Pavel Vrublevsky owns a controlling stake in the Dutch-registered company ChronoPay, his partner is a native of the GRU Leonid Terekhov.
Biography
2006-2008: mp3search.ru и E-Avia
Vrublevsky gained fame on the Internet thanks to a number of initiatives and scandals around him. In 2006-07 He, together with the former producer of the Tatu group Ivan Shapoval, acquired an online store mp3search.ru. Then Vrublevsky actively opposed the entry into force of the IV part of the Civil Code and for the preservation of the then existing model for collective copyright management on the Internet.
Vrublevsky supported one of these societies - FAIR, in connection with which the rival ROMA society even tried to get a criminal case against Chronopay. However, since 2008, due to changes in legislation, this scheme has become illegal and Vrublevsky left this business.
Since 2007, after the legalization of electronic tickets in Russia, Chronopay has been actively engaged in processing in this area, organizing the E-Avia project.
2009: Conflict with Igor Gusev
Since 2009, Vrublevsky, together with the Russian e-commerce association, has been engaged in the fight against the creator of the partner network for the sale of pharmaceuticals Glavmed Igor Gusev, who was called almost the main spammer in the world. In 2010, a criminal case was opened against Gusev.
Gusev himself did not remain in debt and posted dirt on Vrublevsky on the Internet. In particular, Gusev presented evidence that he was a co-owner of Chronopay, and then, according to him, was forced to give up his shares under pressure from Vrublevsky. Gusev also accused Vrublevsky of having links to a number of dubious Internet projects engaged in spam, pharmaceuticals, pornography, as well as affiliation with Fiethard Finance. This payment system provided anonymous banking on the Internet, but in 2007 it went bankrupt and did not pay off many customers. Vrublevsky denied these accusations.
2010: Attack on Aeroflot website
In 2010, Chronopay itself became the object of hacker attacks several times, in particular, at the end of the year its payment page was replaced, due to which data on the cards of some customers was leaked. In the same year, cybersecurity expert Brian Krebs accused Vrublevsky of creating a fake Mac Defender antivirus.
In the summer of 2010, Vrublevsky organized an attack against the Assist payment system, as a result of which payment for electronic tickets did not work on the website of his main client Aeroflot for a week.
The FSB was able to calculate the alleged customer and executors thanks to the "operational capabilities" in the Webmoney system. It was discovered that during the days of the attack, several thousand dollars were transferred from an electronic wallet allegedly owned by Chronopay to a user's wallet with the nickname "Engel." It turned out that this wallet was registered to Igor Artimovich, a native of the Leningrad Region.
The Webmoney entry log made it possible to determine the user's IP address, and with its help, the real address of the apartment, which Igor Artimovich and his brother Dmitry were filming at that moment in Moscow. The Internet channel of the suspects was taken under "monitoring," as a result of which the fact of entering the control panel of the Topol-Mailer software, located on the server of the American provider LayeredTech, was established. Traffic analysis using the Ufasoft Sniffer and WireShark utilities made it possible to identify the login and password from this resource.
Going into the Topol-Mailer panel in this way, the operatives found that this is a botnet used to send spam and organize Ddos attacks. The panel contained information about the addresses of the attacked resources and infected computers ("bots"), as well as a file with malicious software. The Group-IB specialists involved by the FSB confirmed the conclusions of the investigation, and also established the fact that the IP addresses of a third of the computers that attacked Assist coincided with the IP addresses of the bots used by Topol-Mailer.
Although the above actions occurred in August 2010, the arrests of the suspects did not begin until nearly a year later. The first in June 2011 in St. Petersburg was arrested Igor Artimovich (by that time he and his brother had already left Moscow). The suspect soon confessed.
Igor Artimovich said that together with his brother Dmitry, since 2007 they have been selling pharmaceuticals on the foreign Internet, which are not available without prescriptions in ordinary pharmacies. For this, spam mailings were used, which were carried out using software leased from a certain person with the nickname "Google." In 2009, the brothers developed their own software for managing the Topol-Mailer botnet.
