Meet the Flint24 hacker How a friend of a cybercrime fighter, Deputy Dengin, turned out to be one of the largest sellers of stolen bank cards. Meduza investigation
:extract_focal()/https%3A%2F%2Fmeduza.io%2Fimpro%2FvpDHqSRVKF_psApWlfYyYVo3PQx5Wli-Qfzb4j7fJNo%2Ffill%2F1300%2F0%2Fce%2F1%2FaHR0cHM6Ly9tZWR1%2FemEuaW8vaW1hZ2Uv%2FYXR0YWNobWVudHMv%2FaW1hZ2VzLzAwNS81%2FOTkvNDU4L29yaWdp%2FbmFsL2l1YmE3aHpO%2FVVRNakhvRnRhRTFp%2FRFEucG5n.png)
On March 24, 2020, the FSB announced a “large-scale special operation” to arrest a large group of carders - fraudsters who, according to the intelligence service, ran 90 online stores selling stolen bank card data. As Meduza found out, this press release was a “gift” for his birthday: the intelligence service thus “congratulated” businessman from the Kaluga region Alexei Stroganov, who turned 48 that day. Meduza IT editor Maria Kolomychenko tells how Stroganov, who is called “one of the oldest carders in all of Rus',” became a businessman, a friend of Russian politicians, a fighter against cybercrime and the recipient of an FSB certificate of honor—but never gave up his old habits.
In November 2019, the St. Petersburg judo club “Turbostroitel” celebrated its 50th anniversary. The founding date of the club is considered to be 1969, when a judo club was formed on the basis of the sambo section on Dekabristov Street. Vladimir Putin and his friends, future billionaires Arkady and Boris Rotenberg, also worked there.
The club's anniversary was celebrated on a grand scale. On the occasion of the memorable date, Channel One released a documentary film “Coach”, in which Putin and Arkady Rotenberg share warm memories of their coach Anatoly Rakhlin, and a photo exhibition “Rakhlin. Putin. Sambo. Judo". Another gift was the president’s visit to Turbostroitel with a bunch of state awards . Thus, Boris Rotenberg, at a ceremonial meeting, received the Order of Alexander Nevsky from Putin, and Anatoly Rakhlin’s son, Mikhail, now the president of Turbostroitel, became the owner of the Order of Honor.
The Russian President himself did not present the remaining awards, transferring this honorable responsibility to the Governor of St. Petersburg, Alexander Beglov. On December 20, 2019, in the assembly hall of Smolny, a solemn ceremony was held to present the President’s certificates of honor “for active social activities.” One of the recipients turned out to be a man unknown to the general public, who looked like an ordinary official - he was 47-year-old Alexey Stroganov, a member of the board of trustees of Turbostroitel. In the ceremonial photograph from the ceremony, Beglov and Stroganov did not hide their joyful smiles.
Three months later, on March 24, 2020, Alexey Stroganov had a birthday. Meduza’s source in a company working in the field of information security claims that it was as a “gift” to Stroganov that the Federal Security Service on that day issued a press release about a “large-scale special operation” to arrest a large group of carders, that is, bank card fraudsters . The report spoke of searches at 62 addresses in 11 regions of Russia and the detention of more than 30 people, 25 of whom were charged with “illegal circulation of means of payment” (Article 187 of the Russian Criminal Code). The names of those detained were not disclosed.
During this operation, Alexey Stroganov, known among carders as Flint24, was also arrested, five interlocutors told Meduza, including former carder Sergei Pavlovich under the nickname Police Dog and an expert on cyber weapons and targeted attacks Andrei Sporov, known on the Russian Internet as Sp0raw. Law enforcement agencies consider Stroganov one of the organizers of the criminal group, according to Meduza’s interlocutors. The file of cases of the Tverskoy District Court of Moscow also contains information about the arrest of A. T. Stroganov on March 20.
