Spam Nation (19 page)

Read Spam Nation Online

Authors: Brian Krebs

Tags: #Political Science, #Security (National & International), #Business & Economics, #Industries, #Computers & Information Technology, #Pharmaceutical & Biotechnology

BOOK: Spam Nation
13.09Mb size Format: txt, pdf, ePub

Gusev believes Vrublevsky’s lust for power and the desire to be associated with anyone who had it blinded his former business partner to what lay ahead. Zhilenkov used his sway as a 50 percent shareholder in the company to take control of the day-to-day management of Fethard. And that gave Zhilenkov direct access to all the Fethard affiliate accounts.

On September 12, 2007, Vrublevsky was sucker-punched twice. The first blow was learning that virtually all of the funds in the Fethard accounts had been drained and funneled to various banks offshore. The second was discovering that Russian police had opened a criminal investigation into him and Fethard, calling it an illegal banking system.

“Pavel either didn’t see or didn’t worry about that side of Zhilenkov, because he was strutting around like a turkey cock and boasting about getting such a bigwig as his new partner, and all of the connections and power it would bring him,” Gusev said in an interview with this author.

The raid against Fethard was an important event because Vrublevsky became convinced it was orchestrated by Gusev. (Gusev vehemently denies he had anything to do with it—a claim I’ve come to believe.) Determined to strike back at his perceived aggressor, Vrublevsky began scheming with the aforementioned cofounder of Rx-Promotion—Yuri “Hellman” Kabayenkov—to get a criminal investigation into Gusev started.

“Zhilenkov was the originator of this case,” Gusev said. “It was a warning from Zhilenkov to Pavel not to try to get the money back.
Zhilenkov made it very clear that if Pavel intended to try to get the money back that was stolen from Fethard, he will have even more problems, and the criminal case would move forward. But all along, Pavel has wrongly suspected that I was somehow involved in this.”

It’s not hard to see why. In many ways, Gusev and Vrublevsky could not be more different. Gusev is thoughtful, erudite, deliberate, self-deprecating, and miserly. In contrast, Vrublevsky is vulgar, impulsive, loquacious, self-aggrandizing, and a spendthrift. Gusev is a self-described “golden boy” who grew up in a wealthy family—his grandfather was a minister of construction and building in the former Soviet Union—and he received a classical education at one of Russia’s top schools. Vrublevsky, who looks at least ten years older than his real age—in his midthirties—had a bit less sheltered upbringing and was tossed out of several schools as a young man.

Gusev said he got his start in the Internet industry in 1998, when a local businessman hired him to create a website for a sports memorabilia business. Gusev learned as much as he could about HTML and web programming, and earned two hundred dollars for his efforts. Not long after that, he decided he could make much more money in the porn business, so he hired a programmer to help him make software that collects lists of top porn sites used in so-called “circle jerk” operations.

“CJs, as they’re called, are a kind of system in which different sites hosting many porn images redirect viewers who click on an image from one site to another,” Gusev said. “The idea behind the CJ is that you are redirected so many times that finally you are so tired of looking for the content that you actually click on one of the sponsor ads and purchase a subscription. It is a system designed to wear people down, and it worked quite well, at least for a while. But I can tell you this much: this was a trick first tried in the United States. It was not invented in Russia!”

Gusev and Vrublevsky first met as a consequence of their common
links to pornography of the rather extreme variety. In 1998, Gusev was administrator of a Russian online forum that catered to webmasters who marketed films and images involving bestiality and sex with farm animals. Vrublevsky’s market, which he served through his Red & Partners holding company, were those who enjoyed viewing violent pornography, mainly pictures and short films depicting rape or other forms of forced sex, incest, and sodomy.
14

Gusev was able to profit from the business because he owned a credit-card billing firm called Digital Internet Billing, or “DiBill” for short. The billing firm relied on connections to the Dutch banking system, where, according to Gusev, a sizeable portion of the market for his company’s product happily resided.

One day, Gusev received an instant message from Vrublevsky, asking to meet and to discuss combining their efforts and creating a consolidated payment processing company to service the booming porn industry that had sprouted up virtually overnight with the broad adoption of the commercial Internet in the West.