At the same time, on the Crutop forum, used by web masters of "gray" services, they met Pavel Vrublevsky. Note that many consider Vrublevsky the creator of this forum, but he himself denies this. In a conversation with the entrepreneur, Artimovichi complained about his former partner Igor Gusev, with whom at that moment Vrublevsky had a conflict. Artimovichi said that Gusev allegedly "throws" his partners on the Glavmed network, which distributed pharmaceuticals on the Internet.
From the words of Igor Artimovich it follows that Vrublevsky at that moment had his own partner pharmaceutical network - Rx-Promotion. Artimovichi found non-deliveries in the software of this network and told about it to Vrublevsky. The entrepreneur invited the brothers to come to him in Moscow.
The meeting took place in early 2010. The owner of Chronopay invited the brothers to talk with the general director of Technical Solutions Yuri Kabaenkov (uses the Helman nickname on the Internet), who, according to Artimovich, was presented to him as a partner in Rx-Promotion. During the interrogation, Kabaenkov confirmed to investigators that in 2008 he organized together with Vrublevsky the company Rx-Promotion, which was engaged in the distribution of pharmaceuticals through mailings and the promotion of its storefronts in search engines.
According to him, he received from Vrublevsky from 5 to 7% for each product sold, his income per month was $10-15 thousand. However, both Kabaenkov and Artimovich admitted in their testimony that the meeting between them in the Chronopay office was unsuccessful. Kabaenkov decided that Rx-Promotion software is quite completely and he does not need the services of Artimovich. Vrublevsky told CNews that he was familiar with Kabaenkov, but he had nothing to do with Rx-Promotion. Whether there was a specified meeting with Artimovichi, he does not remember.
From the testimony of Artimovich it follows that Vrublevsky did not participate in the negotiations between them and Kabaenkov. However, upon returning to St. Petersburg, they contacted the owner of Chronopay through ICQ and were still able to interest in their proposals for finalizing Rx-Promotion. To demonstrate their capabilities, Artimovichi organized a Ddos attack on the partner program website.
To carry out the attack, the Artimovichs needed "bots" that they acquired on the forum Spamdot.biz. Note that part of the Topol-Mailer software was the crypted.exe bootloader: it was just sent by sellers of "bots" for installation on infected computers and their subsequent inclusion in the botnet. The attack was successful, and, as Artimovich said, having purchased 1,000 bots, they needed only about 100 to realize the goal.
The attack, according to Artimovich, made an impression on Vrublevsky, after which the entrepreneur decided to order the brothers to finalize the software used in Rx-Promotion. Also, the owner of Chronopay handed them the contacts of a person with the nickname "Scraft," presenting him as the coordinator of this project. Later it turned out that "Scraft" is a Chronopay security officer Maxim Permyakov.
Permyakov joined Chronopay shortly before these events - at the end of 2009. Before that, he worked for many years at the FSB Information Security Center (CIB). He crossed paths with Vrublevsky at a party of webmasters of the aforementioned Crutop forum, and was introduced to them by another then employee of the Central Security Service - Alexander A.
After the arrest of Igor Artimovich, the then head of the Chronopay security service, Vladimir Stepkov, called Vrublevsky, who was on vacation in the Maldives. Stepkov, as follows from his testimony, warned the entrepreneur that he should not return to Russia, otherwise he should not avoid arrest. Maxim Permyakov was present in the office at that moment. According to Stepkov's memoirs, Permyakov admitted to him that he was an intermediary between Vrublevsky and Artimovichi, after which he took a vacation and left in an unknown direction.
A friend of Yuri Kabanekov - Yuri Shevchenko (in his testimony described himself as a "programmer of erotic sites") - tried to help Permyakov. He found him an apartment in the suburbs, which could be rented without registration. However, Permyakov was still detained and admitted everything. Vrublevsky, without listening to advice, returned to Moscow and was arrested right at the airport. At the first interrogation, held on the night of June 22-23, he said that he had nothing to do with the attack on Aeroflot, he knew Artimovichi very superficially, and considered the incident a "slander" by one of the leaders of the Central Security Service. However, on July 1, the entrepreneur confessed.