First term of Flint and Gabrik
At the beginning of 2003, the management of the processing company United Card Services (UCS) was concerned: sellers in supermarkets and boutiques in Moscow began to notice a large number of suspicious plastic cards and outright fakes. Thus, the cashier of an electronics store withdrew a suspicious Visa Electron card, but as soon as the security guard approached the buyer who presented it, he ran away. The management of UCS reported this to the Main Directorate for Combating Organized Crime of the Ministry of Internal Affairs (GUBOP), and they opened a criminal case about the production and sale of counterfeit bank cards.
The case turned out to be high-profile: a few months later, the carders were detained during a joint operation of the FSB, GUBOP and the Investigative Committee of the Ministry of Internal Affairs. During the searches, security forces seized more than eight thousand counterfeit Visa, MasterCard and American Express cards, as well as a mini-printing house for their production. “The detention of these swindlers is the largest operation to suppress credit card counterfeits in recent years,” said Colonel Viktor Vashchenko, head of the department for investigating grave and especially grave crimes in the economic sphere of the investigative unit of the Investigative Committee under the Ministry of Internal Affairs, at the time. At that time, he was one of the key specialists in economic crimes - for example, it was his department that was investigating the creator of the MMM financial pyramid, Sergei Mavrodi.
The organizer of the criminal group, according to investigators , was Ukrainian Arthur Lyashenko under the pseudonym Bigbuyer, and two other participants were directly involved in the creation of counterfeit bank cards: Gerasim Selivanov, aka Gabrik, and Alexey Stroganov, that is, Flint24. The first obtained information about the bank cards of wealthy foreigners - the card number and its expiration date - and the second then printed counterfeit cards with this data in a home printing press. The resulting fakes were sold via the Internet to everyone.
By the time of his arrest in 2003, Stroganov had already been wanted for fraud for several years and was living on false documents. How exactly he lived is known to another carder, Sergei Pavlovich (or Police Dog) from Belarus, who spent several years in prison for similar crimes. Upon his release, Pavlovich became a star: he started a channel on YouTube , where he interviews criminals, and even published the book “How I Stole a Million. Confession of a repentant carder." In one of her episodes, Pavlovich casually mentioned meeting Stroganov in Sochi a year before his arrest.
“Alexey - that was Flint’s name in real life - was about 30 years old, he was reasonable, calm as a boa constrictor and a very modest person. His wallet was literally full of counterfeit Boa cards ,” the book said.
Pavlovich told Meduza that at the time they met, Alexey Stroganov was the moderator of the carder.org forum for bank card scammers and decided to create a production of higher quality counterfeits than those produced by Boa Factory . “Then in Sochi, Flint24 gave me a couple of cards that Boa Factory made, and a little later, in another city, I made my first purchase with a fake plastic card. But from the cards from Boa it was clear from afar that they were fake - it’s just that back then the store clerks didn’t pay any attention to what kind of card you were giving them. Flint24 then established the creation of higher quality and cheaper counterfeit cards together with Artur Lyashenko (Bigbuyer) and Gerasim Selivanov (Gabrik), after which they were arrested in 2003,” said Pavlovich.
Gerasim Selivanov, according to Pavlovich, was a close friend of another legendary hacker from Russia, Vladimir Drinkman, who worked under the pseudonym Scorpo. In 2012, Drinkman was arrested in the Netherlands at the request of the United States, and in 2018 he was sentenced to 12 years in prison for carding and is currently serving his sentence. “Gabrik and Scorpo are both from Syktyvkar and have worked together for a long time. In the late 1990s and early 2000s, Scorpo was the key person who obtained dumps - he sometimes had a database of millions of cards. He hacked restaurant, store, and hotel networks at the level of Walmart and Marriott, where, according to security standards, no bank card data should be stored, but in fact, as a rule, they are stored. Gabrik, thanks to his close friendship with Scorpo, became one of the two main sellers of dumps in the world at that time,” Pavlovich told Meduza.
