Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

United States v. Bondarenko

United States District Court, D. Nevada

June 12, 2019

UNITED STATES OF AMERICA, Plaintiffs,
v.
SVYATOSLAV BONDARENKO, et al., Defendants.

          ORDER

         Presently before the court is the matter of United States v. Bondarenko et al., case number 2:17-cr-00306-JCM-VCF. The following motions are pending:

(1) John Telusma's motion for leave to file reply (ECF No. 562);
(2) Magistrate Judge Peggy A. Leen's report and recommendation (ECF No. 534);
(3) Magistrate Judge Leen's report and recommendation (ECF No. 533);
(4) Magistrate Judge Leen's report and recommendation (ECF No. 529);
(5) Magistrate Judge Leen's report and recommendation (ECF No. 528);
(6) Magistrate Judge Leen's report and recommendation (ECF No. 527);
(7) Magistrate Judge Leen's report and recommendation (ECF No. 525);
(8) Magistrate Judge Leen's report and recommendation (ECF No. 524);
(9) Telusma, Frederick Thomas, Aldo Ymeraj, and Marko Leopard's motion to dismiss (ECF Nos. 476, 533);
(10) Telusma's motion to suppress (ECF No. 475);
(11) Valerian Chiochiu's motion to suppress (ECF No. 474);
(12) Chiochiu's motion to dismiss (ECF No. 473);
(13) Leopard, Telusma, Thomas, Chiochiu, Pius Wilson, and Ymeraj's motion to dismiss (ECF Nos. 471, 525);
(14) Leopard's motion to dismiss (ECF No. 468); and
(15) Thomas' motion to dismiss (ECF No. 467).

         I. Background

         This prosecution involves the takedown of Infraud Organization, a transnational cybercrime syndicate consisting of 10, 901 members. (ECF No. 303). Infraud Organization operated a website that served as the premier destination to traffic contraband that criminals recovered through acts of identity theft and financial fraud. Id. Infraud Organization also used advertisements on its website to direct illicit activity to its members' automated vending sites, which were online platforms that transacted stolen personal and financial information. Id.

         The purpose of Infraud Organization was to operate an online discussion forum that provided for the purchase and sale of high-quality contraband. Id. The forum, which was called “In fraud” and had the slogan “In Fraud We Trust, ” provided several safeguards to further the aims of the syndicate and protect its members from criminal liability. Id. All members remained anonymous to each other by interacting solely with usernames and concealed the nature of their transactions by using digital currencies. Id. The forum also allowed members to rate vendors as a means of maintaining the quality of contraband available on the Infraud website. Id.

         In the early days of the syndicate, co-founder defendant Svyatoslav Bondarenko established rules that governed members' conduct on the website. Id. Infraud Organization routinely policed the forum for rule-violators such as “rippers, ” which are vendors of low-quality illicit goods or vendors that do not deliver goods and services in accordance with the terms of their transactions. Id. The enforcement of these rules and the successful operation of the forum required Infraud Organization to create the following hierarchy:

• Administrators, a.k.a. 4DMini57r470rz, formed the governing council of Infraud Organization. Id. They handled the long-term strategic planning of the syndicate and made day-to-day management decisions including but not limited to who can join the syndicate, rewards for loyal members, punishments for disloyal members, and retaliatory measures against rival criminal organizations. Id.
• Super moderators, a.k.a. Super M0DER470R5, oversaw subject-matter areas on the forum that were within their expertise or geographic area. Id. Super moderators would primarily review products, mediate disputes, and edit/delete posts. Id.
• Moderators, a.k.a. M0d3r470r2, had the same responsibilities as super moderators but Infraud Organization limited their authority to moderating one or two specific sub-forums. Id.
• Vendors, a.k.a. professors or doctors, sold illicit products and services to members of Infraud Organization. Id. Although these transactions often occurred on the vendors' own websites, the vendors would pay Infraud Organization so they could advertise their websites on the forum. Id. Vendors also sold products and services directly to customers by using email, private messages on the forum, and instant messaging services. Id.
• VIP members, a.k.a. fratello masons or advanced members, are longstanding or otherwise notable members of Infraud Organization. Id.
• Members, a.k.a. Phr4Ud573r, are general members of Infraud Organization. Id. They would use the forum to gather information about perpetrating criminal activities, solicit other members to engage in criminal schemes, pay for and post advertisements, and traffic contraband. Id. Members also relied on moderators or administrators to settle disputes that arose from transactions. Id.

