Blackhole Exploit Kit Author Sentenced to Prison

Dmitry Fedotov, the Russian national who created the now-defunct Blackhole exploit kit, was sentenced this week by a Moscow court to seven years in prison.

Fedotov, known in the cybercrime world as “Paunch,” was one of the seven individuals convicted and sentenced for involvement in a criminal organization, according to the TASS news service. The other cybercriminals, including one who remains at large, were sentenced to between 5.5 and 8 years in prison for hacking into websites and computers.

The Blackhole exploit kit author was arrested in October 2013, when he was 27 years old. At the time of his arrest, authorities estimated that Paunch and his accomplices caused damage of 70 million rubles (roughly $2 million at the time).

The Blackhole exploit kit, which first emerged in 2010, was rented for $500 per month if run on the seller’s server and $700 if customers wanted to run it on their own server. Investigators believe the crimeware kit earned Fedotov $50,000 per month.

A few months before his arrest, Paunch teamed up with a fraudster known online as “J.P. Morgan” and announced that they had set aside $100,000 to acquire zero-day exploits, which they planned on including in an exclusive product called Cool exploit kit, priced at $10,000 per month. The budget for zero-days later doubled, and “J.P. Morgan” increased it to $450,000 after Fedotov’s arrest.

Use of Blackhole dropped significantly after Paunch’s arrest and the gap it left was soon filled by other exploit kits. Angler is currently the top choice for cybercriminals — its authors often integrate exploits for zero-days and recently patched vulnerabilities.

Related: Exploit Kits Mutate, Increase Activity

Related: Adobe Patches Flash Zero-Day Exploited by Magnitude EK