Russian pleads guilty to charge related to Citadel malware

March 20, 2017 by Kate Brumback

A Russian man accused of helping develop and distribute malicious software designed to steal personal financial information pleaded guilty Monday to a charge of computer fraud.

Mark Vartanyan, 29, who's known to have used the online alias "Kolypto," was arrested in Norway in October 2014 and was extradited to the U.S. in December. He entered a guilty plea in federal court in Atlanta after reaching a deal to cooperate with federal prosecutors, who have agreed not to seek more than five years in prison.

He's scheduled to be sentenced June 21.

Vartanyan, a native of Moscow, was involved in the development, improvement, maintenance and distribution of Citadel, which infects computer systems and steals financial account credentials and personally identifiable information, prosecutor Greg D'Agincourt said in court.

Starting in 2011, Citadel was marketed on invite-only, Russian-language internet forums used by cybercriminals, and users targeted the computer networks of major financial and government institutions around the world, prosecutors have said. Industry estimates indicate it infected about 11 million computers worldwide and caused more than $500 million in losses.

Vartanyan was involved in the development, improvement, maintenance and distribution of Citadel from August 2012 to January 2013 while living in Ukraine and again from April 2014 to June 2014 while living in Norway, prosecutors have said.

Citadel was a top-tier malware at its height but had a relatively short run compared to some similar programs because its source code was leaked early on, making it easier for antivirus companies to spot it and block it, Mark Ray, a former FBI special agent who is now director of cyber investigations at PricewaterhouseCoopers in Atlanta, told The Associated Press in a phone interview.

"What made Citadel so unique is that it was the first one that really incorporated this concept of a customer relationship development module, where the developers wanted feedback from the users on improvements and additions and new features," said Ray, who was still working for the FBI in 2014 and traveled to Norway to interview Vartanyan following his arrest.

Vartanyan was one of many people who helped develop Citadel, Ray said, adding that just like with the development of legitimate software programs, developers of malware rely on different programmers with different tools and skills to build and improve their programs.

Another Russian, Dimitry Belorossov of St. Petersburg, known as Rainerfox, was sentenced in September 2015 to serve 4 1/2 years in prison after pleading guilty in Atlanta to conspiring to commit computer fraud for distributing and installing Citadel onto computers using a variety of methods, prosecutors said.

The Department of Justice investigation into the creator of Citadel is ongoing.

Explore further: Russian man faces US charges related to Citadel malware

Related Stories

Latvian man pleads guilty in worldwide computer virus case

September 5, 2015

A Latvian computer code writer who helped create a virus that spread to more than a million computers worldwide and corrupted some at NASA may be returning home soon after pleading guilty to a federal charge on Friday.

Two Romanians plead guilty in US hacking case

September 17, 2012

Two Romanian nationals pleaded guilty Monday to charges stemming from a scheme to hack into and steal payment card data from hundreds of US merchants, officials said.

Hacker gets prison for cyberattack stealing $9.4M

October 24, 2014

An Estonian man who pleaded guilty to orchestrating a 2008 cyberattack on a credit card processing company that enabled hackers to steal $9.4 million has been sentenced to 11 years in prison by a federal judge in Atlanta.

Recommended for you

WikiLeaks releases CIA hacks of Apple Mac computers

March 23, 2017

The Central Intelligence Agency is able to permanently infect an Apple Mac computer so that even reinstalling the operating system will not erase the bug, according to documents published Thursday by WikiLeaks.

Protecting web users' privacy

March 23, 2017

Most website visits these days entail a database query—to look up airline flights, for example, or to find the fastest driving route between two addresses.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.