Last week, Mark Vartanyan a Russian computer hacker who used the online alias “Kolypto” pleaded guilty in federal court to various crimes related to his role as one of the creators of the infamous Citadel malware which was used to attack major financial and government institutions around the world resulting in the infection of approximately eleven million computers and ¬†more than five hundred million dollars in losses.

Like much criminal malware, Citadel was sold on the Dark Web by the criminal geniuses who developed it, but what made it unique at the time that it was first employed in 20112 was that like legitimate software programs, the makers of Citadel encouraged feedback from their customers in order to help improve the product and create desirable new features.

Vartanyan will be sentenced on June 21st and under the terms of his plea agreement prosecutors will not ask for a sentence longer than five years in prison conditioned upon Vartanyan’s continued cooperation with American law enforcement.


Like so many malware programs, Citadel was largely downloaded on to the computers of its victims as a result of phishing and spearphishing emails which again emphasizes the point that a major security step we all should take is to refrain from ever clicking on links or downloading attachments in emails or text messages unless we have absolutely confirmed that the communication is legitimate.