Andrey Hodirevski.
Target is demanding restitution from Bondars; an amount has yet to be decided.
While Bondars was never charged with direct involvement in any hacking and made little money from Scan4You, court documents show he had used malware to rob people and to trick people into buying anti-virus services they did not need.
Services like Scan4You remain easy to find online; prosecutors say it was an ‚Äúinnovation‚ÄĚ in malware that has inspired copycats.
‚ÄúAt the beginning Scan4You was so small,‚ÄĚ Bondars said Friday. ‚ÄúIt got much bigger very quickly; it happened so fast.‚ÄĚ
It starts with lobsters. You have to understand about the lobsters
A compelling argument can be made that the rightful king of Canadian eats is an apple ‚ÄĒ which is why Nancy McIntosh gets depressed whenever she drives past where it ...