The Glupteba system stole user credentials and cookies, mined cryptocurrencies on infected hosts, and deployed proxy components that would target Windows systems and IoT devices. The malware was primarily distributed through questionable download links for pirated software.
Such cases are difficult to litigate, largely due to the perpetrators living in foreign nations, and thus, outside the jurisdiction of US law – but in this instance, the court found in Google’s favor:
“The court moved to grant Google’s motion for sanctions, while the court also went further, and issued monetary sanctions against both the Russian-based defendants and their US-based lawyer – requiring the criminal actors behind Glupteba to pay Google’s legal fees.”
A key element in this instance was the naming of both the individuals and shell companies involved in the Glupteba process, which exposed these groups, specifically, for the crime. That facilitated direct litigation, while the further action to hold the group’s US-based lawyer accountable adds even more impetus to the final decision.
It’s a significant ruling which could up the disincentive for criminals to get involved in such activities. If foreign groups can be held more directly accountable, that would provide a new level of legal recourse, which could see many more actions taken against such operations over time.
Of course, some groups will remain faceless entities. But the bigger operations require funding, and if Google, and other platforms, can point to those sources, that could see more penalties handed down that will increase the pressure on these operations.
It’ll be interesting to see if the Glupteba group challenges the ruling, and what comes next. But it could be a major, precedent-setting case that helps to combat online scams.