Of all the defendants in the case, only Dmitry Artimovich, who was resting in Thailand at that time, remained free. After the arrests that occurred, he decided to voluntarily return to Russia, where he was also detained and signed a confession.
The description of the Ddos attack in the testimony of all four defendants in general terms converges. Vrublevsky instructed Permyakov through the Artimovich to stage this attack. The then financial director of Chronopay, Maxim Andreev, recalled during interrogation that Vrublevsky summoned him to his office and instructed Permyakov to transfer funds through Webmoney in order to "punish some people."
On July 15, 2010, Permyakov contacted Artimovichi via ICQ and handed them the task. The brothers agreed, warning that they would need cash. Since there was a delay in the transfer of the first tranche in the amount of $2 thousand, Permyakov told the brothers to use the funds previously transferred by him as part of a pharmaceutical project.
The attack began, the "Assist" servers ceased to function normally. Permyakov received a login and password from the brothers from the Topol-Mailer control panel and periodically entered it from a mobile phone, checking the course of the attack. Vrublevsky, according to his testimony, also controlled the attack, going from the phone to the Aeroflot website and trying to buy an air ticket.
A few days later, Artimovichi reported that they were facing "resistance": Assist tried to defend itself with the help of Kaspersky Lab. Permyakov conveyed to them the words of Vrublevsky that the attack should last at least a week. In this regard, the type of attack was changed.
As Igor Artimovich explained in his testimony, first the type "http-flood" was used, when the attacked resource is overloaded with "massive and illogical requests." The type was then changed to "udp-flood": the communication channel used by the attacked resource began to be "clogged" with meaningless data packets.
According to the testimony of Dmitry Artimovich, at first the brothers used their own "bots" to attack, but then began to buy them on the side. To do this, they went to Google and entered the appropriate requests, the cost of bots ranged from $7 to $35 per 1,000 pieces, depending on their country. Initially, in a conversation with Permyakov, the brothers estimated their costs of buying bots at $500/day, then this amount increased to $1 thousand/day. On the day, Artimovichi bought about 30 thousand bots (according to Group-IB, the Topol-Mailer network during the attack days combined up to 250 thousand "bots").
During the attack, Permyakov transferred Artimovicham through Webmoney a total of $20.6 thousand. A week after the attack began, Artimovichi told Permyak that Assist now uses several different payment gateways. Permyakov says in his testimony that, after consulting with Vrublevsky, he gave them instructions to attack the gateway through which payments to Aeroflot go. The attack continued for a while.
On July 24, 2010, Artmiovichi proposed Permyakov to stop the attack: they stated that the attack power was decreasing, the purchase of new "bots" was required to continue it, while the purpose of the attack was already achieved. "Well, if they can't, they can't," Permyakov quotes Vrublevsky's answer. Vrublevsky himself in his testimony explained the decision to stop the attack with a large public resonance around her and fear of negative consequences.
Vrublevsky in his testimony explained the reasons for the attack by "Assist" with a desire to take revenge on competitors for luring Chronopay employees and spreading rumors to trade about his company with pornography. Former TsIB employee Alexander A., who knew Vrublevsky well, also says that the entrepreneur really wanted to get a contract with Aeroflot and was even ready to bribe $1 million for this (Vrublevsky told CNews that he had no intentions to bribe).
Aeroflot will be ours, "Yuri Kabaenkov quotes Vrublevsky in his testimony. During the days of the attack against Aeroflot, Kabaenkov tried to buy an electronic movie ticket. The purchase failed, as the corresponding site was maintained by Assist. Learning then from the news of the attack against Assist, Kabaenkov immediately realized that Vrublevsky had ordered it.
2011
Arrest
June 24, 2011, on Friday, the Lefortovo Court of Moscow authorized the arrest of the general director of ChronoPay Pavel Vrublevsky. The arrest was made at the request of the FSB Investigative Committee for a period of a month. A CNews source at Chronopay confirmed the arrest, specifying that it happened on Thursday: that day, Vrublevsky returned with his family to Moscow and was immediately arrested at Sheremetyevo airport[1]
The FSB suspects Vrublevsky of ordering in 2010 a DOS attack on the website of the competing payment system Assist. Then the Aeroflot electronic ticket sales system was disabled, which is why the airline left Assist for Alfa Bank. Aeroflot also filed a lawsuit for 194 million rubles. to VTB-24, which, through Assist, provided Aeroflot with payment processing, but it was rejected.
