Joe TidyCyber correspondent, BBC World Service
BBCAfter years of studying about “Tank” and months of planning a go to to him in a Colorado jail, I hear the door click on open earlier than I see him stroll into the room.
I arise prepared to offer this former cyber-crime kingpin an expert howdy. However, like a cheeky cartoon character, he pokes his head round a pillar with an enormous grin on his face and winks.
Tank, whose actual title is Vyacheslav Penchukov, climbed to the highest of the cyber-underworld not a lot with technical wizardry, however with felony attraction.
“I’m a pleasant man, I make buddies simply,” the 39-year-old Ukrainian says, with a broad smile.
Having buddies in excessive locations is alleged to be one of many causes Penchukov managed to evade police for therefore lengthy. He spent almost 10 years on the FBI’s Most Needed checklist and was a pacesetter of two separate gangs in two distinct durations of cyber-crime historical past.
It’s uncommon to talk to such a high-level cyber-criminal who has left so many victims behind him; Penchukov spoke to us for six hours over two days as a part of the continued podcast collection Cyber Hack: Evil Corp.
The unique interview – Penchukov’s first ever – reveals the internal workings of those prolific cyber-gangs, the mindset of a few of the people behind them and never-before-known particulars about hackers nonetheless at massive – together with the alleged chief of the sanctioned Russian group, Evil Corp.
It took greater than 15 years for authorities to lastly arrest Penchukov in a dramatic operation in Switzerland in 2022.
“There have been snipers on the roof and the police put me on the bottom and handcuffed me and put a bag on my head on the road in entrance of my youngsters. They had been scared,” he remembers with annoyance.
He’s nonetheless bitter about how he was arrested, arguing that it was excessive. His 1000’s of victims all over the world would strongly disagree with him: Penchukov and the gangs he both led or was part of stole tens of hundreds of thousands of kilos from them.
Within the late 2000s, he and the notorious Jabber Zeus crew used revolutionary cyber-crime tech to steal straight from the financial institution accounts of small companies, native authorities and even charities. Victims noticed their financial savings worn out and stability sheets upended. Within the UK alone, there have been greater than 600 victims, who misplaced greater than £4m ($5.2m) in simply three months.
Between 2018 and 2022, Penchukov set his sights greater, becoming a member of the thriving ransomware ecosystem with gangs that focused worldwide companies and even a hospital.
Englewood Correctional Facility, the place Penchukov is being held, wouldn’t allow us to take any recording gear contained in the jail, so a producer and I make notes through the interview as we’re watched over by a guard close by.
The very first thing that stands out about Penchukov is that, though he’s wanting to be launched, he appears in excessive spirits and is clearly profiting from his time in jail. He tells me he performs a number of sport, is studying French and English – a well-thumbed Russian-English dictionary stays by his aspect all through our interview – and is racking up high-school diplomas. He should be good, I counsel. “Not good sufficient – I am in jail,” he jokes.
Englewood is a low-security jail with good amenities. The low-rise however sprawling constructing sits within the foothills of the Rocky Mountains in Colorado. The dusty grass verges surrounding the jail are teeming with noisy prairie canines scurrying into their burrows every time disturbed by jail automobiles coming and going.
It’s a good distance from Donetsk, Ukraine, the place he ran his first cyber-crime gang after falling into hacking by way of video games cheat boards, the place he would search for cheats for his favorite video video games like Fifa 99 and Counterstrike.
He grew to become the chief of the prolific Jabber Zeus crew – so named due to their use of the revolutionary Zeus malware and their favorite communication platform, Jabber.
Penchukov labored with a small group of hackers that included Maksim Yakubets – a Russian who would go on to be sanctioned by the US authorities, accused of main the notorious cyber-group Evil Corp.
Penchukov says that all through the late 2000s, the Jabber Zeus crew would work out of an workplace within the centre of Donetsk, placing in six to seven-hour days stealing cash from victims abroad. Penchukov would usually finish his day with a DJ set within the metropolis, enjoying underneath the title DJ Slava Wealthy.
