The respectable life of suspected hacker Aleksandr Ermakov | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

The resume says Ermakov graduated with an economics degree from Moscow State University of Technology and Management in 2014, after his first career experience in payroll, contracts, and accounting at the state-owned social welfare organisation the State Budgetary Institution Territorial Centre of Social Service began two years earlier.

This agency describes itself as supporting the elderly, disabled and families, including through psychology services.

He listed responsibilities including “overseeing calculations and deadlines for contractual obligations,” experience that may have been put to use if he was part of the attempts to negotiate and extort a ransom out of Medibank, something that has not been confirmed by the government.

Describing his tasks on his resume, Ermakov spoke of “Developing products that will be for people” and “bringing benefits and feeling joy from it”.

“I easily make contact with new people,” he adds.

Contacting Ermakov in 2024 is not so easy, however. It is unclear how his life has changed since his unmasking, but he has not responded to repeated SMS and WhatsApp messages from The Australian Financial Review.

A social media profile, including some of the pictures published by the Department of Home Affairs at the time of Mr Ermakov’s unmasking. 

His phone number was verified with three online sources from data breaches: his leaked HeadHunter registration, a leaked 2020 e-commerce blockchain service, a leaked 2021 medical record, plus two social media accounts.

A Russian social media OK profile from 2015, features one of the three photos the Australian government published in January, and a Facebook account bears two.

Two years after his social welfare role, in 2014, his career pivoted to technology, and he became a “digital manager” for a now-defunct sportswear company called Swoosh’es.

His responsibilities included overseeing “promotion on the internet based on the principle of word-of-mouth” and “social media”, his CV also lists responsibility for advertising, analytics, search engine optimisation, and internet traffic monitoring.

Mr Ermakov engages in business pleasantries at a networking event. 

In an interesting hint at his growing understanding of the potential damages caused to a firm’s reputation by online data breaches, Ermakov oversaw the “development and implementation of a comprehensive strategy for managing [its] online reputation”, with his CV claiming that he has “upper-intermediate B2 English proficiency”, and that he is “stress-resistant”.

A more recent and longer-term job, according to his CV, was as a corporate sales manager at a wholesaler of household goods named Trade House Skikea. It is still listed as his current role since 2014, but the company was liquidated last year.

Meet and greet

Ermakov sought corporate connections through Business Family, a Russian entrepreneurial networking society. Previously unreported photos show him attending social events at up-market Moscow bars between June and September 2016.

The Moscow apartment block where Mr Ermakov is known to have lived. 

Described as an organisation “for finding business partners, clients, friends, or simply enjoying pleasant conversations among interesting people”, the Financial Review has confirmed his Business Family account is registered using the same mobile number obtained online as well as the email address published in Australian sanctions.

His living arrangements show little evidence of a life enriched by the spoils of cybercrime. His residence was tracked to a Soviet-era, 1965-built apartment complex, just a 20-minute drive from the Kremlin. It was from this unassuming base that he allegedly perpetrated the largest cyber ransom attack in Australian history.

The mid-market suburban Moscow district has a mix of residential and commercial properties, with a neighbouring two-bedroom apartment now advertised for the equivalent of $350,000.

Health data

In a foreshadowing of the kind of exposure Ermakov would help inflict on Australians, the Financial Review saw leaked data available from a Russian pathology clinic at which Ermakov became a patient in April 2021, the same year the clinic was hacked. This includes his passport details, health insurance details and address.

A Snapchat profile registered to Mr Ermakov exists, but has so far ignored friendship requests. 

The data lists the same mobile number, as well as the email address, middle name, and date of birth released in the sanctions notice.

Unlike Ermakov is alleged to have done, the Financial Review will not publish such sensitive information or any details of the clinic and its medical specialty.

In a further attempt to contact Ermakov, a friend request was sent to a Snapchat account registered with his mobile number. The request remains unaccepted.

Other than one call that lasted two seconds, Ermakov did not answer or return calls to his number.


Click Here For The Original Story From This Source.


National Cyber Security