Russian hacker pleads guilty to get-rich-quick botnet

Malware was used to compromise thousands of computer servers around the world and generate millions in fraudulent payments.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read

A Russian hacker pleaded guilty to creating a global botnet to make millions.

Moment Editorial/Getty Images

A Russian hacker has pleaded guilty to installing malware on ten of thousands of computer servers in order to generate millions in fraudulent payments, the US Department of Justice said Tuesday.

Maxim Senakh, 41, admitted as part of his plea agreement to installing Ebury malware on computer servers around the world, including thousands in the United States, the government said. Senakh, along with the criminal organization he worked for, used the malware to create and operate a botnet that would "generate and redirect internet traffic in furtherance of various click-fraud and spam e-mail schemes, which fraudulently generated millions of dollars in revenue," the government said in a release. Senakh also admitted to personally profiting from the Ebury botnet.

Ebury is a malicious computer program -- more specifically an SSH rootkit/backdoor trojan -- that mostly targets servers running the Linux operating system. With Ebury, hackers are able to do things like steal usernames and passwords, as well as use compromised systems to send massive amounts of spam, according to German cybersecurity authority CERT-Bund.

The Russian's guilty plea is a rare hacker conviction for the Department of Justice, which has seen high-profile Russian hackers elude its grasp for years. Earlier this month, the DOJ indicted four hackers, including two Russian spies, responsible for massive Yahoo cyberattacks disclosed last year. Russia hackers are also believed to have meddled in last year's US presidential election. Former US President Barack Obama leveled sweeping sanctions against Russia for its cyberattacks.

Senakh was arrested by Finnish authorities in 2015 and extradited to the US. Following the arrest, Russian officials claimed it was illegal, describing it as an "abuse of the law in violation of internationally accepted procedural norms," Reuters reported.

Senakh is scheduled to be sentenced Aug. 3, after pleading guilty to conspiracy to violate the Computer Fraud and Abuse Act and to commit wire fraud. He faces up to 10 years in prison.