Cyber-crime in these days was “straightforward cash”, he says. The banks had no thought cease it and police within the US, Ukraine and the UK couldn’t sustain.
In his early 20s, he was making a lot cash he purchased himself “new automobiles like they had been new garments”. He had six in whole – “all costly German ones”.
However police bought a breakthrough after they managed to listen in on the criminals’ textual content chats in Jabber and found the true identification of Tank utilizing particulars he had given away concerning the beginning of his daughter.
The web closed in on the Jabber Zeus crew, and an FBI-led operation referred to as Trident Breach noticed arrests in Ukraine and the UK. However Penchukov slipped by way of the web because of a tip-off from somebody he is not going to title. And because of considered one of his quick automobiles.
“I had an Audi S8 with a 500-horsepower Lamborghini engine so after I noticed the cops flashing lights in my rear view mirror, I jumped the pink gentle and misplaced them simply. It gave me an opportunity to check the total energy of my automobile,” he says.
He laid low with a buddy for some time, however when the FBI left Ukraine, the native authorities appeared to lose curiosity in him.
So Penchukov saved underneath the radar and, he says, went straight. He began an organization shopping for and promoting coal, however the FBI was nonetheless on the path.
“I used to be on vacation in Crimea after I bought a message from a buddy who noticed that I had been placed on the FBI Most Needed checklist. I assumed I had bought away with all of it – then I realised I’ve a brand new drawback,” he says, an apparent understatement.
FBIHis lawyer on the time was calm, although, and suggested him to not fear: so long as he didn’t journey outdoors of Ukraine or Russia, US police couldn’t do a lot.
The Ukrainian authorities did ultimately come knocking – however to not arrest him.
Penchukov had been outed as a rich hacker wished by the West and he alleges that just about day by day, officers would come and shake him down for cash.
His coal-selling enterprise was going nicely till Russia’s invasion of Crimea in 2014. President Putin’s so-called “Little Inexperienced Males” – Russian troopers in unmarked uniforms – ruined his enterprise and missiles struck his condominium in Donetsk, damaging his daughter’s bed room.
Penchukov says that it was enterprise troubles and the fixed payouts to Ukrainian officers that led him to as soon as once more fireplace up his laptop computer and get again into the cyber-crime life.
“I simply determined it was the quickest solution to become profitable to pay them,” he says.
His journey charts the evolution of recent cyber-crime – from fast and straightforward checking account theft to ransomware, at this time’s most pernicious and damaging sort of cyber-attack utilized in high-profile hacks this yr, together with on UK Excessive Avenue stalwart Marks & Spencer.
He says ransomware was tougher work however the cash was good. “Cyber-security had improved so much, however we had been in a position to make about $200,000 a month. A lot greater income.”
In a revealing anecdote, he remembers rumours that began a few crew being paid $20m (£15.3m) from a hospital that had been crippled by ransomware.
Penchukov says the information fired up the lots of of hackers within the felony boards who all then went after US medical establishments to repeat the pay day. These hacker communities have a “herd mentality”, he says: “Folks do not care concerning the medical aspect of issues – all they see is 20 hundreds of thousands being paid.”
Penchukov rebuilt his connections and expertise to grow to be one of many high associates of ransomware providers, together with Maze, Egregor and the prolific group Conti.
When requested if these felony teams labored with Russian safety providers – an everyday accusation from the West – Penchukov shrugs and says: “In fact.” He says that some ransomware gang members typically talked about talking to “their handlers” within the Russian safety providers, just like the FSB.
The BBC wrote to the Russian Embassy in London, asking if the Russian authorities or its intelligence businesses engaged with cyber criminals to help cyber espionage, however obtained no reply.