However, the FSB estimates the losses of Assist and Aeroflot at only 1 million rubles. According to the investigation, having ordered the attack, Vrublevsky tried to discredit the competitor, as he himself claimed to process payments for electronic tickets.
Legal adviser ChronoPay Dave Schlendorf explained to the Financial Times that the prosecution is based on the testimony of the previously arrested hacker Igor Artimovich, who admitted that he and his brother staged a hacker attack on Assist. Artimovich called Vrublevsky the customer of the attack (a copy of the testimony was posted on the Internet). Schlendorf said that Vrublevsky denies the charges and he is not personally familiar with Artimovich, but communicated with him only through. Internet
The Moscow City Court refused to satisfy the cassation appeal regarding the arrest of the founder and general director of the Chronopay payment system Pavel Vrublevsky. According to the last court decision issued on October 18, 2011, his stay in the isolation ward was extended until December 23, 2011.
The businessman's defense offered to pay a deposit of 30 million rubles. for his release, or replace the arrest with a recognizance not to leave.
The general director of Chronopay is charged with two articles of the Criminal Code of the Russian Federation: Art. 272 (illegal access to computer information) and 273 (creation, use and distribution of malicious programs). Under these articles, he faces imprisonment for a term of 3 to 7 years. The damage caused to Help and Aeroflot from the attack is estimated at 1 million rubles. As follows from the materials of the defense, Vrublevsky fully admitted his guilt, repented of his deed and collaborated with law enforcement agencies.
Maxim Permyakov and the Artimovichi brothers were released on recognizance not to leave in the summer of 2011. At the end of the same year, a similar preventive measure was chosen in relation to Pavel Vrublevsky. Despite the presence of confessions, the trial in the Tushinsky district of the Moscow court in this case was delayed. The defense put the legality of a number of investigative actions, challenging, in particular, the authenticity of the signatures understood under the protocols for inspecting material evidence in the investigative department of the FSB.
Also during the process, it turned out that Vrublevsky's motive to order this attack is not so obvious. The tender to choose a single payment solution for Aeroflot took place even before the attack. Chronopay participated and lost in it, and Assist and VTB-24 did not even take part (Assist was a subcontractor of VTB-24 under a contract with Aeroflot). After the attack, Aeroflot terminated the contract with VTB-24 ahead of schedule and switched to Alfa Bank for service.
From June to December 2011, P. Rublevsky was in jail.
The involvement in the case of the ex-head of the FSB information security center Sergei Mikhailov
Interfax notes that the name of Vrublevsky appeared in the media in connection with the case of the former head of the Information Security Center (CIB) of the FSB of Russia, Sergei Mikhailov, convicted of long-term imprisonment for high treason.
So, according to some reports, the investigation found out that Mikhailov in 2011, through intermediaries, transferred information to the FBI about operational-search activities in the case of Vrublevsky, who is considered a cybercriminal in the United States.
2012: Recognizance not to leave, lawsuit against Kaspersky Lab
At the beginning of 2012, at the stage of the investigation, Igor Artimovich refused his testimony. It told investigator Sergei Dadinsky that he had signed a confession in the hope that he would let him go. Dmitry Artimovich and Pavel Vrublevsky also told CNews that they were going to refuse to testify. But Maxim Permyakov confirmed his testimony to the court.
Thus, it turns out that of the four defendants in the case, only the former FSB officer has confessions. However, two weeks ago, the court changed the measure of restraint for Vrublevsky and took him into custody due to threats to the witness. The entrepreneur's lawyers believe that in this way Vrublevsky was punished because of active protection. The performance of Vrublevsky himself should take place on June 18.
- On April 3, 2012, it became known that the owner of Chronopay CJSC Pavel Vrublevsky is preparing a deal to sell Chronopay and is creating a media holding RNP (Russian National Programming).
