Ukrainian police have arrested an accused cybercriminal who allegedly facilitated a web hosting scheme that made it possible for hackers to carry out attacks while avoiding international law enforcement.
Mikhail Rytikov, a Ukrainian national, was apprehended in Odessa as part of an operation carried out with help from the U.S. and U.K., Ivan Bakanov, the head of Ukraine’s national security service, said in a statement Tuesday. U.S. police have sought Rytikov’s arrest since he was indicted in 2013, accusing him of orchestrating a hosting service that was used to gain access to corporate networks and steal more than 160 million credit card numbers, causing hundreds of millions of dollars in losses.
In his statement Tuesday, Bakanov said Rytikov was involved with a data center that held 150 servers and equipment that was used for distributed denial-of-service attacks as well as to spread spam and pornography. Rytikov controlled roughly 40 percent of the Russian-speaking dark web, Bakanov alleged, adding that he would rent his services on Russian-speaking criminal forums.
One client was Yevgeney Bogachev, the author of the notorious Zeus virus that’s been used to steal banking information from millions of computers, according to the authorities.
In one startling allegation, Bakanov said Rytikov’s hosting provider was under “control and cover of the Russian special services.” That charge likely means Rytikov will remain in Ukraine to face charges there, rather than be sent to the U.S., as had once been discussed, according to Arkady Bukh, the attorney representing Rytikov in the U.S.
“It sounds like a treason allegation,” Bukh told CyberScoop. “It’s a huge problem. To my understanding, he had nothing to do with any of that but the Ukrainian government’s allegation is that he worked with Russia, and that would be seen as an act of war there.”
The U.S. and Ukraine do not have an extradition agreement.
“Bulletproof hosting” describes web hosting services that allow customers to do more than standard hosting companies, such as providing illegal gambling services, distributing porn or undergirding phishing operations. Rytikov is accused of running the AdbAllah provider, and his defense attorneys have said that, if AdbAllah was used for nefarious purposes, it was the cybercriminals, not Rytikov, who were responsible.
Last year, two Russian men, Vladimir Drinkman and Dmitriy Smilianets, pleaded guilty to charges related to targeting U.S. business networks, accessing 160 million credit card numbers and other violations in connection with a hacking spree that hit NASDAQ, 7-Eleven, JetBlue, Dow Jones, and other institutions. Rytikov provided the anonymous web-hosting that made those attacks possible, according to the U.S. Department of Justice.
He allegedly “allowed his clients to hack with the knowledge he would never keep records of their online activities or share information with law enforcement,” the Justice Department said in 2015.