The investigation into Stroganov and his accomplices, which began in 2003, lasted more than three years, and in June 2006 they were sentenced to real terms. Stroganov received the most - six and a half years in prison. Lyashenko, despite the fact that he was considered the organizer, was given a little less - six years, and Selivanov - five and a half. Three more members of the group received suspended sentences, since they performed only auxiliary functions and were not directly related to the creation of counterfeits. For that time, the sentence was strict: in the mid-2000s, courts in Russia rarely dealt with cybercrimes and, as a rule, imposed non-custodial sentences in such cases.
But less than two years later, at the beginning of 2008, Stroganov and Selivanov found themselves free. Lawyer Anton Lelyavsky from the Knyazev and Partners board, who was one of the defenders in that case, refused to explain the rapid release of the convicts. “Without seeing the case materials, it’s difficult to draw any conclusions, but in theory there can be two options,” says lawyer and partner of the Center for Digital Rights Sarkis Darbinyan. — The first is release on parole, since taking into account the time spent in the pre-trial detention center, two thirds of the term have passed, which is enough for early release under this article. The second is a deal with the prosecutor’s office, that is, providing law enforcement agencies with information about other criminals in exchange for a reduced sentence.”
“I can say for sure that no one knows the conditions under which Flint24 was released in 2008 except those who released it and himself. Everything that is being discussed around is just speculation. But the main thing that was known in the “environment”: all subsequent years he continued to sell [cards], but they did not touch him,” one of the hackers told Meduza.
Two hackers familiar with Stroganov’s activities claim that his “business” of selling stolen bank cards did not stop even during his stay in a pre-trial detention center and colony in 2003–2008. “He sold even when he was in prison, simply through partners, and we talked about this topic more than once when he was in prison. Moreover, it was then that a certain cartel conspiracy arose, the ideologist of which, it seems, was Flint24. The point was: since we are all selling dumps, let's not sell them at a price, let's say, below $50. They will still pay any amount we request,” said Meduza’s interlocutor. Another interlocutor says that Stroganov can be called “one of the oldest carders in all of Rus'.”
A businessman and another MP
In the summer and fall of 2019, Alexey Stroganov traveled around Crimea with his family: for cybercriminals in the past or present, such a vacation in recent years has been much safer than traveling abroad. Over the course of several months, the Stroganovs visited Yalta, Sevastopol, reached Cape Aya, and then the Tarkhankut Peninsula, not forgetting to post photos about the trip on social networks. We moved mainly by swimming - on a yacht, simultaneously teaching our son Yegor how to manage it.
We flew away from Crimea in comfort - on a personal helicopter with the identification mark RA-04327, which, according to the Russian state register of civil aircraft, is a Robinson R44 Raven II helicopter registered in December 2016. On the official website of the manufacturer Robinson Helicopter Company, the recommended price for this model is 490 thousand dollars (30.4 million rubles at the average dollar exchange rate in December 2016).
The helicopter was decorated with the logo of the Zhukoff Garage company. According to SPARK-Interfax, Stroganov and his partner created it immediately after his release, in June 2008, in his native Kaluga region. Now “Zhukoff Garage” is engaged in tuning SUVs, ATVs and pickups, and in addition, it is developing an association of the same name to promote off-road, ATV and motor sports - it was founded by Alexey Stroganov together with his younger brother Alexander.
“Zhukoff Garage” was only the beginning of Stroganov’s legal business: during 12 years of freedom, he created a reputation for himself as a respected businessman, mainly in his native Kaluga region. Together and separately with their younger brother Alexander Stroganov, they covered the entire region with their enterprises: they became the owners of the heat supply company Biotek, the Balzamin restaurant, registered their private security company Gray Swan, as well as the Plast Group company, which deals with waste processing. In total, more than a dozen companies are registered under the brothers.
The Stroganovs did not spend their summer vacation in Crimea alone, but in the company of the deputy leader of the LDPR faction in the State Duma and candidate for governor of the Kaluga region in the 2015 elections, Vadim Dengin: a selection of photographs and videos of Dengin swimming in the Black Sea in a huge life jacket was preserved on the carder’s social networks, and footage of friendly hugs between Stroganov and the deputy. Stroganov’s former partner in one of his legal businesses told Meduza that the carder had known the deputy for a long time. “They both come from Obninsk: Stroganov’s younger brother Alexander studied with Dengin. The relationship is long-standing, so no one was somehow embarrassed that one, at least in the past, is a cybercriminal, and the other seems to be fighting them,” says Meduza’s interlocutor.