- On November 27, 2012, it became known that the founder and owner of the Chronopay payment system Pavel Vrublevsky filed a lawsuit in the Khoroshevsky District Court of Moscow against Kaspersky Lab (KL LK). The reason for the claim was the publication on the blog belonging to the LC of the Securelist.com on the progress of the investigation of the DDos attack on the Aeroflot website (Vrublevsky is being held in this criminal case as an accused). A copy of the statement of claim is at the disposal[2]
The owner of Chronopay did not like the fact that the authors of the publications, even before the court decision, call him guilty of organizing a DDos attack and talk about his criminal past. And one of the publications suggests that, as in some previous criminal cases against Vrublevsky, the owner of Chronopay will be able to evade responsibility. Vrublevsky claims that no cases have been opened against him before.
The founder of Chronopay believes that such statements damage his business reputation and are an attempt to put pressure on the process in the Tushino court, where his case is being considered. In this regard, Vrublevsky demands from LC a refutation of the above publications and compensation for damage in the amount of 146 million rubles.
In such an amount, the plaintiff estimates the lost profit that the company suffered due to publications on the Securelist.com. The LC said they were not familiar with the contents of the lawsuit. But publications in blocks are based on open sources, which are always referenced, the company added.
In parallel, the FSB investigation established that Pavel Vrublevsky was the customer of the attack, who in November 2012 was under recognizance not to leave.
Kaspersky Lab is also involved in this case: it tried to organize the defense of Assist, and also conducted an examination at the request of the FSB. When Vrublevsky was arrested, the head of the LC Yevgeny Kaspersky on his Twitter publicly expressed his joy in connection with this event.
2013: Staging to the settlement
In June 2013, due to threats to a witness, the court changed the preventive measure for Vrublevsky to arrest. In July, Vrublevsky and Artimovichi were sentenced to 2.5 years in a correctional colony each. The defendants disagreed with the verdict and appealed. Permyakov, who did not refuse confessions, received a suspended sentence.
In November 2013, the Moscow City Court commuted the punishment of the defendants in the case of the DDoS attack on Aeroflot. Earlier, the Tushinsky District Court found Pavel Vrublevsky, the owner of the Chronopay payment system, guilty of the attack as the organizer and brothers Igor and Dmitry Artimovich, as well as the Chronopay security officer Maxim Permyakov as performers.
Before the hearings in the Moscow City Court, Vrublevsky changed his lawyer: instead of Lyudmila Aivar, he became the famous lawyer Heinrich Padva. In addition, during the hearings, Vrublevsky and Artimovichi again recognized the fact of a DDoS attack, but continued to consider themselves innocent.
Initially, all the aforementioned defendants were charged under Articles 272 of the Criminal Code (illegal access to information protected by law) and 273 of the Criminal Code (creation of malicious software). However, due to changes in legislation, the charge under the article lost the statute of limitations and was dropped. As for Article 272, the composition incriminated to the accused under this article - "illegal access, which entailed blocking the work of computers"), was decriminalized in 2011.
In this regard, the accused spoke of their innocence. Prosecutor Sergei Kotov objected to the appeal. In his opinion, the very possibility of unlawful access to information is criminally punishable.
And in their last word, Vrublevsky and Artimovichi have already pleaded guilty. After the judge retired to the deliberation room, prosecutor Kotov approached Vrublevsky and said that if he had pleaded guilty at the beginning of the hearing, perhaps the prosecutor would have voiced a different opinion regarding the verdict.
As a result, the court left the previous terms of imprisonment, changing the conditions for serving the sentence. Instead of a correctional colony, Vrublevsky and Artimovichi will serve him in a penal colony. In such colonies, the convict is not in custody, and in some cases may even reside in villages adjacent to the colonies.
The Artimovichi brothers were released from custody in the courtroom for self-transfer to the colony. Vrublevsky will be taken there under escort, and there he is disengaged. This is due to the fact that, as already mentioned, earlier the district court issued him a preventive measure in the form of arrest until the end of December, which continues to operate. "You were just unlucky," Heinrich Padwa told his client.
