The 37-year-old man who developed and operated the counter antivirus service Scan4You, has been sentenced to 14 years in prison
Ruslans Bondars, a man born in former USSR, based in Latvia, but without Latvian citizenship, was sentenced to 14 years in prison for crimes related to the operation of Scan4You, an online counter antivirus service that helped many criminals to determine if computer viruses or other software created by malicious hackers would be detected by an antivirus software, as reported by specialists in ethical hacking.
Scan4you is a multi-engine antivirus analysis service similar to VirusTotal that can be used to test malware evasive skills against the main antivirus available on the market. Unlike VirusTotal, Scan4you offers a totally anonymous service to its users; this means that the data related to the scans of the loaded files are not shared with the antivirus developing companies.
Bondars is one of two hackers in charge of operating Scan4you between 2009 and 2016; According to specialists in ethical hacking from the International Institute of Cyber Security, this service was very popular among the cybercriminal community and was used by numerous malware developers to test their malicious codes. Bondars pleaded guilty on May 16 at the Federal Court of Alexandria.
Jurijs Martisevs, the other hacker who operated Scan4You, was arrested during a trip to Latvia and extradited to the United States. The man pleaded guilty to the same charges as Bondars in March 2018.
Scan4you allowed hackers to develop functional malicious code to steal millions of retail store payment cards worldwide, it has been estimated that total losses represent $20.5 billion USD.
“By issuing the sentence, the court found a loss of $20.5 billion. In addition to the period of incarceration, District Judge Liam O’Grady ordered Bondars to serve three years of supervised freedom. A decision regarding the losses and payment of the return to the victims will be disclosed soon”, mentions a statement from the US Department of Justice (DoJ).
“It is known that a Scan4you client used the service to test malware that was further used to steal about 40 million of payment card numbers, as well as approximately 70 million addresses, phone numbers and other personal information from numerous businesses, causing more than $290M USD in losses for the affected company”, the statement continues.
According to reports from specialists in ethical hacking, a second client used Scan4you to contribute to the development of the Citadel malware that caused more than $500M USD in fraud losses.
The DoJ statement concludes by mentioning that law enforcement agencies will not make any distinction between service providers such as Scan4You and hackers who use them, committing to bring them both to justice.