In the State Duma, Vadim Dengin is a member of the Committee on Information Policy, Information Technologies and Communications, through which, in particular, all bills to combat threats to Runet and cybercrime are passed. For example, in 2017, this committee approved the law “On the Security of Critical Information Infrastructure,” according to which, in particular, for attacks on automated banking systems and other critical IT infrastructure of banks, hackers face up to 10 years in prison.
“Cybersuvorovites” versus “cyber vigilantes”
In May 2016, deputy Dengin came up with a high-profile initiative: he proposed creating “cyber-suvorov officers” in Russia who would repel hacker attacks. “We must take the initiative to raise “cybersuvorovites” - a young guy, a young girl who wants to engage in programming at the school stage, and maybe after school go to a special university, even create an alternative service for those who want to engage in programming, but within the framework of the Russian state,” Dengin said. According to his idea, “cybersuvorovites” were supposed to receive education at the expense of the state, and then work for it - to fight hacker attacks.
A month later, in June 2016, an autonomous non-profit organization to combat cybercrime “Kibalchish” was registered in Obninsk, according to SPARK-Interfax data. Its founders are Alexander Stroganov, the younger brother of the Flint24 carder, and his wife Polina. For a long time, the organization’s logo adorned the uniform of the Kvant football club from Obninsk. Kvant head coach Oleg Morozov in an interview with Obninsk Discovery magazine said that Kibalchish is not the brand of Alexander Stroganov, but his older brother and one of the club’s sponsors, Alexey Stroganov, that is, the Flint24 carder himself. On its official website at kibalchish.org, decorated with a portrait and quotes from Vladimir Putin, the organization claimed that it was fighting carding, phishing, extremist propaganda and transmitting information about identified incidents to government agencies.
“These were the ridiculous ambitions of Alexey, with the support of Dengin, to become the second Safe Internet League. Dengin, if successful, would earn political points for implementing his idea, and Alexey could count on influence and government support, including financial, so this was all intended to be a mutually beneficial cooperation,” says Stroganov’s former partner in one of the legal businesses.
The Safe Internet League (SIL) is a Russian para-governmental organization known for its initiatives to censor the Runet. It was created by the Orthodox oligarch, founder of the investment company Marshall Capital Partners and the Tsargrad group of companies, Konstantin Malofeev. Since 2011, within the framework of LBI, there has been a youth movement “Cyberdruzhina”, which declares that it is fighting crimes on the Internet - very similar to the “cybersuvorovtsy” that Vadim Dengin proposed to do. However, the Duma Committee on Information Technologies, which includes Deputy Dengin, has strained relations with Malofeev’s organization: the committee has repeatedly criticized the initiatives of LBI and, in particular, did not support the idea of legislating the status of their “cyber vigilantes.”
Created by the Stroganovs, “Kibalchish” actively began work on creating an alternative to the “cyber vigilantes” detachment of “cybersuvorovites” - to begin with, from among schoolchildren in the Kaluga region. In January 2019, the organization announced the launch of a joint project “Secure Network” with the Coordination Center for the National Internet Domain (CC), an organization that administers the .RU/.РФ domains and maintains the key infrastructure of the Runet. As part of the project, both structures promised to work to improve cyber literacy among schoolchildren and teachers in the Kaluga region. “...thanks to our partner ANO Kibalchish, it became possible to organize this process in cooperation with local authorities. I am sure that now the work to improve Internet literacy in the regions will be even more effective,” said Andrey Vorobyov, director of the Coordination Center for .RU/.RF domains.
Now people in the CC talk less enthusiastically about working with Kibalchish. In response to Meduza’s questions sent after the arrest of Alexey Stroganov, the press service of the CC said that cooperation between the organizations was limited to a speech by a representative of the CC at one of the seminars organized by the ANO Kibalchish for computer science teachers.
