The accused Russian scammer at center of a geopolitical standoff pleaded not guilty Friday to allegations that he operated two hacking forums where members bought and sold payment data worth roughly $20 million.
Aleksei Burkov appeared in the Eastern District Court of Virginia to refute charges including computer intrusion, identity theft and other fraud-related accusations. The 29-year-old St. Petersburg native arrived in the U.S. on Nov. 12 from Israel after a prolonged extradition battle in which the Russian government tried coercing Israeli officials into sending Burkov to Russia, rather than the U.S.
Burkov appeared relaxed to the point of laughing at a joke Judge Thomas Ellis made about his own penchant for eating ice cream in the former Soviet Union. “Morozhenoe” (ice cream) was the only word that Ellis said to Burkov in Russian, drawing a broad smile from the defendant, who wore a dark green jumpsuit and had short hair. Defense attorney Gregory Stambaugh said Burkov has been in good spirits, a mood the attorney described as “amazing” under the circumstances.
Two officials from the Russian Embassy also could be seen conferring with the defense following the hearing.
A 2016 indictment against Burkov made public this month accuses him of operating two web forums dedicated to cybercrime. Scammers used one forum, called Cardplanet, to buy and sell data from roughly 150,000 credit and debit cards, with fraud losses exceeding $20 million, according to the Justice Department. (Cardplanet is distinct from the notorious Carderplanet website.)
A second forum, which goes unnamed in the indictment, was used by “elite cybercriminals to meet in a secure location” where they could trade stolen data, share hacking tools and help other members avoid detection, the indictment states. In November 2015, a member of this “elite” forum advertised a database containing information about 191 million Americans, including names and birth dates. This member was not Burkov.
Chris Vickery, an independent security researcher, says he found the same database, which also contained voter information, such as party affiliations and whether an individual voted in recent elections.
Vickery later traced the database to a religious group, United in Purpose, dedicated to electing conservative politicians. When Vickery went public with his findings in 2015, the U.S. Secret Service contacted him to say the information might be relevant to an ongoing investigation into a foreign national.
“I provided a database backup to them,” Vickery told CyberScoop this week. “We set up a time for an agent to come by my apartment at that time and physically receive an external hard drive with the data on it.”
The Secret Service did not respond to a request for comment.
The mystery forum
Examining that database of voting information appears to only have been one aspect of a much more significant U.S. investigation into Burkov, who KrebsOnSecurity reported used the alias “K0pa” on various websites. The name of that second forum, in particular, remains a secret because it was a favorite gathering place for high-level Russian and Eastern European hackers who, despite an advertisement for the voting database, were focused almost entirely on making money, according to a former U.S. official involved in the investigation.
Operators tried protecting the exclusivity of the forum by requiring three existing members to vouch for any new users. Those three members also would be forced to pay money, perhaps up to $5,000, according to the indictment, to further attest for the new member. The site also had a whitelist capability whereby forum administrators could detect when users logged on through a device that hadn’t been approved.
The former official declined to identify the forum by name on the basis that it could jeopardize U.S. investigative efforts. It was not Mazafaka nor DirectConnection, where KrebsOnSecurity reported that K0pa was an active member, the former official said.
“You’re probably talking about less than 200 guys on this forum,” a former law enforcement official told CyberScoop. This official asked CyberScoop to withhold his name since he was not authorized to discuss the investigation publicly. “They weren’t going to let in some random guy who spoke really good Russian just because he had $5,000.”
A Russian plan foiled
In October, before an Israeli court approved Burkov’s final extradition to the U.S., a Russian court sentenced Naama Isaachar, an Israeli woman, to more than seven years in prison for allegedly being in possession of marijuana at the Moscow airport. Israeli officials told the New York Times the Kremlin had linked Isaachar’s fate to Burkov, and Russian state media suggested “Burkov could be swapped” for the 25-year-old woman.
At one point, Isaachar’s mother told the Times, she began receiving messages from someone claiming to be a friend of Burkov, informing her the cases had become inextricably linked.
Israeli Prime Minister Benjamin Netanyahu sent a formal request to Russian President Vladimir Putin to release Issachar, and the two twice discussed the matter, Israeli media reported before Burkov was extradited to the U.S., effectively ending the discussions.
The apparent coercion attempt represents a significant escalation in the way Russia has interfered in American judicial matters. But it’s not the first time.
The Kremlin previously tried convincing a Czech court to send another accused hacker, Yevgeniy Nikulin, who allegedly stole more than 100 million usernames and passwords from U.S. technology firms, to Russia, rather than to a courtroom in the Northern District of California. Nikulin has pleaded not guilty, and that case is pending trial.
“Russia, in particular, has exhibited a pattern of activity where they will try to interfere with extraditions from third countries,” Tonya Ugoretz, deputy assistant director of the FBI’s Cyber Division, said Monday at a New York University event.
“They’ve exhibited a pattern of doing that by filing their own extradition requests, which are often spurious, exhibiting political pressure on the third country, and advocating for bail or release on medical grounds and then helping an individual flee,” Ugoretz said. “We’re grateful to other countries who exhibit the fortitude of pushing back on those efforts.”
Burkov faces up to 80 years in prison if convicted on all counts. The trial is scheduled to begin April 21.
Sean Lyngaas contributed reporting to this story.
The full indictment is available below.
[documentcloud url=”http://www.documentcloud.org/documents/6547998-Burkov-Superseding-Indictment-FEB2016.html” responsive=true]