The title of this post is a quote from Mark Rasch, a former federal prosecutor with the U.S. Justice Department regarding sentencing guidelines that saw an admitted criminal receive a sentence of time served.. Brian Krebs published an article today concerning the sentencing of admitted criminal Peter “Severa” Levashov. In short, Levashov was sentenced to time served (33 months) on charges of being a “purveyor of malicious and junk email, and the creator of malware strains that infected millions of Microsoft computers globally”. Several of Levashov’s ‘associates’ have been apprehended and face sentencing later this year.
According to court documents and statements made in court, Tsurkan, his co-defendant Oleg Koshkin, and others (Levashov) operated an online, for-profit service known as Crypt4U via the websites “crypt4u.com,” “crypt4u.net,” “fud.bz,” “fud.re,” as well as a custom FTP service for high-volume processing. The websites promised to render malicious software fully undetectable (FUD) by nearly every major provider of antivirus software. Tsurkan and his co-conspirators claimed that their services could be used for malware such as botnets, remote access trojans (RATs), keyloggers, credential stealers, and cryptocurrency miners.
The Biden administration seems to want to address the “persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy”. Somehow we need to get the Judiciary thinking and acting on these threats also.