Dimitry Belorossov, Russian cybercriminal, sentenced over ‘Citadel’ malware

Federal prosecutors in the United States have secured a 4½-year prison sentence against Dimitry Belorossov, a Russian national who helped spread malware that infected over 11 million computers worldwide.

Belorossov, 22, pleaded guilty last year to one count of conspiring to commit computer fraud related to his involvement in an international cyber scheme that authorities say caused more than $500 million in losses. He was sentenced Tuesday to spend 54 months in prison and ordered to pay $320,000 in restitution.

Investigators said Belorossov downloaded a copy of the Citadel malware in 2012 and used it to personally gain unauthorized access to more than 7,000 computers within the United States. He was arrested the following year in Spain and extradited to the U.S. to stand trial.

Arkady Bukh, a lawyer for Belorossov, told Reuters that his client had taken responsibility for his actions by pleading guilty despite being only a teenager at the time of the crime.

“It was a long battle,” the attorney said.

Citadel first appeared online in 2011 and has been dubbed by federal prosecutors as “one of the most advanced crimeware tools available in the underground market.”

Investigators said Belorossov distributed and installed the program on the computers of thousands of victims by spreading it through attachments sent via email and online ads that had been maliciously coded. As a result, authorities say he was able to control upwards of 7,000 infected computers, gaining banking credentials for U.S.-based financial institutions in the process.

Additionally, prosecutors said Belorossov also suggested improvements to Citadel and communicated with other cybercriminals who used the malware to hack victims.

“The FBI, in working with its international partners, continues to demonstrate that international boundaries no longer provide a safe haven for cybercriminals targeting U.S. individuals or interests domestically. Successful investigation and prosecution of cases such as this are directly attributable to the increased capabilities and determination of our cyber-trained investigators and our foreign-based legal attachés working collectively to not only disrupt and dismantle these foreign-based hacking efforts, but also to bring those individuals responsible to justice,” said J. Britt Johnson, an FBI special agent involved in the investigation.