Last week, we investigated the story of Vladmir Drinkman
, a Russian hacker who assisted Albert Gonzalez
, another notorious hacker, in breaching a number of American retailers and using customers’ stolen payment card credentials to unlawfully withdraw money from ATM machines around the world.
With only three hackers remaining, Tripwire now continues its series on some of the most notorious cyber criminals brought to justice with Dmitry Olegovich Zubakha, a Russian hacker who is known to have launched a series of distributed denial of service (DDoS) attacks against some of the most popular e-commerce websites.
In June of 2008, Zubakha, who went by the names ‘Eraflame,’ ‘Dima-k17,’ and ‘DDService’ online, orchestrated DDoS attacks against Amazon.com, eBay, and Priceline.
Zubakha launched two attacks against Amazon.com over a period of one week. The first involved the use of a botnet, which requested resource-intensive web pages to increase the e-commerce site’s web traffic between 600 and 1,000 percent
. The attack lasted for only five hours.
By contrast, the second attack began on June 9 and did not cease until June 12.
With the help of a co-conspirator, one Sergey Viktorovich Logashov, Zubakha created problems for his victims that he, in turn, would offer to solve. For instance, following his attack against Priceline, Logashov contacted the company and offered to act as a consultant to stop the denial of service attack
In addition to their known DDoS campaigns, Zubacha and Logashov may have also been involved in breaching Boeing’s computer networks
and stealing the payment card information of some of the company’s 28,000 employees.
It is alleged that the pair boasted about their exploits on underground hacker forums
at one point, which may have first alerted law enforcement to the men.
Shortly thereafter, U.S. federal authorities traced 28,000 stolen credit card information to Zubakha and his accomplice.
Law enforcement agents were initially unable to apprehend Zubakha because he was living in Russia, a country that has no extradition treaty with the United States for cyber criminals.
It would not be until 2012 when federal authorities were finally able to arrest Zubakha while he was visiting Cyprus.
“These cyber bandits do serious harm to our businesses and their customers. But the old adage is true: the arm of the law is long,” said U.S. Attorney Jenny A. Durkan in an indictment
against Zubakha. “This defendant could not hide in cyberspace, and I congratulate the international law enforcement agencies who tracked him down and made this arrest.”
Zubakha is currently awaiting extradition to the United States, where he faces several counts of conspiracy, intentionally trying to cause damage to protected computers, possession of unauthorized access devices, and identity theft.