Estonia declares Asper Biogene data theft leader an international fugitive
Estonia's National Criminal Police (Keskkriminaalpolitsei) has declared the leader of a gang behind the theft of 100,000 data files from a Tartu-based biotech company an international fugitive.
In November 2023, approximately 100,000 files containing the personal and health data of about 10,000 people were illegally downloaded from the database of Asper Biogene OÜ.
The National Criminal Police identified a group of four individuals suspected of the crime, led by Russian national Vladislav Rybakov. The leader has been declared an international fugitive in cooperation with the Office of the Prosecutor General.
Based on evidence gathered in the criminal investigation so far, there is reason to believe that accessing the company's database and downloading the data was a planned and organized operation.
Ago Ambur, head of the cybercrime bureau of the National Criminal Police, explained that the evidence gathered suggested that a group of four individuals had been working systematically and continuously over two months, with Russian citizen Vladislav Rybakov playing a leading role.
"The group's actions were characterized by a specialized division of roles, where, according to suspicions, each member had a specific task in carrying out the data theft – from identifying security vulnerabilities in computer systems to issuing ransom demands for the stolen data," Ambur described in a statement.
Rybakov is suspected of being part of a group that unlawfully gained access to a computer system. Following the data breach, the perpetrators issued a ransom demand, leading to suspicions that Rybakov is also involved in large-scale extortion, i.e. coercion to transfer proprietary benefits by threatening to damage property. If convicted, he could face a prison sentence of up to 12 years.
The Office of the Prosecutor General requested Harju County Court to arrest Rybakov. The court granted the request, issuing an arrest warrant in absentia, and Rybakov was also declared an international fugitive.
According to State Prosecutor Vahur Verte, cybercrime has become increasingly serious and poses a growing threat.
"Criminals can disrupt our daily lives, harm businesses, damage national systems, and jeopardise individuals' personal safety and data privacy. Stopping cyber criminals and bringing them to justice is essential to fostering trust in digital environments. By combating system intrusions, data theft, and other crimes, we ensure a safer digital space for everyone. The request by the Prosecutor's Office for the in-absentia arrest and international search for Vladislav Rybakov means that if he enters a country that shares similar values to Estonia, that country has the right to detain him and extradite him to Estonia to face justice. This step demonstrates that the National Criminal Police and the Prosecutor's Office work tirelessly with both domestic and international partners to ensure that offenders are held accountable for their actions, no matter where in the world they commit their crimes," Verte explained.
As Rybakov is suspected to have played a leading role, the criminal investigation has primarily focused on his activities.
"If other group members wish to ease their conscience, they can always write to [email protected]. Hiding is not a viable option," Ambur affirmed.
The success of the data theft was attributed to the group's systematic actions and unpatched security vulnerabilities.
"According to the evidence gathered, the attack began with identifying security flaws that could provide access to the information system database. Once such a vulnerability was found, the group gained access to user accounts and their encrypted passwords (password hashes). These were decrypted, and the suspects then exploited another vulnerability using an employee's password to install malware on the system. This malware, controlled remotely via the web, allowed access to all parts of the information system of interest, including files and databases containing personal and health data. Due to the large volume of data that interested the suspects, a specialised tool was developed for downloading the dataset, after which a ransom demand was issued to the company," Ambur explained, based on evidence gathered during the criminal investigation.
So far, there is no evidence that the leaked data has been used for criminal purposes.
The criminal proceedings are being conducted by the Cybercrime Bureau of the National Criminal Police in cooperation with the Crime Bureau of the South Prefecture. The proceedings are led by the Office of the Prosecutor General.
--
Follow ERR News on Facebook and Twitter and never miss an update!
Editor: Helen Wright