Spam Nation (20 page)

Read Spam Nation Online

Authors: Brian Krebs

Tags: #Political Science, #Security (National & International), #Business & Economics, #Industries, #Computers & Information Technology, #Pharmaceutical & Biotechnology

BOOK: Spam Nation
8.16Mb size Format: txt, pdf, ePub

As if to validate the anti-corruption committee’s choice, Gusev’s first response to counter the criminal case being aggressively waged against him was to attempt to bribe public officials into delaying his case, feeding him details about its progress, and running interference on his behalf.

On January 9, 2010, Gusev reached out to GlavMed-SpamIt coadministrator Dmitry Stupin, via online chat to discuss options for avoiding or delaying his prosecution. Gusev told Stupin that he might be able to purchase protection from the charges by funneling money to key Russian politicians who have influence over investigators.

Specifically, Gusev suggested purchasing a sponsorship of the Volleyball Federation of Russia. The price tag for this is an official sponsorship fee of 10 million rubles (about $350,000), plus $150,000 in cash. The official head of the federation, Nikolai Patrushev, is a powerful man in Russian law enforcement. Patrushev was director of the Russian FSB, the successor organization to the KGB, from 1999 to 2008. He has been secretary of the Security Council of Russia since 2008.

According to Gusev, it is typical for Russian sport leagues and charities to be used as vehicles for funneling money into the pockets of policymakers.

“In Russia, sports is not really a business. It’s a way of getting business settled,” Gusev said in a telephone interview. “I have one friend who is a pretty famous hockey player. One time he told me that in [the] hockey league, there are only two teams who might earn something, while the other teams have only losses. Sport in Russia is some kind of…from one point of view one can meet some new faces and start some relationship for the future, and from other point of view you can get some kind of protection. That’s because all leagues—basketball, football, hockey, whatever—all have persons from the government who are somehow controlling them.”

The phenomenon Gusev describes is well documented. One example comes from a book by Lennart Dahlgren, former head of the Russian division of Swedish furniture maker IKEA. In
Despite
Absurdity: How
I Conquered Russia While It Conquered Me
, Dahlgren writes of having to pay bribes of 30 million rubles ($1 million) to Russian charities that helped funnel money to bureaucrats and top officials.

In May 2011, Gusev told me in a telephone interview that he was a paid sponsor of the Russian volleyball league, hoping to persuade someone to stop the criminal case against him. Gusev was convinced, and other leaked documents appear to confirm his suspicions, that law-enforcement interest in his activities was paid for by Pavel Vrublevsky, his former business partner turned competitor.

Indeed, in late 2010, Vrublevsky secured a sponsorship of the Russian Basketball Federation for ChronoPay. The basketball federation is headed by Sergei Ivanov, a former KGB officer who was tapped by Russian President Vladimir Putin as deputy prime minister of Russia. In fact, ChronoPay used ties to Ivanov as an advertisement for its success and power. In a series of photographs of ChronoPay executives on the company’s blog is a picture of Vrublevsky and Ivanov standing in the front row at a basketball game cheering on their team, both men in business suits and smiling broadly.

It remains unclear how much Vrublevsky had to pay to secure that sponsorship, but several clues suggest it was more than $1 million. A story in a March 2011 print edition of the Russian daily
Kommersant
stated that the basketball federation’s budget was increased to approximately $6 million due to contributions from sponsors—ChronoPay, Russian investment group VTB, and Russian automaker Sollers. In that article, Ivanov is quoted as saying that VTB contributed more than half of the budget, and that the other half was contributed by ChronoPay and Sollers.

“If Pavel wants me to be named the World’s Number One Spammer, he pay lots of money to get that name for me, but you know I never tried to do any research to find out who actually was the number one spammer,” Gusev said. He was referring to a then-just-released paper by the UCSD researchers, who found that spammers working for
Rx-Promotion blasted out more than twice the amount of spam of any other program, including SpamIt.

“I thought it should be the owners of the largest botnets, and I thought most of them were working with SpamIt,” Gusev said. “But this research shows that 25 percent of spam was for Rx-Promotion sites. It’s very difficult for Pavel, even with all this information and money and influence, to persuade people that the bigger problem is not with him.”