At the same time, the Kibalchish website also contained information about the organization’s joint project with Roskomnadzor, CC and FIFA during the 2018 FIFA World Cup: Kibalchish allegedly helped protect the FIFA brand and suppress the operation of sites that organized the illegal sale of tickets to matches. The CC and Roskomnadzor claim that there was no such cooperation.
A Meduza source in the communications market said that another desire of the Kibalchish management was to enter the CC project called Netoscope . “The head of Kibalchish, Polina Stroganova, was interested in CC projects in the field of information security, in particular Netoscope, and the possibility of cooperation with key players in the information security market. As far as I know, cooperation specifically on Netoscope did not take place,” he says.
Immediately after Stroganov’s arrest, the Kibalchisha website stopped opening ( a copy is available in the Wayback Machine), and the organization’s phone also did not answer, Meduza was convinced. Alexander Stroganov, one of the founders of the organization, declined to comment.
Philanthropist
Another field of joint activity between Alexey Stroganov and Vadim Dengin was charity: there were many references to their joint charity events in the Kaluga media and social networks. So, in December 2015, Dengin posted on his Instagram about a trip to the Center for Social Assistance to Families and Children in the village of Duminichi, Kaluga Region, where he, together with the Zhukoff Garage association created by the Stroganov brothers, came to congratulate children and parents on the New Year . In August 2017, a text appeared on the Vest News website with the headline “Vadim Dengin provided assistance to a social center in the Przemysl region,” which talks about the renovations carried out at a local center called “Childhood.” Towards the end of the article it is casually mentioned: “Vadim Dengin involved members of the Zhukoff Garage club to solve this problem. With their help, financial resources were found.” At the end of the same year, a text appeared on the LDPR website under the heading “LDPR and Zhukoff Garage congratulated the disabled people’s society on the upcoming holidays.”
“In my opinion, he needed all this charitable activity for two reasons: to clear his conscience, like buying an indulgence, and to make influential friends who would help in case of trouble,” says Stroganov’s former partner in one of the legal businesses. According to him, the idea to sponsor Putin’s native judo club was also suggested to Stroganov by Dengin - and he became a member of the board of trustees of Turbostroitel.
The president of Turbostroitel, Mikhail Rakhlin, in a conversation with Meduza, confirmed that Stroganov joined the club’s board of trustees because he provided him with financial assistance. “Alexey is a very positive person, we met by chance through mutual friends and talked and were friends for some time. The Zhukoff Garage company has a line of all-terrain vehicles. I was interested because in Russia we have a lot of impassable places, it was interesting to see. Alexey saw what we were doing - the younger generation, the development of sports - and said that he was ready to help. Then we entered into an official agreement between the club and Zhukoff Garage, the company became one of the patrons of Turbostroitel. We collaborated for a couple of years, he helped financially. Everything was completely official, according to the contract, with all the necessary tax deductions. I heard that Alexey is now under arrest, but, as far as I understand, his guilt has not yet been proven, there has been no verdict,” Mikhail Rakhlin told Meduza.
He refused to say who exactly introduced him to Stroganov and how much he invested in Turbostroitel. According to SPARK-Interfax, Zhukoff Garage LLC has recorded a net loss of more than 11 million rubles in the last two years.
In addition to the presidential judo club, Stroganov also financed the Kaluga Regional Chess Federation, headed by City Duma deputy Yuri Titkov, and eventually became its vice president. In addition, he sponsored the professional football club “Kvant” from Obninsk. In an interview with Obninsk Discovery magazine, Kvant head coach Oleg Morozov said that Alexey Stroganov is one of the club’s key financial partners. “Alexey helps us a lot, I don’t know how we would get by without him, because there are a lot of additional expenses, they are difficult to budget for and regulate. For me, he is an amazing person, fortunately for us, such people exist,” said Morozov.
The general director of the Zhukoff Garage company, Evgeny Abduragimov, declined to comment.
