Russian hacker had $272,000 in $100 bills, $5 million in bitcoin

A Russian hacker in Los Angeles who had extensive business relationships on the dark web and claimed he had 40,000 stolen credit-card numbers was sentenced Monday to more than nine years in prison on wire fraud charges.

Alexander Tverdokhlebov, 29, pleaded guilty to the charges in March. He came to the United States in 2007 and obtained U.S. citizenship. He actively participated in cybercrime since 2008, according to the Dept. of Justice, and claimed he had gained access to nearly half a billion computers.

“Tverdokhlebov forged lucrative business partnerships with other Russian-speaking cybercriminals, with whom he exchanged tools, services, and stolen personal and financial information,” the DOJ said.

In October 2015 the North Bay Business Journal published a cover story on the dark web and its shady business operations. The Business Journal also holds an annual conference on cybercrime to help local business owners fight online fraud. The next cybercrime conference is scheduled for September 13.

“That's where credit card numbers are sold,” said Michael Leonard, vice president, fraud examiner and anti-money-laundering manager for Exchange Bank, based in Santa Rosa. Leonard previously served as detective for the Sonoma County sheriff for a decade.

Nearly every day, Leonard scanned sites on the darknet. “We search through there as best we can to see if any of our cards are amongst those taken in a breach,” he said.

The Russian hacker sold various illegal services on darknet forums, including laundering of stolen money. He also operated several “botnets,” which are groups of compromised computers that can be used to steal credit card numbers and other financial information.

When federal agents arrested Tverdokhlebov, they seized $272,000 in hundred dollar bills distributed among safe deposit boxes in Los Angeles and Las Vegas. He also had bitcoin valued at nearly $5 million.

Tverdokhlebov sold financial information to other cybercriminals or had accomplices use the data to make fraudulent purchases or withdrawals from victim accounts. The hacker recruited Russian students visiting the United States on J-1 visas to open bank accounts in their names, receive money from victim accounts then transfer the money to Tverdokhlebov or his co-conspirators, the DOJ said.

The plea agreement stipulated to losses between $9.5 and $25 million. As part of sentencing, the federal court ordered the defendant to serve three years of supervised release following his prison term. The conditions included monitoring of Tverdokhlebov's computer use.

Enrique Alvarez, a supervisory special agent for the FBI's 200-agent cyber-intrusion unit in Oakland, spoke at one of the Business Journal conferences on cybercrime. Before joining the FBI, Alvarez worked at several Internet companies in San Francisco and served as a Navy intelligence officer in Iraq. Cyber-crime has drawn greater FBI attention especially since 2012, particularly on intrusions, Alvarez said.

The FBI has 40,000 employees in 56 field offices. The San Francisco office, the fifth-largest in the country, has five “cyber squads.”

Social networking accounts provide cyber criminals with rich troves of information that can be used to invade and attack through business and personal routes. “We track a lot of crime data,” Alvarez said.

Cyber criminals, including those in Russia and Eastern Europe, are “using a lot of infrastructure to conduct nefarious activities targeting” the financial services sector of the economy, Alvarez said. “Those actors are hiding behind foreign infrastructure.”

In massive intrusions such as attacks on JP Morgan Chase, Target and Home Depot, “we mobilize cyber action teams,” Alvarez said. They can work remotely because of the nature of the intrusion. “We can get access virtually to where the victim is,” he said.

“You are dealing with lots of potential violations when you're dealing with a bank,” Alvarez said. “Things happen to banks. We look at practically every bank robbery in the country.”

He did not find any evidence of cyber-crimes against Exchange Bank, he said. All bank robberies automatically become FBI cases because banks are federally insured.

“We have sources in every industry,” Alvarez said, “that give us the pulse of what's going on.” The aim is to identify signs of cyber-attacks before they happen.

“Criminal activity is ruthlessly efficient,” Alvarez said. “They do a lot of experimentation. They understand what doesn't work. Dumb operators in the criminal element usually end up dying - very Darwinistic. In cyber-crime, it's the same thing. They keep trying. What works becomes tactics and procedures” that are continually refined.

Every five seconds, about 112 terabytes (112,000 gigabytes) of data flow through the Internet, Alvarez said, a vast torrent of information in which criminals can find ample nefarious opportunities. “Retail and commercial” bank customers are “big, fat targets for the criminal element,” Alvarez said. “Large companies are continually victimized. They are not looking at how their data is stored and accessed, how they authenticate users. Where are the holes, and how can you plug them?”

Dedicated hackers in other countries consistently seek opportunities online to steal money from businesses and their customers. “They want to transfer money to a foreign bank, socially engineer your employees to convince them to move money from one account to another,” he said. When a bank's online service system goes down, “how much does that cost the bank per minute?” Alvarez said. “Loss of trust with your customers is a big deal.”

James Dunn covers technology, biotech, law, the food industry, and banking and finance. Reach him at: or 707-521-4257

Show Comment