An organized criminal group consisting of Russian and Kazakh nationals extorted money from foreign companies between 2003 and 2004. The suspects attacked servers of the corporate victims and demanded the payment of thousands of US dollars in return for stopping attacking such servers.
The suspects infected several computers by using malware unbeknown to the computers' owners. Such malware allowed the suspects to create a network of infected computers from which they were able to launch distributed denials of service (DDoS) attacks. A DDoS attack entails the simultaneous sending of a large number of requests to a computer server. When the number of requests exceeds the server's capacity, the server stops working.
The criminal group had an organized structure. A.A.P. was in charge of handling the network of infected computers and making it available when the group wanted to launch a DDoS attack. I.V. was in charge of writing malware intended to launch DDoS attacks, with a special function that enabled the suspects to gain control over the infected computer by exploiting a weakness of Windows.
The suspects used a number of techniques to conceal their illegal activities. They used various anonymous proxy servers and virtual private network (VPN) services as well as various anonymous mail servers in order to conceal or change their real IP addresses. They also used fake names to create new email accounts.
The members of the criminal organization developed a strategy to transfer the money extorted from the companies they attacked, using existing international payment networks such as Western Union, Webmoney and Avtobank-Nikoil. To avoid disclosing their identities, the suspects requested the corporate victims to send the payments to individuals residing in the Republic of Latvia. Such individuals subsequently transferred the funds to the Russian Federation.
One of the corporate victims refused to pay and reported the facts to law enforcement. This report triggered the investigation that led to the arrest of the suspects.
The Investigative Committee of the Ministry of Internal Affairs of the Russian Federation, Directorate K of the Ministry of Internal Affairs of the Russian Federation and officials from United Kingdom and United States law-enforcement authorities (the server used to infect the victims' computers was located in US territory) conducted an unprecedented investigation which culminated in the conviction of the blackmailers, who were residents of the Russian Federation.
In 2004, the Investigative Committee of the Ministry of Internal Affairs of the Russian Federationa, upon request of British authorities, launched an investigation into extortion threats by individuals residing in the Russian territory against a number of British companies.