In brief:

  • A Russian nationalist tried to enlist a man to install malware on a Nevada company's network.
  • In return for the deed, the Russian offered up to $1 million.
  • Payment was to be in Bitcoin or cash.

Egor Igorevich Kriuchkov allegedly offered to pay an employee at a Nevada company $1 million in Bitcoin to install malware on his employer’s computer. The plans were foiled, however, when the employee opted to report the Russian national to the FBI instead.

According to court documents unsealed Wednesday, the US Department of Justice charged Kriuchkov, who traveled from Russia to the US to try and recruit the employee (known as CHS1 in the complaint), with conspiracy to damage a protected computer system. The 27-year-old told the employee he was part of a larger gang.

Over the course of three weeks in August, the FBI tracked Kriuchkov’s movements, eavesdropped on his communications, and collected a bevy of evidence against him before arresting him in Los Angeles on Saturday.

The complaint, filed in the US District in Reno on August 23, lays out Kriuchkov’s alleged interactions with the employee in detail: 

In mid-July, Kriuchkov contacted CHS1 via Whatsapp to arrange a meeting in Nevada. (He knew of him through a mutual acquaintance.) Twelve days later, Kriuchkov entered the US, and in August met with the employee several times, paying for dinner and other entertainment.

Kriuchkov told the employee that after the malware was executed, it would provide his Russian colleagues access to data in the unnamed company’s network. Thereafter, the gang would threaten to sell the data in darknet markets unless the company paid a hefty ransom. (The complaint did not spell out how the ransom would be paid, but very often, ransoms are paid in Bitcoin.)

To keep the company's security team preoccupied while the data looting was taking place, Kriuchkov told the employee that his fellow gang members would launch a DDoS attack on the company’s servers.

On August 2 and August. 3, Kriuchkov, the employee, and the employee’s friends traveled to Zion National Park and Lake Tahoe, where Kriuchkov footed the bill for everyone's expenses while trying to dodge any photo opps.  

Late on August 3, Kriuchkov disclosed his true plan to CHS1, explaining that he works for a group that pays employees to plant malware on their employers' servers. Initially, Kriuchkov offered CHS1 $500,000 for installing the malware but later upped the ante to $1 million after the malware transmitted. 

He also agreed to make an upfront payment of roughly 1 BTC and even helped the employee set up a Bitcoin wallet through anonymous browser Tor, so the wallet would not be traceable. 

Kriuchkov told CHS1 “the bitcoin transfer would happen in a few days and he should not take action until the employee received the bitcoin transfer,” the complaint said. 

On August 21, Kriuchkov met up with CHS1 for the final time, telling him the plan was delayed as his group was wrapped up with another project, which was supposed to provide a large payout. He also told CHS1 he was heading out of the US. Law enforcement agents caught up with him the following day before he left the country.

Kriuchkov was charged in a federal court in Los Angeles on Monday. If convicted, he is looking at up to five years in prison and a $250,000 fine.