In 2020, the United States charged four men with building a bulletproof hosting empire that previously dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four men pleaded guilty to conspiracy and racketeering charges. However, there is a complex and untold backstory behind the two Russian men involved, who co-ran the world’s top spam forum and worked closely with Russia’s most dangerous cybercriminals.
From January 2005 to April 2013, Spamdot (also known as Spamit) was an invite-only community for Russian-speaking individuals involved in spamming and building botnets of infected computers to relay the spam. The two primary administrators of Spamdot were known by the nicknames Icamis (a.k.a. Ika) and Salomon (a.k.a. Sal). The forum hosted individuals controlling botnets such as Rustock, Cutwail, and Grum, all of which infected millions of computers and harvested passwords and other data.
Salomon is now serving a 60-month prison sentence in a federal prison in Michigan. He was heavily involved in robbing dozens of small businesses in the United States using harvested passwords. The identity of Icamis remained a mystery until recently. For years, security experts and top cybercriminals believed that Salomon and Icamis were likely the same person using two different identities, mainly due to evidence showing they accessed the forum from the same internet address.
However, recent research has uncovered new details about Icamis and his real-life identity. It was discovered that Icamis was closely connected to a Russian cybercriminal, Rescator, who is linked to the 2013 data breach at Target. Icamis made a lengthy farewell post to Spamdot members in April 2013, stating he was quitting the cybercrime business. Despite this, Icamis continued to work behind the scenes, helping crime groups siphon funds from U.S. bank accounts.
Both Icamis and Salomon offered various goods and services aimed at supporting spammers, including bulletproof domain registration and hosting services that helped botmasters evade anti-spam groups like Spamhaus. Salomon was also obsessed with retaliating against anti-spam groups and initiated a DDoS attack against Spamhaus.
Salomon, also known as Alexander Valerievich Grichishkin, was arrested outside of Russia in 2020 for providing bulletproof hosting services to cybercriminal gangs. He was involved in setting up infrastructure used by cybercriminals between 2009 and 2015 to distribute malware and attack financial institutions and victims throughout the United States. Grichishkin pleaded guilty to conspiracy charges and was sentenced to four years in prison.
Recent research has revealed that Icamis’s online activity was linked to the name “Andrew Artz,” with domain ownership records from DomainTools.com connecting several email addresses and domains to Icamis using this name. There is also evidence of Icamis promoting services using email addresses such as email@example.com.
The saga of Icamis and Salomon continues to shed light on the shadowy world of cybercrime and the individuals involved in supporting and perpetrating cybercriminal activities. The case is a stark reminder of the ever-evolving nature of cybercrime and the relentless efforts of law enforcement to bring those responsible to justice.