Russian, Kazakhstani men living in Miami indicted over cybercrime training service
A pair of alleged cybercriminals who prosecutors say were key administrators of a cybercrime marketplace and training service were indicted Friday and each face up to 20 years in federal prison.
Alex Khodyrev, 35, and Pavel Kublitskii, 37, were charged Aug. 10 for their role in administering WWH Club, a Russian-language cybercrime forum that an FBI agent likened to “a cross between Ebay and Reddit … that exists for the sole purpose of of promoting and facilitating crime.”
Khodyrev, a citizen of Kazakhstan, and Kublitskii, a Russian national, were arrested while living in Miami. The two were in the U.S. for the past two years after applying for asylum in the U.S. in December 2022, according to the FBI affidavit.
Despite showing no outward signs of being employed legitimately, Kublitskii rented a “luxury condominium” in Sunny Isles Beach, Fla., according to the affidavit, while in March 2023 Khodyrev purchased a 2023 Corvette at a South Florida dealership with approximately $110,000 in cash.
WWH Club first came online roughly a decade ago, in 2014, and has since become “a major force in the Russian-speaking cybercriminal underground,” Alexander Leslie, threat intelligence analyst with Recorded Future, told CyberScoop. While the site does serve an influential role in its community, networking and advertising capacities, “the overwhelming presence of scammers and younger, more inexperienced cybercriminals on WWH Club still make it a lower threat priority than some of its contemporaries, such as XSS or Exploit,” Leslie said.
The FBI obtained a copy of the site’s main server in July 2020 after serving a search warrant on hosting provider DigitalOcean, according to the affidavit. At the time, the site appeared to have roughly 170,000 registered users. That number had grown to more than 350,000 as of Sept. 9, 2024, but the number is slightly misleading in that the site allows unregistered visitors to create anonymous and temporary accounts, which could artificially inflate the size of the user base, Leslie said.
In January 2023, an FBI agent paid roughly $1,000 in bitcoin to attend one of the site’s training sessions on how to obtain and use stolen credit card data and personal information to make money, according to the affidavit. The same agent in February 2023 purchased data on 20 people in the U.S. for $110 in bitcoin that likely came from a February 2022 breach of LendingTree, according to the affidavit.
The site continues to operate as normal, with activities “actually slightly [increasing]” over the past month, Leslie said. Between Aug. 9 and Sept. 9, Recorded Future observed approximately 60,000 new and unique references to activities on WWH Club, Leslie said.
Accounts associated with Khodyrev and Kublitskii have been deleted in an attempt to distance the forum from its former administrators, Leslie added, “a common practice when law enforcement actions targets a forum, which relies on business continuity and community trust.”
“As of this moment, barring a few holdouts, the community as a whole remains relatively undeterred,” Leslie said.
Arkady Bukh, the attorney representing Khodyrev, did not immediately respond to a request for comment.
