DENYS IARMAK -Plea Agreement FIN-7 still think I’m wrong about Fedorov?
As noted Defendant Denys Iarmak entered into a plea agreement, that was docketed earlier today. I do not think my assessment of Defendant Fedorov is incorrect -I’ll bet you we will know soonish
Your obligatory sunset video
Did you really think I’d somehow forget about today’s Change in Plea Hearing? I can assure you I’ve had this date on my home office murder board since late 2019 and while not at all surprising. Defendant Iarmak’s Plea Agreement certainly proffered up a few key datapoints, for example Iarmak’s aliases and various overt acts….but before we dive into Defendant Iarmak’s plea agreement you might want to reread last week’s article…or not
Now setting aside the two counts Iarmak pleaded to - the conspiracy count (one) has a maximum penalty of twenty years in prison and a $250,000.00 fine. The conspiracy to hack only has a maximum penalty of five years in prison and $250,000.00 fine. You’ll notice that the parties are in semi-agreement that Defendant Iarmak should be sentenced any where from time served for 84 months. But again his actual sentencing isn’t slated until February 2022 but it does bode the question -what was the rush? If you noticed in last week’s article there was a rush/urgency conveyed by both parties…and accordingly the Court set the November 22, 2021 Change in Plea hearing date..
Minute Entry for proceedings held before Hon. Brian A Tsuchida- CRD: A. Quach; AUSA: Frances Franze-Nakamura; Def Cnsl: Charles Kaser; Court Reporter: Zoom Digital Recording; Time of Hearing: 10:00am; Courtroom: Zoom; Interpreter: Kristina Terra; Language: Russian;
CHANGE OF PLEA HEARING as to Denys Iarmak held on 11/22/2021. Defendant present in custody and appearing by video. Defendant consents to proceed by audio/video conference. Defendant placed under oath and advised of rights/charges/penalties; Defendant executes Consent to Rule 11 Plea in a felony case before a U.S. Magistrate Judge; Court reviews the plea agreement; Denys Iarmak (1) pleads GUILTY to Counts 1 and 16.
Remaining Counts to be dismissed at sentencing. Court finds the Defendant is competent to enter a guilty plea; Court signs the Report and Recommendation and Counsel have fourteen days to file objections; Court orders the preparation of a Presentence Report. Defendant remanded to custody.
Sentencing set for 2/25/2022 at 11:00 AM in Courtroom 13206 before Judge Ricardo S. Martinez
PLEA AGREEMENT as to Denys Iarmak (Entered: 11/22/2021) via ECF: https://ecf.wawd.uscourts.gov/doc1/19719950457
Similar to the two defendants ( before) Defendant Iarmak’s plea agreement -pleaded guilty to conspiracy to commit wire fraud and conspiracy to Hack a Computer —therefor the Government moved to dismiss counts Counts 2 to 15, and 17 to 26 at the “time of sentencing”…
…one has to wonder -what exactly did Defendant Iarmak give up? Remember that two other co-conspirators already hammered out a two separate plea agreements months and in one case almost a year and half ago…the dismissal of various counts at the time of Iarmak’s sentencing isn’t that surprising —as his docket kind of reads like a judicial telenovela —where it appears he was a cooperative witness and until he wasn’t. The thing is he’s been in custody since late 2019. In July 2020 the Court granted the Defendant’s request to delay his trial to September 2022
...Defendant Iarmak’ aliases; aka Denys Yarmak, aka Denys Jarmak, aka GakTus and aka gt…
While most overlooked the aliases if not for the recently docketed Plea Agreement we didn’t actually know the aliases used by Iarmak. Now we know and I’ll tell you that is more important than most might know because hackers love to brag and they move heaven and earth to create a moniker & signature.
The Personal Data Harvested by FIN-7 …tens of millions…
Is easily explained on page 10 sub paragraph c -which reads in part:
One of FIN7’s primary objectives was to steal payment card information from victim companies. FIN7 stole information for tens of millions of payment cards from U.S. companies, and then offered that stolen information for sale, including for sale on underground forums such as Joker Stash. That payment card information typically included the payment card number, the name of the payment cardholder, and the zip code in which the card was used, among other data. FIN7 members understood that the stolen payment card data would be used to conduct fraudulent transactions across the United States and in foreign countries.
…Defendant Iarmak served as a high-level hacker, whom the group referred to as a “pentester”…
…He was involved in various aspects of the scheme, including, but not limited to, the design and creation of phishing emails, with the embedded malware payloads, as well as the intrusion of victim company networks and the exfiltration of stolen data, including payment card information.
…the data FIN-7 exfiltrated upon carrying out targeted attacks —primarily through the use of phishing emails and then the use of social engineering techniques to encourage the recipients of the phishing emails to inadvertently activate malware contained in or attached to the emails. The plea agreement also disclosed various overt acts committed by Defendant Iarmak
Once activated, the malware would connect a compromised victim computer to a network of command and control servers located around the world. Through its command and control infrastructure
FIN7 would upload additional malware onto victim computers, conduct surveillance, and otherwise maintain remote control of victim computers.
After breaching a particular victim’s computer, FIN7 would use that computer to establish a foothold in the victim’s network, and then move laterally through the network to locate payment card information.
One means of private communication used by FIN7 members is Jabber.
Jabber is an instant messaging service that allows members to communicate through a privately hosted server. Defendant Iarmak and his various co-conspirators used Jabber to coordinate hacking efforts. For instance, among the numerous Jabber communications made in furtherance of the conspiracy:
On or about December 26, 2016, Defendant Iarmak provided another member of the cybercriminal group with his bank information in order to receive payments.
On or about April 28, 2017, Defendant Iarmak described the creation and use of phishing emails to and another member of the cybercriminal group, specifically, how to create and test the malware payload for a phishing email.
Between Chipotle and Jason’s Deli FIN-7 data scraped >5.9 Million payment card info…
Defendant Iarmak was working for FIN7, a number of companies publicly reported that they had suffered data breaches involving the theft of payment card information that were later attributed to FIN7.
For example, Chipotle (Victim-3) publicly disclosed a data breach that impacted approximately 3.9 million payment cards, and Jason’s Deli (Victim-6) publicly disclosed a data breach that impacted approximately 2 million payment cards.
During the course of the scheme, Defendant received compensation for his participation in FIN7, which far exceeds comparable legitimate employment in Ukraine.
For the purposes of this Plea Agreement, the parties agree that – during Defendant’s participation in the malware scheme – FIN7 illegal activity resulted in over $100 million in losses to financial institutions, merchant processers, insurance companies, retail companies, and individual cardholders….
You can read Defendants Iarmak’s Plea Agreement via this ECF Link or via my Scribd Account - don’t worry I’m sure this will be breaking news in the coming days (snort) -at any rate I’m still down doing lobbing but I’m headed back to the DC area late tomorrow afternoon but this week I’m taking a break from writing and researching and plan to enjoy time with my family. Wishing you the best during this holiday season —if I get bored (which is highly likely) I’ll probably publish a few pieces I’ve been researching otherwise I might go dark for a few days.
-Filey
Enjoy the time with your family! Happy Thanksgiving!
Thank you, and have a beautiful holiday with your family.