Chat records from late January 2010 show that Gusev and Stupin sent initial “donations” of $210,000 and $115,000 from their company, Despmedia, to the Volleyball federation. In another online chat a month later, Gusev tells Stupin that their total expenses for bribes sent to Russian law-enforcement officials exceed $400,000.

In a conversation dated February 19, 2010, Gusev reports that he just paid $20,000—$5,000 to a middleman and $15,000 to someone from the Prosecutor General’s Office, the law-enforcement body that was investigating him—for information and for “delaying” his case. In the same chat log, Gusev says that he has found someone—a very able man, a lawyer and
reshalshik
(problem-solver)—who can provide a “complete set of services” to deal with the “RedEye problem.”

Gusev secured promises from this man that a donation in the proper amount would virtually ensure the incarceration of Vrublevsky and the destruction of his various shady businesses. But the price tag for this assurance was steep—$1.5 million.

Gusev says he has met a reshalshik and asks Stupin for advice on how to deal with the guy in addition to the $1.5 million. This fixer’s price is that Gusev and Stupin must agree to help an old, mutual acquaintance start a competing rogue Internet pharmacy program.

“I found a person who is willing to help me in this situation with RedEye,” Gusev writes. “This guy has a proven scheme, because he is a very strong lawyer. A real fixer-upper. For his service, along with very large sum of money, he is asking for something in return—he is
asking to help his friend—a very famous webmaster, who faced a similar problem to the one we are facing, and who was saved by that person. This ‘friend’ is not doing anything right now. This lawyer is asking us to help him with establishing an online pharmacy program. I am not happy about the idea of creating more competition, but out of all the people I talked to, only this guy offered a structured solution to the problem, giving us hope.”

Gusev then goes on to talk about the volleyball federation sponsorship, which is code for funneling money to corrupt FSB agents to run interference. He says: “People from the volleyball association can and will cover us, using their FSB connections, but they can do very little with the Prosecutor’s Office. They can only prolong the legal proceedings. They will also not be able to prosecute Red. The person who we are asked to help is my old acquaintance—Pet—the owner of
лолного
[this is a colloquial term—pronounced “loll-nah-vah”—referring to Lolita or child porn sites]—which handles billing through billcards.” Gusev is almost certainly talking here about Evgeny “Pet” Petrovsky, the Belarusian owner of the Sunbill/BillCards payment processing firm who was kidnapped by Loginov’s gang in
Chapter 2
.

After Gusev breaks the news that this fixer-upper lawyer is charging $1.5 million plus a personal favor, Stupin exclaimed, “Oh, my god! What does he promise for that?”

“He promises that Red would remain in prison and would not be able to buy his way out,” Gusev answered. “Plus, he is going to lose a large portion of his business and will be left with no money to fight the war.”

In a telephone interview in mid-2011, Gusev explained his actions thusly: “All that I wanted was to speak with someone from FSB [who] was making this [case] for Pavel, and to persuade them to stop all this conflict before it’s too late,” he said. “Unfortunately, this didn’t help me very much.”

In summer 2010, tens of thousands of emails and internal documents would be leaked from ChronoPay by unknown insiders or attackers who had hacked into the company’s network—offering
countless examples of the sort of activity that Vrublevsky had denied orchestrating for years.

When I asked Gusev whether he’d been responsible for the incident, he denied it, but then allowed that his involvement was a logical assumption, given the war of attrition that had earlier caught him flat-footed.

“Pavel has one year of advantage on me because I wasn’t really expecting that he would make all these things public about me and our business,” Gusev said. “Now, I am some kind of cybercriminal, and he is some kind of cybercriminal. The most logical decision is for us to solve this quietly, but he wants to harm me so desperately that he is making decisions without understanding the consequences.”

Convinced that Gusev had been behind the leak of ChronoPay documents and emails, Vrublevsky paid a local hacker to break into and leak the SpamIt and GlavMed customer database.

The following chat log is dated August 28, 2010, just days after SpamIt’s internal database found its way to U.S. law-enforcement agencies. In this conversation, Stupin and Gusev discuss whether to close SpamIt.

GUSEV
: It looks like I am in deep shit. Red gave our database to Americans.

STUPIN
: To which Americans?

GUSEV
: I can’t tell exactly, yet. Probably to FBI or Secret Service. Have you read on Krebs’s blog about the meeting at the White House regarding illegal pharmacy problems on the Internet?

