In December 2023, KrebsOnSecurity revealed the real-life identity It’s a repeaternickname used by a Russian hacker who sold more than 100 million stolen payment cards. The target again The Home Depot between 2013 and 2014. Resident of Moscow Mikhail Shefelwho confirmed using the Rescator identity in a recent interview, also admitted that he is trying to reach out because he has no money and wants to be announced in new money-making programs.
Mikhail “Mike” Shefel’s former Facebook profile. Shefel has officially changed his surname to Lenin.
Mr. Shefel, who recently changed his legal surname to Leninhe was the star of last year’s story, Ten Years Later, New Directions in Targeted Crime. That investigation detailed how the 38-year-old Shefel assumed the nickname Rescator while serving as vice president of payments at ChronoPaya Russian financial company that pays spammers to advertise fake anti-virus scams, male enhancement drugs and medical treatments.
Mr. Shefel did not respond to requests for comment before that December 2023 profile. Nor did he respond to reports here in January 2024 that he had an IT company with a 34-year-old Russian man. Aleksandr Ermakovwho was sanctioned by Australian, UK and US authorities for stealing data from nearly 10 million customers of Australian health insurance giant Medibank.
But not long after KrebsOnSecurity reported in April that Shefel/Rescator was also behind the theft of Social Security and tax information from dozens of South Carolina residents in 2012, Mr. alleged criminal acts of robbery.
In a series of live video chats and text messages, Mr. Shefel confirmed that he went with the Rescator ID for several years, and that he used a number of websites between 2013 and 2015 that sold stolen payment card data from Target, Home Depot. and a number of other retail chains across the country.
Shefel says the real mastermind behind Target and other retail violations was Dmitri Golubova notorious Ukrainian hacker known for being the founder of Carderplanet, among the first Russian-language cybercrime platforms that focused on payment card fraud. Mr. Golubov could not be reached for comment, and Shefel says he no longer has the laptop with the evidence to support that claim.
Shefel claims that he and his team were responsible for the card-stealing malware that the Golubov hackers installed on Target and Home Depot payment terminals, and that at the time he was the technical director of a long-running cybercrime community called Lampeduza.
“My nickname was MikeMike, I worked with Dmitri Golubov and did the technology for him,” said Shefel. “I am also the god of his second son.”
Dmitri Golubov, circa 2005. Photo: US Postal Service.
A week after breaking the story about the 2013 data breach at Target, KrebsOnSecurity published Trading Cards From Target?, which identified the Ukrainian man who used the alias. Helkern as the original Rescator identity. But Shefel says Helkern was under Golubov, and that he was responsible for introducing the two men more than a decade ago.
“Helkern was my friend, me [set up a] meeting Golubov with him in 2013,” said Shefel. “That was in Odessa, Ukraine. I used to be in that village, too [it’s where] I met my second wife.”
Shefel says he made several thousand dollars selling stolen cards to Golubov’s Ukrainian employees, but not long after Russia annexed Crimea in 2014 Golubov cut him out of business and replaced Shefel’s malware team with programmers in Ukraine.
Golubov was arrested in Ukraine in 2005 as part of a joint investigation by multiple US law enforcement agencies, but his political connections in the country meant his case went nowhere. Golubov later gained immunity from prosecution by becoming an elected politician and founded the Internet Party of Ukraine, which called for free Internet for everyone, the creation of “hacker schools” across the country and “computerization of the entire economy.”
Mr. Shefel says he stopped selling stolen payment cards after he was forced out of business, and invested his earnings in a defunct Russian search engine called tf.[.]org. Apparently he had a business called click2dad[.]net that paid people to click on ads for Russian government jobs.
When those businesses fizzled out, Shefel returned to selling malware services for hire under the alias “Get sending“; this claim bears out, as Getsend has for years advertised the same Telegram handle used by Shefel in our recent chats and video calls.
Screenshot of a Telegram conversation with Mikhail Shefel/Lenin.
Shefel admitted that his connection was motivated by a desire to introduce several new businesses. None of this will be mentioned here because Shefel is already using my December 2023 profile to promote what appears to be a pyramid scheme, and remind others in the Russian hacking community of his skills and accomplishments.
Shefel says he is now dead, and currently has little to show for his hacking career. The player from Moscow said that he recently heard about his ex-wife, who had read his story last year and wondered where he had hidden all his money.
More urgently, Shefel needs money to get out of jail. In February, he and Ermakov were arrested on charges of using a temporary ransomware program in 2021 called. Sugar (aka Sugar Locker), which targeted individual computers and end users instead of companies. Shefel will face those charges in a Moscow court on Friday, Nov. 15, 2024. Ermakov was recently found guilty and sentenced to two years.
Shefel says that his Sugar ransomware deal was for money, and never turned a profit. Russia is notorious for not prosecuting criminals within its borders who carefully avoid attacking Russian businesses and consumers. When asked why he is now being prosecuted for Sugar, Shefel said he is sure that an investigation was launched Pyotr “Peter” Vrublevsky – the son of his former boss at ChronoPay.
ChronoPay Founder and CEO Pavel Vrublevsky it was the main topic of my 2014 book Spam Nationwhich described his role as Russia’s most notorious crime boss.
Vrublevsky Sr. he recently announced that he is engaged, and is currently in prison for fraud. Russian authorities say Vrublevsky used several fraudulent SMS-based payment systems. They also accused Vrublevsky of facilitating money laundering in Hydra, Russia’s largest black market at the time. Hydra trades in illegal drugs and financial services, including the collapse of cryptocurrency due to money laundering, exchange services between cryptocurrency and Russian rubles, and the sale of fake documents and hacking services.
However, in 2022 KrebsOnSecurity reported on a possible reason for Vrublevsky’s recent crimes: He has been extensively documenting the aliases, real names and criminal exploits of Russian hackers working under the protection of corrupt officials in the Russian Federal Security Service (FSB). ), and using a Telegram channel threatening to expose allegations of wrongdoing by Russian finance officials.
Shefel believes that Vrublevsky’s son Peter paid corrupt police officers to file a criminal case after reporting the young man to Moscow police, accused of walking in public with a loaded gun. Shefel says Russian authorities told the younger Vrublevsky that he was the one who filed the gun complaint.
July 2024, Russian news outlet Izvestia published a long investigation of Peter Vrublevsky, alleging that the younger son took over his father’s mantle and had a job in advertising. A treea Russian-language drugstore that went live after the Hydra darknet market was shut down by international law enforcement agencies in 2022.
Izvestia reports that Peter Vrublevsky was the marketing mastermind behind this 3D ad campaign and others promoting the Russian narcotics bazaar in Sprut.
Izvestia reports that Peter Vrublevsky currently lives in Switzerland, where he reportedly fled in 2022 after being “arrested in absentia” in Russia on charges of running a violent group that could be hired through Telegram to carry out a series of physical attacks in real life, including bombings and burglaries.
Shefel says his former partner Golubov was involved in the development and distribution of early versions of ransomware, including Cryptolocker, and that Golubov is still active in the cybercrime community.
Meanwhile, Mr. Shefel describes himself as someone who just got a few odd coding jobs he gets every month. Amazingly, the day after our first Telegram conversation, Shefel proposed going into business together.
As an example, he suggested that maybe a company that specializes in finding lost passwords for cryptocurrency accounts, or maybe a chain of online stores that sell cheap Chinese goods in a steep area in the United States.
“Hello, how are you?” he asked. “Maybe we can open a business?”
Source link