A Russian court has sentenced a former Federal Security Service (FSB) officer to nine years in prison for taking a $1.7 million bribe from hackers and promising to shield them from prosecution.

According to prosecutors, ex-FSB officer Grigory Tsaregorodtsev, for many years, patronized hackers involved in the illicit trade of U.S. bank cardholders’ data. Tsaregorodtsev offered hackers protection from law enforcement in exchange for money, local media reported. At the FSB, Tsaregorodtsev specialized in combating cybercrimes. 

When he failed to protect the criminal group and its members, the hackers disclosed Tsaregorodtsev’s involvement in court. He admitted to accepting bribes  from hackers but claimed that his actions should be considered mere fraud, and asked the court not to punish him “severely.”

To conceal illegal profits from Russian authorities, Tsaregorodtsev allegedly transferred ownership of some of the property to his relatives and friends. Last April, Russian law enforcement searched one of the apartments where Tsaregorodtsev allegedly hid his wealth and seized over $154,000 in Russian currency and 100 gold bars.

The regional court in the city of Perm ordered the confiscation of his money, real estate and expensive cars, and fined Tsaregorodtsev with double the bribe he took. The judges also stripped Tsaregorodtsev of his military rank and prohibited him from holding certain positions for eight years following his release from the nine-year sentence in a penal colony. Tsaregorodtsev said he would appeal the court’s verdict.

The hackers involved in the card payment scheme faced much lighter penalties during their trials last week. Only two of the defendants received actual sentences of up to four years in prison; the others either got credit for time served in pre-trial detention or were assigned to correctional labor.

Russian media reported that the defendants were “satisfied” with the court’s verdict.

The criminals were identified as Denis Pachevsky, the general director of a local film production company; entrepreneur Alexander Kovalev; Artem Bystrykh, an employee of the local metallurgical company; Artem Zaitsev, an employee of the local telecom provider; as well as two unemployed individuals, Vladislav Gilev and Yaroslav Solovyov.

The hackers claimed that most of them didn’t know each other before being brought into court. It’s still unclear which criminal gang they were a part of. The Russian state news agency Tass reported that this was the third hacker group busted in Russia since the beginning of 2022. Previous arrests included members of the REvil and The Infraud Organization gangs. Infraud members also have been prosecuted in the United States.

The investigation revealed that the defendants unlawfully traded Visa and MasterCard credit card information obtained from Bank of America, Capital One and Fidelity. This allowed buyers to make payments without the card owners’ knowledge. Among the customers were primarily Russian citizens seeking to conceal purchases from financial regulators. 

The hackers claimed that their scheme didn’t harm the genuine card owners, as their clients made purchases immediately after transferring funds to the card, often without the cardholders receiving transaction notifications promptly.

When the U.S. Federal Bureau of Investigation (FBI) found out about the scheme, they contacted Russian law enforcement to investigate. According to local media reports, Russian police officers eventually found a website that offered a service for purchasing bank card data, identified the criminals, carried out a test purchase, and detained the suspects in 2022.

Earlier this month, Russia charged six people suspected of a similar scheme. The suspects allegedly stole the details of 160,000 credit cards as well as payment information from foreign online stores. If found guilty, they could face a fine or be sentenced to up to seven years in prison, according to Russian law.

In 2021, the Russian co-founder of Infraud, Sergey Medvedev, was sentenced to 10 years in prison. Infraud members stole over four million credit and debit card numbers costing victims more than $568 million.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.