An Estonian man pleaded guilty Wednesday to two federal charges of computer fraud and abuse in a complex scheme that compromised roughly 1,000 routers globally, officials said.
Among the victims were dozens of Alaskans who faced hundreds or thousands of dollars of increased charges for internet service as a result, according to federal prosecutors.
Pavel Tsurkan, 33, was charged in 2019 after federal investigators learned of his activity while investigating another cybercrime, Assistant U.S. Attorney Adam Alexander said Wednesday.
Tsurkan targeted more than 1,000 internet devices and routers across the world and used them to build and operate a proxy botnet, called the “Russian2015,″ which allowed him to transmit third-party internet traffic through the connections. He sold that access to parties who then used those connections to commit various cybercrimes, including distributed denial of service attacks, advertising click fraud or even child exploitation, Alexander said.
In Alaska, 60 parties were affected during 2015 and 2016, mainly in rural areas of the state, said Supervisory Special Agent William Kilgore of the FBI. Most of the affected routers in the state were residential, but two victims included a hospital and a school district, said FBI Special Agent Elliott Peterson.
“The geographic dispersal was remarkable. We had victims in communities ranging from Cordova to Kotzebue, Wasilla, North Pole, Chugiak and then obviously here in town in Anchorage, as well,” Kilgore said.
The crimes were exceptionally noticeable for Alaskans, Kilgore said, because broadband data usage is capped here, unlike in many places in the Lower 48. As a result, victims in Alaska noticed overage charges on their monthly internet bills of hundreds and even thousands of dollars, he said. Some of the victims reported disconnecting all of their electronics from the routers but said the usage still continued to skyrocket.
Tsurkan pleaded guilty last week to separate criminal charges in Connecticut’s federal court. In that case, Tsurkan helped operate an online encryption service that concealed malware and allowed for hackers to infect computer systems around the world.
Tsurkan is scheduled for sentencing in November and could face up to 10 years in prison.
“Today’s cybercriminals rely on increasingly sophisticated techniques to hijack computers and personal electronic devices for their criminal activities. Botnets like the ‘Russian2015’ are a dangerous threat to all Americans and today’s guilty plea demonstrates we can and will hold accountable foreign cybercriminals and their enablers,” Bryan Wilson, the acting U.S. attorney for the District of Alaska, said in a statement.