A Russian-born U.S. citizen has been sentenced to 110 months in prison for running a sophisticated cybercrime operation that involved botnets, stolen financial data and money laundering.
Alexander Tverdokhlebov, 29, has been living in Los Angeles. He emigrated from Russia in 2007 and later obtained U.S. citizenship.
According to U.S. authorities, Tverdokhlebov was an active member on several exclusive Russian-speaking cybercrime forums since at least 2008. He is said to have offered various services, including for laundering illegal proceeds.
The man also operated botnets that allowed cybercriminals to steal payment cards and other data. Investigators said Tverdokhlebov boasted about possessing 40,000 credit card numbers and controlling as many as half a million computers between 2009 and 2013.
The hacker sold the stolen card data to individuals who used it to make fraudulent purchases or withdrawals from the victims’ accounts. He is also said to have recruited Russian students visiting the U.S. to receive money from victims and then forward it to Tverdokhlebov and his accomplices.
Authorities believe Tverdokhlebov’s activities resulted in losses between $9.5 and $25 million. When he was arrested, investigators found $275,000 in cash distributed across several safety deposit boxes in Las Vegas and Los Angeles. They also seized Bitcoin and other assets valued at roughly $5 million.
Tverdokhlebov pleaded guilty to wire fraud in late March and he has now been sentenced to 110 months in prison and three years of supervised release, which includes the monitoring of his computer use.
Several Russian nationals have been charged or convicted recently for cybercrimes in the United States. Yevgeniy Aleksandrovich Nikulin has been charged for hacking into the systems of LinkedIn, Dropbox and Formspring and will be extradited from the Czech Republic, two Russian Federal Security Service (FSB) officers have been indicted over the 2014 Yahoo hack, and the author of the Citadel malware recently pleaded guilty.
A lengthy prison sentence was given recently to 32-year-old Roman Valeryevich Seleznev, convicted on 38 counts in relation to a point-of-sale (PoS) hacking scheme.