For greater than a decade, Vyacheslav Igorevich Penchukov—a Ukrainian who used the net hacker identify “Tank”—managed to evade cops. When FBI and Ukrainian officers raided his Donetsk residence in 2010, the place was abandoned and Penchukov had vanished. However the legal spree got here to a juddering halt on the finish of 2022, when he traveled to Switzerland, was arrested, then was extradited to the USA.
In the present day, at a US federal court docket in Lincoln, Nebraska, a decide sentenced Penchukov to 2 concurrent nine-year sentences, after he pleaded responsible to 2 costs of conspiracy to take part in racketeering and a conspiracy to commit wire fraud. United States District Choose John M. Gerrard additionally ordered Penchukov to pay greater than $73 million, in response to court docket information. The court docket additionally ordered three years of supervised launch for every depend and mentioned they need to run concurrently.
Each costs carried a most sentence of as much as 20 years every. Based on court docket paperwork, nevertheless, the US authorities and Penchukov’s legal professionals each requested a much less extreme sentence following him signing a plea settlement in February. It’s unclear what the phrases of the plea deal embody. On the time, paperwork present, Penchukov may additionally face having to repay as much as $70 million—lower than the mixed quantity he is ordered to pay in restitution and forfeited funds. “I perceive this, however I don’t have such quantities of cash,” he mentioned in court docket earlier this yr.
The US prosecution of Penchukov—who has been on the FBI’s “most needed” cyber record for greater than a decade—is a uncommon blow in opposition to probably the most well-connected leaders of a prolific 2010s cybercrime gang. It additionally highlights the continued challenges Western regulation enforcement officers face when taking motion in opposition to Japanese European cybercriminals—notably these primarily based in Russia or Ukraine, which don’t have extradition agreements with the US.
Forward of the sentencing, the Division of Justice refused to touch upon the case, and the FBI and Penchukov’s legal professionals didn’t reply to WIRED’s requests for remark.
When the Ukrainian pleaded responsible in February—numerous costs had been dropped following him signing the plea settlement—he admitted to being one of many leaders of the Jabber Zeus hacking group, beginning in 2009, that used the Zeus malware to contaminate computer systems and steal folks’s checking account data. The group used the small print to log in to accounts, withdraw cash, after which ship it to varied cash mules—stealing tens of thousands and thousands from small US and European companies.
“The defendant performed an important position, a management position, on this scheme by directing and coordinating the trade of stolen banking credentials and cash mules,” prosecutors mentioned in court docket earlier this yr. They might steal 1000’s from sufferer firms, usually draining their accounts.
Penchukov, who was additionally a well-known DJ in Ukraine, additionally admitted to a key position organizing the IcedID (additionally identified Bokbot) malware, which collected the sufferer’s monetary particulars and allowed ransomware to be deployed on techniques. He was concerned from November 2018 to at the least February 2021, officers say. Investigators discovered he saved a spreadsheet detailing the $19.9 million earnings IcedID made in 2021.
