United States v. Bondarenko, Case No. 2:17-CR-306 JCM (VCF)
Decision Date | 12 June 2019 |
Docket Number | Case No. 2:17-CR-306 JCM (VCF) |
Parties | UNITED STATES OF AMERICA, Plaintiff(s), v. SVYATOSLAV BONDARENKO, et al., Defendant(s). |
Court | U.S. District Court — District of Nevada |
Presently before the court is the matter of United States v. Bondarenko et al., case number 2:17-cr-00306-JCM-VCF. The following motions are pending:
. . .
. . .
This prosecution involves the takedown of Infraud Organization, a transnational cybercrime syndicate consisting of 10,901 members. (ECF No. 303). Infraud Organization operated a website that served as the premier destination to traffic contraband that criminals recovered through acts of identity theft and financial fraud. Id. Infraud Organization also used advertisements on its website to direct illicit activity to its members' automated vending sites, which were online platforms that transacted stolen personal and financial information. Id.
The purpose of Infraud Organization was to operate an online discussion forum that provided for the purchase and sale of high-quality contraband. Id. The forum, which was called "In fraud" and had the slogan "In Fraud We Trust," provided several safeguards to further the aims of the syndicate and protect its members from criminal liability. Id. All members remained anonymous to each other by interacting solely with usernames and concealed the nature of their transactions by using digital currencies. Id. The forum also allowed members to rate vendors as a means of maintaining the quality of contraband available on the Infraud website. Id.
In the early days of the syndicate, co-founder defendant Svyatoslav Bondarenko established rules that governed members' conduct on the website. Id. Infraud Organization routinely policed the forum for rule-violators such as "rippers," which are vendors of low-quality illicit goods or vendors that do not deliver goods and services in accordance with the terms of their transactions. Id. The enforcement of these rules and the successful operation of the forum required Infraud Organization to create the following hierarchy:
Individuals would join Infraud Organization as members by having an administrator grant their request to join the forum. Id. After joining the syndicate, members could move up and down the hierarchy. Id.
Infraud Organization operated from October 2010 to February 2018 and caused more than $568,000,000.00 in losses. (ECF Nos. 303, 573). Bondarenko and defendant Sergey Medvedev created Infraud Organization shortly after Bondarenko was banned from Carder.su, which was another cybercrime syndicate that operated from November 2005 to January 2012. (ECF Nos. 467, 504). Carder.su and Infraud Organization had similar hierarchy structures, engaged in similar criminal activities, and had over 10,000 members. Id. However, Carder.su used a different online forum and had different leadership. Id. Due to the anonymity of the conspirators, it is unclear to what extent the memberships of the two syndicates overlapped. See (ECF Nos. 504, 510).
Three defendants in this litigation, Thomas, Lirdon Muslie, and John Doe #5, a.k.a. Deputat, were previously indicted in a separate case for their involvement in the Carder.su conspiracy. (ECF No. 504). Thomas joined Infraud Organization several months after the government took down Carder.su. Id. He continued to engage in illicit activities on the Infraud website up until November 2014, just one month before a federal court sentenced Thomas to sixty months of custody for his involvement in the Carder.su conspiracy. Id.
A fourth defendant, Leopard, is a resident of the Republic of North Macedonia. (ECF Nos. 468, 502). In 2016, a Macedonian court indicted Leopard for the crime of making and using fake payment cards in violation of Macedonia Criminal Code Art. 274-b(2). Id. The Macedonian indictment included allegations of cybercrime activities, such as selling stolen information through the website www.tonymontana.cc, that the government has also alleged in this case. See (ECF Nos. 303, 468-1). Leopard eventually admitted guilt and, on December 13, 2016, the Macedonian court sentenced Leopard to twelve months of imprisonment. (ECF Nos. 468, 468-2). Leopard completed his term of custody on August 25, 2017. (ECF No. 468-3).
A fifth defendant, Chiochiu, joined Infraud Organization in December 2012. (ECF Nos. 473, 503). According to the government, Chiochiu helped other members develop, deploy, and use malware as a means of harvesting data. Id. Chiochiu allegedly developed a variant of FastPOS software, which is a program designed to infect computers that handle credit card data and steal financial information. (ECF No. 503). Chiochiu also allegedly shared with other members a programming script that can create automatic vending websites for the sale of fraud-related products. (ECF Nos. 473, 503).
Several defendants, including Thomas, Leopard, Ymeraj and Telusma, were vendors in Infraud Organization. (ECF No. 303). Their alleged activities included operating websites that facilitated illicit activity. Thomas hosted a website that provided a look-up service, which allowed Infraud Organization members to obtain compromised social security numbers and other personal information. Id. Leopard, Ymeraj, and Telusma hosted websites that sold compromised credit card data. Id. Telusma's website also provided services that allowed Infraud Organization members to launder funds that they illicitly obtained. Id.
On September 19, 2017, the government initiated this prosecution. (ECF No. 1). The second superseding indictment names thirty-six defendants and asserts nine counts: a single charge for racketeer influenced and corrupt organizations ("RICO") conspiracy in violation of 18 U.S.C. § 1962(d) and eight charges for possession of fifteen or more counterfeit and unauthorized access devices in violation of 18 U.S.C. § 1029(a)(3). (ECF No. 303).
Throughout the course of litigation, the government searched two premises that are relevant to the court's present inquiry. The first search was of Chiochiu's residence ("Chiochiu warrant") and the second search was of Telusma's residence ("Telusma warrants"). (ECF Nos. 474, 475).
On March 28, 2018, Chiochiu self-surrendered. (ECF Nos. 363, 474, 501). During his arrest, Chiochiu provided law enforcement officials with a home address at which he did not actually live. (ECF No. 474-1). Chiochiu also turned over three digital devices: two computer hard drives and an iPhone. Id. Later that day, Chiochiu pleaded not guilty and the court released him on a personal recognizance bond. (ECF Nos. 358, 360).
Forensic analysis of the devices revealed that, on the day before his arrest, Chiochiu "surgically wiped" the hard drives with a program called "CCleaner" and deleted data on the iPhone by resetting it to factory settings. (ECF No. 474-1). Chiochiu attempted to conceal these acts by leaving a large amount of innocuous data, such as personal photos and documents, on the hard drives. Id. However, one of the hard drives contained artifacts indicating the presence of FastPOS malware and cryptocurrentcy-related software. Id.
While examining these devices, Special Agent ...
To continue reading
Request your trial