Two men from Latvia ran a malware service that has been in operation for more than a decade and used in major attacks against U.S. businesses, according to an indictment unsealed Wednesday in federal court in Alexandria, Va.
The men, along with an alleged co-conspirator in Virginia, designed a buffet of hacking software that they marketed on cybercrime websites, according to prosecutors.
The indictment does not detail which businesses allegedly were affected by the malware or what damage was done by the attacks. The defendants were identified as Ruslans Bondars and Jurijs Martisevs. Both were arrested overseas.
The hidden service the pair allegedly operated was accessible via the encrypted network Tor and has been operational since late 2006, prosecutors said. The tools that they are accused of selling include “some of the most prolific malware known to the Federal Bureau of Investigation,” according to the indictment, and the software “has been used in major computer intrusions committed against American businesses.” One of the largest services of this kind, it had at least 30,000 users, according to prosecutors.
Among the offerings allegedly provided by the defendants: tool kits to create customized malicious files, software that hides those malicious files from anti-virus programs, “Remote Access Trojans” that let a hacker take control of a computer, and “keyloggers” that record anything typed on a computer.
The alleged co-conspirator, described in the indictment as “Z.S.,” operated out of Great Falls, Va., and is accused of designing a key logger used by 3,000 customers to infect 16,000 computers in 2012.
Martisevs, who appeared at a sealed court hearing last week, also gave customer support to clients, according to the indictment. He is being held without bond, and his attorney declined to comment Wednesday.
In a brief court hearing for Bondars on Wednesday, defense attorney Joshua Jacob Horowitz said he expects 25 to 50 terabytes of evidence in the case.
Horowitz argued unsuccessfully for Bondars’s release. “My client came here voluntarily . . . to face these charges,” the attorney said.
Horowitz said Bondars’s employer in Latvia was willing to post a “substantial bond” and pay for the defendant to find a residence in Alexandria. He did not name the employer.
Assistant U.S. Attorney Kellen Dwyer noted that when Bondars was arrested he was carrying $30,000 in U.S. cash and said he has bank accounts in various countries.
U.S. Magistrate Judge Ivan Davis said he could not release a “homeless” defendant who faces arrest by immigration authorities if he is not in jail.
Bondars is a permanent resident of Latvia; Martisevs is a Latvian citizen who also lived in Moscow. They are both charged with conspiracy, conspiracy to commit wire fraud, wire fraud and computer hacking.