Blackhole Exploit Kit creator ‘Paunch’ in custody, Russian police confirm

Blackhole Exploit Kit creator ‘Paunch’ in custody, Russian police confirm: As previously reported, now confirmed by Russian police, the still unnamed 27-year old man is said to be ‘Paunch’ (his nickname), arrested on 4 October with a dozen others in the city of Togliatti, accused of programming the hugely successful Blackhole Exploit Kit used in attacks on countless millions of Internet users since 2010.

Criminals come and go of course, but if the man nabbed by police really is the creator of Blackhole his arrest is hugely significant. It’s hard to put into numbers how massive this one kit had become from its earliest days in the summer of 2010 to its sudden disappearance only weeks ago after his arrest. No summary of malware activity in the last three years was complete without mentioning it under a heading of its own.

Designed as a service that could be rented by criminals for $500 per month, Blackhole was an all-in-one solution for the aspiring cybercriminal out to attack browser users through compromised web pages and – the service’s speciality – using top-notch exploits for zero-day flaws. It became one of the most important means of attacking online bank systems.

Russian security firm Group-IB (which said it had assisted police in tracking him down and published the pictures), estimates that the accused man had around 1,000 customers across the world of cybercrime. Without this kit, the cybercrime scene of the last three years would have been measurably smaller and duller.

Part of his success was down to this ability to source zero-days by the bucket-load.