2014: Plan to return from Chronopay management in June 2014
The founder of one of the largest Chronopay processing systems in Russia, Pavel Vrublevsky, will return to operational management of the company in mid-June 2014 after a three-year break, Vrublevsky told ITAR-TASS, according to ITAR-TASS.
"I stepped away from operational management of the company in June 2011, when, as a result of my arrest, I had to resign as CEO. In mid-June, I will return to the operational management of the company with the rank of chairman of the board of directors. The main task now is to agree with alternative payment systems on the support of their cards. In particular, we are talking about China Unionpay, a universal electronic card and the Golden Crown, "said Vrublevsky.
Vrublevsky was convicted of organizing an Internet attack (DDoS) on the website of the competing payment system Assist, which served sales of Aeroflot electronic tickets. As a result, the ticket sales system was disabled, Aeroflot switched to service to Alfa-Bank and filed a lawsuit in the amount of 194 million rubles. to VTB24, who through Assist was engaged in processing payments for tickets. Vrublevsky was arrested in June 2011 and then convicted under Art. 272 h. 2 (illegal access to computer information, which caused major damage or committed out of selfish interest).
Chronopay specializes in processing bank cards on the Internet. According to its own data, the company serves about 45% of bank card payments in Runet. The company can process up to 3 thousand transactions per minute. The controlling shareholder of the company is Vrublevsky.
2022: Detention in fraud case
On March 10, 2022, it became known about the detention of Pavel Vrublevsky in a criminal case of fraud (Article 159 of the Criminal Code of the Russian Federation). The founder of the processing company Chronopay was taken to the investigative department of the Ministry of Internal Affairs, TASS reports, citing a law enforcement source.
According to him, by March 10, 2022, Vrublevsky is being interrogated, and based on the results of these events, a decision will be made on the measure of restraint of the entrepreneur. A RBC source confirmed the detention of Pavel Vrublevsky and added that searches are being carried out at the addresses of the businessman and his parents in Moscow and the Moscow region. Details of the case have not been released.
It is noted that Pavel Vrublevsky himself has not been doing very well lately before the arrest. In 2018, one of Chronopay's legal entities, Chronopay Services, was declared bankrupt. The arbitration manager of the company through the court demands to recover from Vrublevsky and the former leaders of the company about 70 million rubles. jointly and severally in the order of subsidiary liability.
By March 2022, Chronopay works through another legal entity, Chronopei Vostok, to which a number of lawsuits have also been brought, and the Federal Tax Service has repeatedly imposed restrictions on the company's accounts.[3]
On December 12, 2022, it was reported that Pavel Vrublevsky, accused of fraud, fully repaid the damage in his case.
2023: Charge of fraud for 425.5 million rubles
At the end of October 2023, the Khamovnichesky District Court of Moscow began consideration of the merits of the case of Pavel Vrublevsky, general director of Chronopei Vostok (Chronopay), and its employees. We are talking about large-scale fraud and other criminal acts.
Chronopay positions itself as a service for receiving payments for goods and services on the Internet with bank cards from buyers anywhere in the world. According to the Kommersant newspaper, Vrublevsky has developed a plan for embezzlement of funds from individuals' accounts. For this, Internet resources of two different types were used. One of the schemes is that websites simulate the conduct of real financial and economic activities, and theft of funds is carried out in transactions for the purchase of goods. On other types of sites, deliberately false information was posted about the possibility of visitors receiving various "significant property benefits" or large cash prizes in return for performing certain operations.
According to the case file, visiting fraudulent sites led to illegal debiting of funds from users' bank cards. The criminal scheme, according to the case, was integrated into the Chronopei software, and the defendants selected the "technical" companies under their control to withdraw funds.
The scheme built by Vrublevsky, according to the investigation, made it possible not only to write off money from the card of a visitor to the site, but also sent a deliberately false electronic message to the issuing bank that the transaction was a legitimate financial transaction. The total damage from fraudulent actions exceeded 425.5 million rubles.
In addition to Vrublevsky, employees of the Chronopei Vostok company Aleksei Belyaev and Matvey Vedyashkin, as well as another defendant Nadezhda Akimova, are being tried in the same case. As of the end of October 2023, Pavel Vrublevsky does not admit guilt.[4]
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |