In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups.
The Spamdot admins went by the nicknames Icamis, and Salomon.
Icamis and Sal were in daily communications with these botmasters, via the Spamdot forum and private messages.
The identity and whereabouts of Icamis have remained a mystery to this author until recently.
For years, security experts - and indeed, many top cybercriminals in the Spamit affiliate program - have expressed the belief that Sal and Icamis were likely the same person using two different identities.
In 2010 Spamdot and its spam affiliate program Spamit were hacked, and its user database shows Sal and Icamis often accessed the forum from the same Internet address - usually from Cherepovets, an industrial town situated approximately 230 miles north of Moscow.
It was common for Icamis to reply when Spamdot members communicated a request or complaint to Sal, and vice versa.
Still, other clues suggested Icamis and Sal were two separate individuals.
That story mentioned Rescator's real-life identity was exposed by Icamis in April 2013, as part of a lengthy farewell letter Ika wrote to Spamdot members wherein Ika said he was closing the forum and quitting the cybercrime business entirely.
To no one's shock, Icamis didn't quit the business: He just got a lot more quiet and circumspect about his work, which increasingly was focused on helping crime groups siphon funds from U.S. bank accounts.
GENTLEMEN SCAMMERS. Icamis and Sal offered a comprehensive package of goods and services that any aspiring or accomplished spammer would need on a day-to-day basis: Virtually unlimited bulletproof domain registration and hosting services, as well as services that helped botmasters evade spam block lists generated by anti-spam groups like Spamhaus.org.
Long-term partnerships with several in several parts of the world for any topic- your own data center and full legal support- realtime backups to neutral sites- guarantees and full responsibility for the services provided- non-standard equipment on request- our own admins to resolve any technical issues- hosting is also possible.
Ssl certificates signed by geotrust and thawte- old domains- beautiful domains- domains with indicators- making unstable gtld domains stable- interception and hijacking of custom domains- full domain posting via web.
Icamis and Sal frequently claimed that their service kept Spamhaus and other anti-spam groups several steps behind their operations.
In 2020, Grichishkin was arrested outside of Russia on a warrant for providing bulletproof hosting services to cybercriminal gangs.
ICAMIS, THE PHANTOM GRADUATE. The identity of Icamis came into view when KrebsOnSecurity began focusing on clues that might connect Icamis to Cherepovets.
Icamis promoted his services in 2003 - such as bulk-domains[.
I can register bulletproof domains for sites and projects advertised by spam(of course they must be legal).
To bring this full circle, Icamis was Andrey Skvortsov, the other Russian man charged alongside Grichiskin.
The government says Ika and Sal's bulletproof hosting empire provided extensive support for a highly damaging cybercrime group known as the JabberZeus Crew, which worked closely with the author of the Zeus Trojan - Evgeniy Mikhailovich Bogachev - to develop a then-advanced strain of the Zeus malware that was designed to defeat one-time codes for authentication.
This Cyber News was published on krebsonsecurity.com. Publication date: Mon, 08 Jan 2024 18:05:29 +0000