ONE OF THE RUSSIAN MEN behind the Citadel malware has been jailed for five years in the US.
Mark Vartanyan, who had been living in Norway when he was apprehended, was extradited to the US in December 2016 to face charges. He had pleaded guilty and, according to prosecutors, had cooperated "from the start" with law enforcement authorities.
Also known as 'Kolypto', he pleaded guilty to conspiracy to commit computer fraud and therefore avoided the risk of a 25-year prison sentence. He was also given two years 'credit' for the time he spent on remand in Norway while awaiting extradition.
In Norway, Vartanyan was working as the chief technical officer of an e-healthcare company called Dignio.
The Citadel malware was a widely distributed credential-stealing malware package based upon the Zeus Trojan horse malware package. The source code for Zeus, which included features for disabling anti-virus software in order to evade detection, was leaked in 2011 and widely used as the basis for a string of different malware packages.
Vartanyan took the Zeus source code and made a number of ‘improvements' to it, working with fellow Russian Dimitry Belorossov, also known as ‘RainerFox', who was sentenced to four-and-a-half years on similar charges in September 2015. He had been arrested while holidaying in Spain.
Citadel became one of the most widely used variants of Zeus due to the ‘malware-as-a-service' model used to propagate the malware and to make money.
The pair made Citadel available for hire to third parties on an invitation-only, Russian language crime forum on the so-called ‘dark web', making it an early example of malware-as-a-service. That sales model may also, however, have enabled US law enforcement to track down and identify the pair behind Citadel.
The US government described Citadel as "one of the most advanced crimeware tools available in the underground market", and claimed that it had infected about 11 million PCs worldwide, causing losses of more than $500 million.
Prosecutor Steven Grimberg told the judge that Vartanyan had shown remorse and cooperated with the government, a factor behind the unusually low jail sentence for a crime of this type. µ
C3-PO, R2-D2, BB-8 and other Androids
Helpful cyber vigilante gets short changed by customer services
...you know, now it's less confusing...
Firm will no longer provide updates for its first Android mobe