Aleksei Burkov, a Russian cybercriminal once described as part of the hacking “elite” and “an asset of supreme importance” to Moscow, has pleaded guilty in a U.S. court to running a site that sold stolen payment card data, Engadget reports.
He also pleaded guilty to administering a highly secretive crime forum that counted among its members some of the most infamous Russian cybercriminals.
Burkov, 29, was arrested in 2015 at an airport near Tel Aviv. In 2017, an Israeli district court approved his extradition to the US, but Russia fought that decision for years. As Krebs on Security points out, the Russian government may be concerned that Burkov knows too much.
He admitted to running CardPlanet, a site that sold more than 150,000 stolen credit card accounts, and to being the founder and administrator of DirectConnection — a closely guarded underground community that attracted some of the world’s most-wanted Russian hackers. He pleaded guilty last week in a Virginia court to access device fraud and conspiracy to commit computer intrusion, identity theft, wire fraud, and money laundering.
As KrebsOnSecurity noted in a November 2019 profile of Burkov’s hacker nickname ‘k0pa’, “a deep dive into the various pseudonyms allegedly used by Burkov suggests this individual may be one of the most connected and skilled malicious hackers ever apprehended by U.S. authorities, and that the Russian government is probably concerned that he simply knows too much.”
Membership in the DirectConnection fraud forum was heavily restricted. New members had to be native Russian speakers, provide a $5,000 deposit, and be vouched for by three existing crime forum members. Also, members needed to have a special encryption certificate installed in their Web browser before the forum’s login page would even load.
As noted in last year’s profile of Burkov, an early and important member of DirectConnection was a hacker who went by the moniker “aqua” and ran the banking sub-forum on Burkov’s site. In December 2019, the FBI offered a $5 million bounty leading to the arrest and conviction of aqua, who’s been identified as Maksim Viktorovich Yakubets. The Justice Department says Yakubets/aqua ran a transnational cybercrime organization called “Evil Corp” that stole roughly $100 million from victims.