“We spoke several times in Moscow, and he was seeming so enthusiastic and so motivated about this new business, ChronoPay, and he offered me to join him,” Gusev said. “I thought for this time it could be a very good step in my career. I wish I had been a bit smarter and refused his proposal.”

In 2003, they made it official. Red & Partners teamed up with Gusev’s firm DPNet to form a new corporation in the Netherlands, and ChronoPay was born. Among the investors was Vladimir Tsastsin, the chief executive of an Estonian Internet domain name registrar called EstDomains. Tsastsin and Vrublevsky would become fast friends, and for the next five years, Tsastsin’s EstDomains would become the most
popular domain registrar among Russian webmasters (particularly those pushing spam and malware).
15

For a short while, Gusev and Vrublevsky worked side by side in the same office. But after less than a year, both men were bickering constantly about the direction that the firm should take. After a protracted disagreement over who should be allowed to buy Gusev’s shares in ChronoPay, Gusev sold DPNet to a Russian businessman named Leonid Mikhailovich Terekhov and went off to start work on establishing GlavMed and SpamIt.

“We were sitting in one office just opposite each other, and I guess because of this we should be considered some kind of friends or business partners,” Gusev said in a 2011 interview. “But it worked only for [the] first five or six months. After that, we started having some problems communicating with each other. The problem was that I wasn’t supporting his decisions and he wasn’t supporting my decisions.”

Meanwhile, something strange was brewing at ChronoPay. The company had begun to attract legitimate businesses—not just porn sites, but brand-name companies in Russia that were eager to help customers find alternative ways to pay for their goods. Few working-class Russians used or even had credit cards at the time, and while there was a growing desire for ecommerce, surprisingly few companies doing business in Russia were willing and able to help consumers use their bank accounts to pay for things online.

By 2006, ChronoPay had attracted as clients a number of Russia’s top brands, including Russian mobile providers MTS and Skylink, and even more Western-oriented nonprofit organizations, such as the World Wildlife Fund. Millions of Russians could suddenly pay their heating or telephone bills online, or purchase concert and airline tickets, all via ChronoPay.

In securing these bigger, legitimate clients, Vrublevsky may have been ensuring that black and gray businesses would have sustained access to banking systems that would be willing to process riskier transactions, such as online pharmacy purchases and credit card transactions related to extortionist sales of rogue antivirus software, Gusev said.

“The main reason ChronoPay was so successful for so long in all of these gray and black businesses is that they have had a pool of white clients whose business was covering up these gray and black dealings,” Gusev said. “They were using that to win better processing rates from the [acquiring banks], because they would say, ‘We’ll bring you millions of dollars in transactions from some of the largest Russian companies, and all you have to do is help us process these other things.’”

Stefan Savage, the University of California, San Diego professor who made hundreds of legal drug purchases through pharmacies run by GlavMed, Rx-Promotion, and dozens of other partnerkas said ChronoPay wasn’t really a credit card processor, but rather a marketer and reseller of payment services (known in the business as a payment service provider or PSP).

“They didn’t have their own bank relationships, but they worked with other companies that had that relationship. They had lots of deals with other people to help get money through,” Savage said. “They were representing on behalf of clients, fake clients who were selling drugs via different banks, and they would round-robin their Rx-Promotion business through front companies that they created. And later, when the banks would figure out what was going on, ChronoPay would deny all knowledge of what its front companies were doing.”

In other words, ChronoPay and Vrublevsky were instrumental in establishing the organizational, legal, and technical cover that spammers needed to be able to accept credit card numbers for the pills they were pimping. ChronoPay and Vrublevsky also used these same obfuscation techniques to hide their integral role in the processing of tens of millions of dollars in credit card payments from Americans and Europeans who were victimized by scareware scams. As we’ll see in Chapter 9:
Meeting in Moscow
, Vrublevsky claims that his relation to scareware scams was merely as an advisor who helped these operations set up the front companies and payment systems to help make the whole operation appear aboveboard to the credit card companies.

According to Savage, the service that ChronoPay provided is known in the industry as “factoring.” The company would take multiple clients, load them up with credit card processing, and then map their transactions into accounts on behalf of shell companies that they had, companies that they’d represented to the banks as being the true customer. And then Vrublevsky and other ChronoPay employees involved would simply pay these clients out of their own pockets.

In short, dodgy organizations turned to ChronoPay primarily when they had few other options.

“They were willing to take on and manage all of these really shady customers that were not going to be taken as customers by anyone else,” Savage said. “There were lots of games being played with several banking partners, and ChronoPay was very good at playing these games.”

Those partnerships—principally with financial institutions in the former Soviet republics of Azerbaijan, Georgia, and Latvia—were the primary contributor to ChronoPay’s dominance in processing transactions for rogue Internet pharmacies and scareware scams behind the company’s legitimate front. Thankfully for Vrublevsky and Gusev, this activity was largely eclipsed for a while by the much higher volumes of transactions coming from comparatively legitimate Russian companies.

“ChronoPay is a unique company from one point of view, because it is famous in Russia for [its association with] big-name brands in that country,” Gusev said in a 2010 interview. “But everyone knows who is the owner of the company and what he did before this company and what he does right now.”

♦    ♦    ♦

Two years after Vrublevsky and Gusev parted ways as cofounders of ChronoPay, Gusev had become successful in his own right. GlavMed and SpamIt were pulling in millions of dollars a month and employing some of the smartest computer programmers that Moscow had to offer.

Not to be outdone by his rival, in 2007, Vrublevsky and Hellman would launch Rx-Promotion, seeking to lure away many of the top spammers from SpamIt. Rx-Promotion was entering an already crowded field including some two dozen other rogue pharmacy partnerkas. But from the start, Rx-Promotion would have an advantage over its competitors. It would specialize in offering highly restricted and addictive prescription medications—such as hydrocodone and Valium—to any and all customers, regardless of whether the customers had a doctor-approved prescription.

Gusev said GlavMed initially offered controlled medications as well, but that it decided early on that the market for these pills was too volatile and risky.

“When GlavMed started operations in 2006, there were some controlled substances, but we didn’t understand what we were getting into then,” Gusev said. “A couple of years later, we made some strategic decisions not to have any connection to controlleds. After all, there is not serious damage for health if you are selling Viagra. But controlleds…if you selling these over the Internet, you are most often selling to drug-addicted people. And honestly, I don’t want to be some kind of drug dealer.”

Gusev’s timeline doesn’t quite match up to the records leaked from SpamIt and GlavMed, which show that these two partnerkas continued to sell some controlled prescription drugs until at least mid-2009.

♦    ♦    ♦

All indications suggest that—despite Vrublevsky’s early warning of the political and legal machinations set against him—Gusev underestimated his former partner’s resolve, or else could not find properly connected allies in Russia’s political and legal apparatus to derail the slowly building criminal case targeting him and his businesses. For one thing, Gusev did not start taking precautions to outflank Vrublevsky until the beginning of 2010, when he finally accepted that he was under investigation by Russian FSB agents, and that investigators were seeking to paint him as “Spammer #1 in Russia.”

The case against Gusev coincided with a push by Russia’s then-President Dmitry Medvedev to attract foreign investment for “Skolkovo.” The project was an ambitious technology park being built outside Moscow that is intended to serve as a Russian version of Silicon Valley, America’s biggest incubator of high-tech innovation. The Skolkovo project gained momentum in March 2010, after Internet hardware maker Cisco Systems Inc. pledged $1 billion to the project, and Silicon Valley venture capital firm Bessemer Venture Partners promised investments worth $20 million over two years.

But Medvedev and other leaders knew that if they were going to succeed in attracting more investment from Western nations, they would need to tidy up Russia’s reputation for being lax in pursuing cybercriminals within its borders. Gusev was the perfect sacrificial goat to start with. He was to be the first high-profile cybercrime target of the National Anti-Corruption Committee, a body aimed at helping state agencies and ministries cleanse themselves of corrupt officials who often turned a blind eye to crime in exchange for bribes or “donations.”

Other books

Tracks of Her Tears by Melinda Leigh
The Corner by Shaine Lake
Cum For Bigfoot 10 by Virginia Wade
Lady Rosabella's Ruse by Ann Lethbridge
Gib Rides Home by Zilpha Keatley Snyder