         Individuals would join Infraud Organization as members by having an administrator grant their request to join the forum. Id. After joining the syndicate, members could move up and down the hierarchy. Id.

         Infraud Organization operated from October 2010 to February 2018 and caused more than $568, 000, 000.00 in losses. (ECF Nos. 303, 573). Bondarenko and defendant Sergey Medvedev created Infraud Organization shortly after Bondarenko was banned from Carder.su, which was another cybercrime syndicate that operated from November 2005 to January 2012. (ECF Nos. 467, 504). Carder.su and Infraud Organization had similar hierarchy structures, engaged in similar criminal activities, and had over 10, 000 members. Id. However, Carder.su used a different online forum and had different leadership. Id. Due to the anonymity of the conspirators, it is unclear to what extent the memberships of the two syndicates overlapped. See (ECF Nos. 504, 510).

         Three defendants in this litigation, Thomas, Lirdon Muslie, and John Doe #5, a.k.a. Deputat, were previously indicted in a separate case for their involvement in the Carder.su conspiracy. (ECF No. 504). Thomas joined Infraud Organization several months after the government took down Carder.su. Id. He continued to engage in illicit activities on the Infraud website up until November 2014, just one month before a federal court sentenced Thomas to sixty months of custody for his involvement in the Carder.su conspiracy. Id.

         A fourth defendant, Leopard, is a resident of the Republic of North Macedonia. (ECF Nos. 468, 502). In 2016, a Macedonian court indicted Leopard for the crime of making and using fake payment cards in violation of Macedonia Criminal Code Art. 274-b(2). Id. The Macedonian indictment included allegations of cybercrime activities, such as selling stolen information through the website www.tonymontana.cc, that the government has also alleged in this case. See (ECF Nos. 303, 468-1). Leopard eventually admitted guilt and, on December 13, 2016, the Macedonian court sentenced Leopard to twelve months of imprisonment. (ECF Nos. 468, 468-2). Leopard completed his term of custody on August 25, 2017. (ECF No. 468-3).

         A fifth defendant, Chiochiu, joined Infraud Organization in December 2012. (ECF Nos. 473, 503). According to the government, Chiochiu helped other members develop, deploy, and use malware as a means of harvesting data. Id. Chiochiu allegedly developed a variant of FastPOS software, which is a program designed to infect computers that handle credit card data and steal financial information. (ECF No. 503). Chiochiu also allegedly shared with other members a programming script that can create automatic vending websites for the sale of fraud-related products. (ECF Nos. 473, 503).

         Several defendants, including Thomas, Leopard, Ymeraj and Telusma, were vendors in Infraud Organization. (ECF No. 303). Their alleged activities included operating websites that facilitated illicit activity. Thomas hosted a website that provided a look-up service, which allowed Infraud Organization members to obtain compromised social security numbers and other personal information. Id. Leopard, Ymeraj, and Telusma hosted websites that sold compromised credit card data. Id. Telusma's website also provided services that allowed Infraud Organization members to launder funds that they illicitly obtained. Id.

         II. Procedural History and Warrants

         On September 19, 2017, the government initiated this prosecution. (ECF No. 1). The second superseding indictment names thirty-six defendants and asserts nine counts: a single charge for racketeer influenced and corrupt organizations (“RICO”) conspiracy in violation of 18 U.S.C. § 1962(d) and eight charges for possession of fifteen or more counterfeit and unauthorized access devices in violation of 18 U.S.C. § 1029(a)(3). (ECF No. 303).

         Throughout the course of litigation, the government searched two premises that are relevant to the court's present inquiry. The first search was of Chiochiu's residence (“Chiochiu warrant”) and the second search was of Telusma's residence (“Telusma warrants”). (ECF Nos. 474, 475).

         A. Chiochiu warrant

         On March 28, 2018, Chiochiu self-surrendered. (ECF Nos. 363, 474, 501). During his arrest, Chiochiu provided law enforcement officials with a home address at which he did not actually live. (ECF No. 474-1). Chiochiu also turned over three digital devices: two computer hard drives and an iPhone. Id. Later that day, Chiochiu pleaded not guilty and the court released him on a personal recognizance bond. (ECF Nos. 358, 360).

