According to the United States Department of Justice, a Russian cybercriminal, Aleksey Burkov, 30—who operated Cardplanet site: a site that trafficked stolen card details—has been sentenced to nine years in federal prison.
The site’s operation came to a halt in 2013, and while trying to escape the cold hands of justice, Bukov spent years on the run as a fugitive before the Israeli police apprehended him in 2015.
After the arrest, a long, strenuous court battle ensued, after which the Israeli government gave in and signed extradition papers in November 2019 to send Bukov to the U.S. to face charges there.
In January, Bukov pleaded guilty to his crimes. The sentence handed to Bukov— by U.S. District Judge T.S. Ellis—
looks inappropriate, and minimal and not fitting for the crimes he pleaded guilty to in court. The crimes include money laundering, identity theft, wire, and access fraud, conspiracy to commit computer intrusion, device fraud, etc. By his plea, Bukov is meant to receive at least a 15-year federal sentencing but got a 9-year deal.
In a remorse filled statement, Bukov told the judge. “In my early days, when I was a child, I met some hackers and began a wrong path in life. At that time, I could not differentiate the good from the bad, and the [life] outside the law became customary for me. Only in jail did I realize how wrong my life path was. I realized and accepted my guilt and reevaluated my life.”
According to the sentencing document filled in the case, “the 108-month prison sentence will incorporate time served, which means that Burkov could be free in a little over four years.”
So far, there has been no comment from Gregory Stambaugh—Bukov’s court-appointed attorney.
Bukov’s case involved a series of diplomacy and power-tussle between the U.S., Israeli and Russian governments.
News reports from Isreal suggested that the Russians were going to trade-off Israeli-American citizen, Naama Issachar, for Bokuv. The former, being held in Russia, for possession of marijuana and the latter, detained in Israeli at that time. This trade-off was to get Bukov to face crimes in Russia.
According to BBC, Issachar was issued a pardon by the Russian president, Vladimir Putin, and returned to Israel.
Federal prosecutors had a lot to say about Mr. Bukov and his schemes.
Bukov—described as an IT specialist from Saint Petersburg, Russia—is the brain behind Cardplanet.
Cardplanet peddled payment card data, including the card expiration date, account number, card verification value number, account holders’ names, etc. Prosector’s estimate that more than $20 million illegal purchases were carried out with the stolen card details.
According to the federal indictment, “between 2009 and 2013, the Cardplanet site trafficked in more than 150,000 stolen credit and debit cards, mainly issued through U.S. banks and financial institutions.”
The site served as a cybercriminal marketplace, where criminals trade-off the stolen information. This site was hosted on a server in Virginia while Bukov publicized it underground and in Russian sites.
Each stolen card could sell within $2.50 and $60, depending on where it was issued, as well as the personal information of the cardholder.
Bukov went as far as offering a refund policy, in a case where the cards didn’t work. He also had a sort of checker that could cross-check the stolen credentials for his buyers.
Since his site existed before bitcoin’s popularity, he accepted payments as Liberty Reserve or WebMoney, as well as regular payments from Western Union.
In addition to operating Cardplanet—which was the public face—Bukov, and co., ran a secondary site called Direct Connection. Membership in Direct Connection was strict and required referrals and validation from at least 3 cybercriminals that could attest to your work. Also, prospectives had to pay “insurance” of $5,000. Once these were done, the prospects become members and, with the forum’s help, plan attacks and exchange information.