STUPIN
: No.

GUSEV
: krebsonsecurity.com/2010/08/white-house-calls-meeting-on-rogue-online-pharmacies

STUPIN
: Maybe you return back to Russia?

GUSEV
: I am planning to do that. I am really worried now.

GUSEV
: Do you think “closing down” will help? Just realize: they have our ENTIRE database… There are 900,000 records. What are we going to do with those? For conviction and 5-year jail time, it is only necessary to prove 1 transaction! What is the worst? They combine the sentences and it is possible to get 5 life sentences.

GUSEV
: I also think we need to shut the operations down, because it’s an absolute disaster!

GUSEV
: Regarding closing down—I think we need to shut down SpamIt first. In a month or 1/2 month—GlavMed.

Gusev and Stupin would close SpamIt.com in late September 2010, replacing the Spamdot.biz homepage with the following message to affiliates:

Because of the numerous negative events that happened last year and the risen attention to our affiliate program, we’ve decided to stop accepting the traffic starting 1.10.2010 [October 1, 2010]. We find the decision the most appropriate in this situation. It provides avoiding the sudden work stop which leads to the program collapse and not paying your profit.

In our case the whole profit will be paid normally. All possible frauds are excluded. Please transfer your traffic to other affiliate programs by 1.10.2010.

Thank you for your cooperation! We appreciate your trust very much!

Immediately after SpamIt’s closure, the volume of junk email sent worldwide dropped noticeably—20 to 40 percent, depending on estimates—as spammers employed by the program sought to move their traffic to other partnerships that might pay for their services. Experts who tracked the top spam botnets used to promote SpamIt’s “Canadian” pharmacy sites quickly noticed that most of the major botnets—including Grum, Rustock, and Cutwail—essentially were parked in neutral for several weeks as the botmasters tried to figure out new ways to earn a living from their crime machines.

Thanks to a
New
York
Times
story that—according to the leaked ChronoPay emails—was sourced in part by outreach from the public relations staff of the Russian Association of Electronic Communications (RAEC), Gusev had become the world’s biggest spammer, even though Gusev claims that he was never a spammer in the conventional sense. By the time Moscow police searched his apartment, Gusev had already fled Russia with his wife and young daughter, reportedly headed for Spain.

But Gusev wasn’t going to go down without a fight. In November, he launched redeye-blog.com, a website that he used to publicly catalog Vrublevsky’s colorful past, even hiring a native English speaker to translate the blog for Western audiences. It didn’t take long for Vrublevsky’s many enemies to follow suit, airing RedEye’s dirty laundry by posting comments on the blog. Hundreds of adult webmasters with long memories of Vrublevsky’s wrongs against them began using the blog to chronicle the millions of dollars Vrublevsky still owed them from the Fethard disaster.

“Moscow is a good place to stay when you have money and good friends who can help you with your problems,” Gusev said in a phone interview in November 2010. “I’m trying to ruin his ChronoPay because if he will not have money, he will hopefully stop all these things.”

Not long after that interview with Gusev, Vrublevsky finally acknowledged that the Pharma Wars, as many were calling their feud, had progressed beyond the point of return. Rather, Vrublevsky said wryly,
neither side appeared to be deterred by “mutual assured destruction.” Here he was referring to a doctrine of military strategy in which both sides in a nuclear arms race are discouraged from launching a first strike based on the certainty that the aggressor’s action will trigger an equivalent response.

“The problem is that Gusev is not trying to hit me with his weapons, but he is trying to scare me,” Vrublevsky said in one of his many phone calls to this author. “His claim that he is staying abroad forever—this all is bullshit targeted to his webmasters, and of course it all sounds like a James Bond story, but nobody hides like this. In reality, Gusev is waiting for me to call him up and say, ‘Okay, man, let’s stop this war.’ But there’s nothing in that ChronoPay compromat that can make me stop or is able to save him now. It’s just a way he thinks he’ll be able to blackmail me every few months, and nothing else.”

Other books

Hearts Out of Time by Lange, Chris
Bakers on Board by Sheryl Berk
Why Me? by Neil Forsyth
The Not So Secret Baby by Amarinda Jones
Coffins by Rodman Philbrick
The Weather Wheel by Mimi Khalvati
Playground by Jennifer Saginor