         Forensic analysis of the devices revealed that, on the day before his arrest, Chiochiu “surgically wiped” the hard drives with a program called “CCleaner” and deleted data on the iPhone by resetting it to factory settings. (ECF No. 474-1). Chiochiu attempted to conceal these acts by leaving a large amount of innocuous data, such as personal photos and documents, on the hard drives. Id. However, one of the hard drives contained artifacts indicating the presence of FastPOS malware and cryptocurrentcy-related software. Id.

         While examining these devices, Special Agent Michael Adams concluded that Chiochiu is a sophisticated software developer. Id. Adams further concluded that Chiochiu retained a body of prior work on other devices because software developers often retain previous code so they can efficiently solve similar problems in the future by making minor adaptations to existing libraries. Id. Adams believed, in his training and experience, that these other devices were in Chiochiu's place of residence. Id

         In October 2018, the government discovered that Chiochiu's wife, Irina Calaras, was residing at 68 Borghese, Irvine, California 92618 (“Borghese property”). Id. Law enforcement officials surveilled the property and, on October 25, 2018, observed Chiochiu at the residence taking out the trash. Id. On November 5, 2018, Magistrate Judge Autumn D. Spaeth of the Central District of California issued a search warrant on the Borghese property and authorized law enforcement officials to seize funds, devices, and instrumentalities related to Chiochiu's trafficking of contraband. Id.

         Two days later, law enforcement officials executed the search warrant. (ECF Nos. 474, 501). The government found Chiochiu at the residence and arrested him for violating his terms of pretrial release. Id. The government also seized cards, cash, and twenty-one digital devices- laptops, tablets, cell phones, and loose hard drives. Id.

         B. Telusma warrants

         On February 5, 2018, Magistrate Judge James Orenstein of the Eastern District of New York issued a search and seizure warrant for Telusma's residence located at 42 Paerdegat 5th Street, Brooklyn, New York (“Brooklyn property”). (ECF No. 475-1). The warrant's affidavit contained significant content of Telusma's role as a vendor in Infraud Organization. Id. Telusma primarily provided money laundering services and engaged in carding-purchasing retail items with counterfeit or stolen credit cards. Id.

         The affidavit also disclosed that the government recovered Telusma's Infraud-registered email account, peterelliot@live.com. Id. The account contained emails revealing that Telusma received compromised credit card numbers and that on one occasion he contacted Medvedev with regards to a rule-violator. Id. The account revealed that Telusma sent some of these emails with his iPad. Id. According to the affidavit, the government also discovered Telusma's Facebook account, which had various posts related to illicit activities that included images depicting his smartphone, iPad, and MacBook Pro. Id.

         The affiant explained that, in her training and experience, individuals who commit electronic and internet-based crimes possess multiple digital devices. Id. The affiant further explained that cybercriminals retain old devices because they are aware that the devices contain contraband and other evidence of criminal activity. Id. Consistent with the contents of the affidavit, the affiant concluded that Telusma possessed his smarphone, iPad, and MacBook Pro and that the devices were likely located at Telusma's place of residence. Id.

         On February 6, 2018, law enforcement officials executed the search warrant for the Brooklyn property. (ECF Nos. 474, 515). The agents found Telusma sleeping in a bedroom and observed an iPhone, external hard drive, MacBook Pro, USB thumb drive, and a box filled with white credit card blanks. (ECF No. 523). The government immediately obtained a supplemental warrant, which authorized the seizure of the above-referenced items. Id. On that same day, law enforcement officials returned to the Brooklyn property and seized an iPhone 8, iPhone X, iPad, MacBook Pro, external hard drive, and credit card blanks. (ECF Nos. 475, 475-1, 515).

         On March 13, 2018, Homeland Security Investigations agents in Las Vegas, Nevada received the devices and began examining their contents in April 2018. (ECF No. 515). However, the February search warrants did not authorize examination of the devices. Id. Once the agents discovered this, they ceased their activities and requested a search warrant from Magistrate Judge Carl W. Hoffman of the District of Nevada. Id. The warrant's affidavit explained the government's mistake and incorporated by reference the February warrants. (ECF Nos. 515-2). On July 6, 2018, Magistrate Judge Hoffman authorized the search of all five devices. Id.

         C. Pending ...


Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.