According to SPARK-Interfax, almost all companies co-owned by Alexey Stroganov operate either at a loss or with minimal profit. Only the Balzamin restaurant in Obninsk is consistently profitable - its manager, Natural Products LLC, in which Alexey Stroganov owns a 50% stake, has an annual income of several million rubles.
Arrest
An official statement from the FSB says that during searches, more than one million dollars, three million rubles, counterfeit documents, firearms, drugs, gold bars, precious coins, as well as IT infrastructure for the operation of online stores selling stolen bank card data.
Together with Stroganov, this time his partner in the first criminal case, Gerasim Selivanov, or Gabrik, was again arrested, according to five Meduza interlocutors, including Andrei Sporov and Sergei Pavlovich. Information about the arrest of G.V. Selivanov is also in the file cabinet of the Tverskoy District Court. In the years since his first term, Selivanov has become a popular blogger: three of Meduza’s interlocutors said that he ran a YouTube channel about travel around Russia, “Gerasim World of All-Terrain Vehicles,” which now has 50 million video views and 257 thousand subscribers. The last video on the channel (its author performed under the pseudonym Gerasim Dorogin) was released on March 13, and loyal viewers have been worried about the disappearance of their favorite blogger for several months now: under his video there are hundreds of comments with the content “Gerasim, where have you gone?” no answer.
“Flint24 is simply the organizer of a dump sales network, that is, like most carders, he is not a technical specialist at all. At the same time, whoever organizes sales is also the organizer of the group, since ultimately everything revolves around money. Among those 30 people who were detained by the FSB at the end of March, Flint24 and Gabrik (he was in charge of the technical component), in my opinion, are key people,” explains Andrei Sporov, an expert on cyber weapons and targeted attacks.
According to him, most of these groups have a very branched structure. “As a rule, the composition is something like this: there are technical personnel, that is, programmers, system administrators and support for dump stores, organized in several shifts to ensure their round-the-clock operation. Several more people are partners in the supply of “material,” that is, people who directly carry out hacking of stores, hotels, or resell large databases of dumps received from other hackers, for example, hacking processing companies. A separate category of people are “material” sales partners, who may have their own stores and/or large clients who immediately buy out part of the databases,” explains Sporov.
The FSB report states that members of this criminal group ran more than 90 online stores selling stolen bank card data. Two Meduza sources claim that among them were, for example, goldendumps.cc, hustlebank.com, deluxedumps.com and goldplastic.net stores. All of them are now inaccessible, but screenshots of these sites remain in the Wayback Machine Internet archive. Judging by them, at least one of these sites - hustlebank.com - sold dumps of Russian bank cards. This may mean that the reason for the detention could be a violation of the unspoken rule “don’t work on .ru”: Russian law enforcement agencies almost never detain hackers who attack foreign companies if they do not touch Russian ones.
“My opinion is that there are only two options as to why they could have been taken now. The first is that they worked using .ru. Perhaps they could not resist something “tasty” or did not control their partners, and as a result, working on .ru became a fact that was unpleasant for them. The second option is that they violated some agreement with the FSB or refused to carry out some important task - or the tasks, in general, went too far. This is all guesswork, but I don’t see any other reasons,” says one of the hackers in a conversation with Meduza.
In the video published by the FSB of the detention of members of the carder group in March 2020, Alexey Stroganov appears only for a few seconds and with his hands tied behind his back. Someone present at that moment asks the security forces carrying out the arrest a question: “Can you tell me who’s in charge here?”
Lawyer Arkady Tolpegin, representing the interests of Alexey Stroganov, has tried to challenge his arrest over the past two months, in particular, citing the positive characteristics of his client and Stroganov’s “certificate of honor from the director of the FSB,” the appeal ruling says.
By the time this material was published, Arkady Tolpegin had not provided Meduza with Stroganov’s comments. The FSB and the Ministry of Internal Affairs also did not respond to Meduza’s requests. Deputy Vadim Dengin, in a conversation with Meduza, refused to comment on his relationship with Alexei Stroganov before his sentencing.
Коментарі
Дописати коментар