Cybercrime Forum Administrator Sentenced to 10 Years in PrisonSergey Medvedev Was Co-Creator of Infraud Organization's Carding Forum
A Russian national who co-founded the Infraud Organization's online cybercrime forum, which trafficked in stolen payment card data and was tied to more than $560 million in fraud losses, has been sentenced to serve 10 years in prison for his role in running the site, according to the U.S. Justice Department.
See Also: Automating Security Operations
Sergey Medvedev, 33, pleaded guilty to a charge of conspiracy under the Racketeer Influenced and Corrupt Organizations Act, commonly known as RICO, in June 2020. He was sentenced Friday.
In his role as administrator of the Infraud forum, Medvedev handled the day-to-day management decisions of the site, prosecutors say. He decided who could join the forum and determined who had full access to the computer servers that hosted the Infraud Organization's website, according to court documents.
Medvedev, who went by the online names "Stells," "segmed" and "serjbear," also operated an "escrow" or currency exchanging service that members of the cybercrime organization used to facilitate the purchase and sale of contraband, prosecutors say.
Also on Friday, Marko Leopard, 31, of North Macedonia was sentenced to five years in federal prison for his role in the Infraud Organization. Leopard, who went by the online handle "Leopardmk," pleaded guilty to one count of racketeering conspiracy in November 2019, prosecutors say.
The Infraud Organization
Over an eight-year period, the Infraud Organization ran an online forum dedicated to criminal activity that federal prosecutors claim had more than 10,000 members in March 2017. The site had the slogan "In Fraud We Trust."
The gang that operated the forum engaged in a variety of identity theft and financial fraud activities from October 2010 to February 2018, prosecutors say. The forum is believed to have handled the sale or purchase of over 4 million compromised payment card numbers, according to the court filing. The goal of the organization was to develop the "premier online destination for the purchase and sale of stolen property and other contraband" that also served as the source of other contraband vendors, according to the Justice Department.
The operators of the cybercrime forum used various advertising methods to direct traffic from its website to other automated sites that were owned or operated by its members, helping other cybercriminals traffic in point-of-sale malware, banking Trojans, stolen payment card details and counterfeit identification, prosecutors say.
This all came to an end in February 2018, when the U.S. and international law enforcement agencies seized and shuttered the Infraud Organization website.
At the time, the Justice Department unsealed a nine-count federal indictment that charged 36 individuals, including Medvedev and Leopard, with a range of offenses. The indictment accused them of helping to run a cybercriminal forum tied to more than $560 million in confirmed fraud losses, with the intention of trying to steal more than $2.2 billion (see: Feds Dismantle Ukrainian's $530 Million Carding Empire).
Creators of Forum
Prosecutors alleged that Medvedev and a Ukrainian national named Svyatoslav Bondarenko - who is also known as "Obnon," "Rector" and "Helkern" - co-created the Infraud Organization's website in 2010. Bondarenko, who remains at large, appears to have ended his involvement in 2015, according to court documents.
In April 2016, Medvedev posted on the Infraud forum that Bondarenko had vanished, making Medvedev the "admin and owner" of the site, the court papers note.
Prosecutors say Leopard, who started working for Infraud in 2011, offered his services as an "abuse immunity" web host to those who wanted to create websites to sell contraband. Leopard catered to websites offering illegal goods and services. He also hosted several sites for Infraud members, providing the infrastructure that allowed gang members to turn a profit.
Other cases related to the investigation have been making their way through federal courts over the last three years.
In July 2020, Valerian Chiochiu pleaded guilty to a racketeering charge and admitted to creating a malware strain called FastPOS, which was designed to target point-of-sale devices to steal payment card data, prosecutors say. Chiochiu also gave advice and support to other Infraud members who wanted to develop malicious code (see: FastPOS Malware Creator Pleads Guilty).