Penchukov quickly rose to the highest once more and have become a pacesetter of IcedID – a gang that contaminated greater than 150,000 computer systems with malicious software program and led to numerous kinds of cyber-attack, together with ransomware. Penchukov was in control of a workforce of hackers who would sift by way of the contaminated computer systems to work out how finest to become profitable from them.
One sufferer they contaminated with ransomware in 2020 was the College of Vermont Medical Middle within the US. In response to US prosecutors, this led to the lack of greater than $30m (£23m) and left the medical centre unable to offer many essential affected person providers for greater than two weeks.
Though no-one died, prosecutors say the assault, which disabled 5,000 hospital computer systems, created a threat of demise or severe harm to sufferers. Penchukov denies he truly did it, claiming he solely admitted to it as a way to scale back his sentence.
General, Penchukov, who has since modified his surname to Andreev, feels the 2 nine-year sentences he’s serving concurrently are an excessive amount of for what he did (he’s hoping to get out a lot sooner). He has additionally been ordered to pay $54m (£41.4m) in restitution to victims.
His view as a younger hacker who began in cyber-crime as a youngster is that Western corporations and folks may afford to lose cash and that every little thing was coated by insurance coverage anyway.
However after I converse to considered one of his early victims from the Jabber Zeus days, it’s clear his assaults did have a dangerous influence on harmless individuals.
Lieber’s Baggage, a family-run enterprise in Albuquerque, New Mexico, had $12,000 (£9,200) stolen in a single swipe by the gang. Proprietor Leslee nonetheless remembers the shock years later.
“It was simply disbelief and horror when the financial institution referred to as as a result of we had no thought what had occurred, and the financial institution clearly did not have any thought,” she says.
Whereas a modest sum, it was devastating for the enterprise, as the cash was used for paying lease, shopping for merchandise and paying employees.
They didn’t have any financial savings to fall again on and, to make issues worse, Leslee’s aged mom was in control of the corporate accounts and she or he blamed herself till the theft was uncovered.
“We had all of these emotions, the anger, the frustration, the worry,” she says.
After I ask them what they want to say to the hackers accountable, they suppose it’s futile to attempt to change the minds of those callous criminals.
“There’s nothing that lets say that may have an effect on him,” Leslee says.
“I would not give him the time of day,” her husband Frank provides.
Penchukov says he didn’t take into consideration the victims, and he doesn’t appear to take action a lot now, both. The one signal of regret in our dialog was when he talked a few ransomware assault on a disabled youngsters’s charity.
His solely actual remorse appears to be that he grew to become too trusting together with his fellow hackers, which in the end led to him and lots of different criminals being caught.
“You’ll be able to’t make buddies in cyber-crime, as a result of the subsequent day, your folks can be arrested and they’re going to grow to be an informant,” he says.
“Paranoia is a continuing buddy of hackers,” he says. However success results in errors.
“For those who do cyber-crime lengthy sufficient you lose your edge,” he says, wistfully.
FBIAs if to focus on the disloyal nature of the cyber underworld, Penchukov says he intentionally prevented any additional contact together with his one-time Jabber Zeus collaborator and buddy Maksim Yakubets after the Russian was outed and sanctioned in 2019 by Western authorities.
Penchukov says that he seen a definite change within the hacker neighborhood as individuals shunned working with Yakubets and lots of of his alleged Evil Corp associates.
Beforehand Penchukov and “Aqua”, as Yakubets was identified, had frolicked in Moscow ingesting and consuming in luxurious eating places. “He had bodyguards, which I assumed was unusual – virtually like he wished to point out off his wealth or one thing,” he says.
Being ostracised from the cyber crime world didn’t deter Evil Corp although and final yr, the UK’s Nationwide Crime Company accused different members of the Yakubets household of being concerned within the decade-long crime spree, sanctioning 16 members of the organisation in whole.
However not like Penchukov, the possibilities of police collaring him or others within the gang appear low. With a $5m bounty out for info resulting in his arrest, Yakubets and his alleged co-conspirators are unlikely to repeat Penchukov’s mistake of leaving their nation.
