The life and times of prolific hacker fxmsp – A true story
“Let me tell you why I’m famous”, Turchin said, casually.
He turned in his chair and yawned. He looked around till his eyes met his friend sitting behind him. The friend looked anxious. Turchin, however, did not. He was God.
I gasped, ever so slightly. I’m pretty sure his friend sitting behind him also let out a small, albeit discreet, sigh. Turchin looked unmoved. He quietly handed me the manila envelope lying on the table. ‘United States Attorney’s Office’, read the bold letters on its cover.
“Should I open it?” I asked.
“By all means”, he replied, lighting a cigarette between his lips.
I took the envelope in my hands and examined it carefully. It was indeed from the United States Attorney’s Office, Western District of Washington, addressed to Mr. Andrey Turchin. I pulled out the sheets of legal parchment tucked inside and started reading.
“United States v. Andrey Turchin
ANDREY TURCHIN is charged in a 5 count indictment consisting of conspiracy to commit computer hacking, two counts of computer fraud and abuse (hacking), conspiracy to commit wire fraud, and access device fraud. TURCHIN and his accomplices perpetrated an ambitious hacking enterprise broadly targeting hundreds of victims across six continents, including more than 30 in the United States. Widely known in hacking circles by the moniker “fxmsp,”
TURCHIN employed a collection of hacking techniques and malicious software (malware) to gain and maintain access to victim networks. For instance, he often used specially designed code to scan the Internet for open Remote Desktop Protocol (RDP) ports and conduct brute-force attacks to initially compromise victim networks. Once inside the victim’s system, he moved laterally throughout the network and deployed additional malicious code to locate and steal administrative credentials and establish persistent access. The conspirators often modified antivirus software settings to allow malware to continue to run undetected.
TURCHIN and his co-conspirators then marketed and sold the network access on various underground forums commonly frequented by hackers and cybercriminals, such as Exploit.in, fuckav.ru, Club2Card, Altenen, Blackhacker, Omerta, Sniff3r, and L33t, among others. Prices typically ranged from a couple thousand dollars to, in some cases, over a hundred thousand dollars, depending on the victim and the degree of system access and controls. Many transactions occurred through use of a broker and escrow, which allowed interested buyers to sample the network access for a limited period to test the quality and reliability of the illicit access. As has been publicly reported, the “fxmsp” group has been linked to numerous high-profile data breaches, ransomware attacks, and other cyber intrusions.”
I took a deep breath and looked up at him. He wasn’t really looking at me, but I was fully aware that I was being watched. Here was one of the most wanted criminals in the world, sitting right in front of me. Allegedly, he has stolen from over 130 targets – banks, Fortune 500 companies, governments, SMEs, you name it.
“You allowed customers to sample the access?” My voice certainly carried more than a hint of disbelief.
“Why else should they pay my price?” Turchin sounded caustic. “I promised quality”.
“How did they get you?”, I asked.
He looked at me, and let out a sigh.
“Group-IB”, he grunted.
I was, of course, already aware of this. A Singapore-based cybersecurity company, GroupIB, had been pursuing fxmsp for close to three years now. I had gone through the meticulous report they had posted. “The invisible god of networks”, they called him. Group-IB had used their attribution-based Threat Intelligence system that allowed them to monitor, in real time, all his original posts and edit histories. The report tracked him extensively – right from the time the young Kazakh started off as a newbie hacker to his evolution into one of the linchpins of the Russian-speaking cyber underground.
I closely studied the contours of his expressionless face. The man was 37, but looked rather young. He had first shot to infamy in May 2019, when there were reports of him having compromised the security of the world’s leading antivirus and cybersecurity companies. And they were backbones of the industry – McAfee, Symantec and the likes.
“They say you’ve made over one and half million dollars”, I said, looking intently at him.
For the first time, Turchin smiled. He lit another cigarette, took a long breath and blew out three concentric rings of smoke. They wafted through the balmy air as he gazed through the smoke into the skies.
“And that’s all they’ll ever know”, he replied.
The one and half million was, of course, not even considering any of the transactions he had made over private messages or roughly the 20% firms that took his services where he did not name a price. As far as intelligence goes, Turchin started off in 2016 with unmatched technical dexterity, but little business expertise. Within a year, however, he was advertising access to hotels and banks all over the world. Eventually, he even teamed up with another hacker – called Lampeduza – and the duo effectively became one of the most prolific cyber criminals in the underground market. His criminal prowess seemed unstoppable.
Until, of course, he was caught.
“So, have you stopped?”, I asked.
Although believed to have been inactive since mid-2019, many officials still suspect that he might still be continuing under a different moniker. Turchin took what remained of the cigarette out of his lips and pressed it with vigour into the ashtray. He looked up at me, smiled again, but did not answer.
“And what of the criminal charges against you? What are you going to do about that?”
American authorities claimed that Turchin had apparently known, for some time now, the charges that awaited him in the United States. Given that Kazakhstan does not usually extradite its nationals, it seemed likely that he would be prosecuted there itself.
Turchin straightened up and looked at me with some interest. His eyes were sharp, his demeanour astute. Quietly folding the legal notice back into the envelope, he rose from his seat. His friend rose with him. I suddenly had this overwhelming conviction that this silent friend was Lampeduza himself. Turchin gave me a curt bow, placed his hat over his head with just the hint of a tilt, turned around and walked away. His friend followed without a word or gesture. The interview, evidently, had reached its end.
I sat there, staring at the stubbed-out cigarette releasing its last wisp of smoke, wondering about the interview that I never conducted. The facts, however, are all up there for you to check. Going by the success he achieved within such a short time, Turchin might just be the God of Cyber crime.
It is rumoured among the circle of hackers that success had gone to his head and Turchin committed the cardinal sin of hacking Russian government networks. It is an unwritten tradition in the Russian hacking fraternity that if you operate out of Russian territory, you do not hack that country. Turchin not only tried to sell access to Russian websites, he bragged about it too. Russian cyber crime forums banned him immediately. Turchin stopped hacking Russia, but this brashness is something which sets him apart from other hackers.
I took a mental note to question Turchin on his Russian misadventure if ever I do get an opportunity of interviewing him.
I am sure he will enjoy that question.
[The interview-format of the article is fictitious. The facts mentioned are, however, all true. Sourced from ‘Fxmsp: The invisible god of networks’ report by Group-IB (2020)]