Tank interview A hacking kingpin reveals all to the BBC

pAfter years of reading about Tank and months of planning a visit to him in a Colorado prison I hear the door click open before I see him walk into the roomppI stand up ready to give this former cybercrime kingpin a professional hello But like a cheeky cartoon character he pokes his head around a pillar with a giant grin on his face and winksppTank whose real name is Vyacheslav Penchukov climbed to the top of the cyberunderworld not so much with technical wizardry but with criminal charmppI am a friendly guy I make friends easily the 39yearold Ukrainian says with a broad smileppHaving friends in high places is said to be one of the reasons Penchukov managed to evade police for so long He spent nearly 10 years on the FBIs Most Wanted list and was a leader of two separate gangs in two distinct periods of cybercrime historyppIt is rare to speak to such a highlevel cybercriminal who has left so many victims behind him Penchukov spoke to us for six hours over two days as part of the ongoing podcast series Cyber Hack Evil CorpppThe exclusive interview Penchukovs first ever reveals the inner workings of these prolific cybergangs the mindset of some of the individuals behind them and neverbeforeknown details about hackers still at large including the alleged leader of the sanctioned Russian group Evil CorpppIt took more than 15 years for authorities to finally arrest Penchukov in a dramatic operation in Switzerland in 2022ppThere were snipers on the roof and the police put me on the ground and handcuffed me and put a bag on my head on the street in front of my kids They were scared he recalls with annoyanceppHe is still bitter about how he was arrested arguing that it was over the top His thousands of victims around the world would strongly disagree with him Penchukov and the gangs he either led or was a part of stole tens of millions of pounds from themppIn the late 2000s he and the infamous Jabber Zeus crew used revolutionary cybercrime tech to steal directly from the bank accounts of small businesses local authorities and even charities Victims saw their savings wiped out and balance sheets upended In the UK alone there were more than 600 victims who lost more than 4m 52m in just three monthsppBetween 2018 and 2022 Penchukov set his sights higher joining the thriving ransomware ecosystem with gangs that targeted international corporations and even a hospitalppEnglewood Correctional Facility where Penchukov is being held would not let us take any recording equipment inside the prison so a producer and I make notes during the interview as we are watched over by a guard nearbyppThe first thing that stands out about Penchukov is that although he is eager to be released he seems in high spirits and is clearly making the most of his time in prison He tells me he plays a lot of sport is learning French and English a wellthumbed RussianEnglish dictionary stays by his side throughout our interview and is racking up highschool diplomas He must be smart I suggest Not smart enough Im in prison he jokesppEnglewood is a lowsecurity prison with good facilities The lowrise but sprawling building sits in the foothills of the Rocky Mountains in Colorado The dusty grass verges surrounding the prison are teeming with noisy prairie dogs scurrying into their burrows whenever disturbed by prison vehicles coming and goingppIt is a long way from Donetsk Ukraine where he ran his first cybercrime gang after falling into hacking through games cheat forums where he would look for cheats for his favourite video games like Fifa 99 and CounterstrikeppHe became the leader of the prolific Jabber Zeus crew so named because of their use of the revolutionary Zeus malware and their favourite communication platform JabberppPenchukov worked with a small group of hackers that included Maksim Yakubets a Russian who would go on to be sanctioned by the US government accused of leading the infamous cybergroup Evil CorpppPenchukov says that throughout the late 2000s the Jabber Zeus crew would work out of an office in the centre of Donetsk putting in six to sevenhour days stealing money from victims overseas Penchukov would often end his day with a DJ set in the city playing under the name DJ Slava RichppCybercrime in those days was easy money he says The banks had no idea how to stop it and police in the US Ukraine and the UK could not keep upppIn his early 20s he was making so much money he bought himself new cars like they were new clothes He had six in total all expensive German onesppBut police got a breakthrough when they managed to eavesdrop on the criminals text chats in Jabber and discovered the true identity of Tank using details he had given away about the birth of his daughterppThe net closed in on the Jabber Zeus crew and an FBIled operation called Trident Breach saw arrests in Ukraine and the UK But Penchukov slipped through the net thanks to a tipoff from someone he will not name And thanks to one of his fast carsppI had an Audi S8 with a 500horsepower Lamborghini engine so when I saw the cops flashing lights in my rear view mirror I jumped the red light and lost them easily It gave me a chance to test the full power of my car he saysppHe laid low with a friend for a while but when the FBI left Ukraine the local authorities seemed to lose interest in himppSo Penchukov kept under the radar and he says went straight He started a company buying and selling coal but the FBI was still on the trailppI was on holiday in Crimea when I got a message from a friend who saw that I had been put on the FBI Most Wanted list I thought I had got away with it all then I realised I have a new problem he says an obvious understatementppHis lawyer at the time was calm though and advised him not to worry as long as he did not travel outside of Ukraine or Russia US police could not do muchppThe Ukrainian authorities did eventually come knocking but not to arrest himppPenchukov had been outed as a wealthy hacker wanted by the West and he alleges that almost every day officials would come and shake him down for moneyppHis coalselling business was going well until Russias invasion of Crimea in 2014 President Putins socalled Little Green Men Russian soldiers in unmarked uniforms ruined his business and missiles struck his apartment in Donetsk damaging his daughters bedroomppPenchukov says that it was business troubles and the constant payouts to Ukrainian officials that led him to once again fire up his laptop and get back into the cybercrime lifeppI just decided it was the fastest way to make money to pay them he saysppHis journey charts the evolution of modern cybercrime from quick and easy bank account theft to ransomware todays most pernicious and damaging type of cyberattack used in highprofile hacks this year including on UK High Street stalwart Marks SpencerppHe says ransomware was harder work but the money was good Cybersecurity had improved a lot but we were able to make about 200000 a month Much higher profitsppIn a revealing anecdote he remembers rumours that started about a crew being paid 20m 153m from a hospital that had been crippled by ransomwareppPenchukov says the news fired up the hundreds of hackers in the criminal forums who all then went after US medical institutions to repeat the pay day These hacker communities have a herd mentality he says People dont care about the medical side of things all they see is 20 millions being paidppPenchukov rebuilt his connections and skills to become one of the top affiliates of ransomware services including Maze Egregor and the prolific group ContippWhen asked if these criminal groups worked with Russian security services a regular accusation from the West Penchukov shrugs and says Of course He says that some ransomware gang members sometimes talked about speaking to their handlers in the Russian security services like the FSBppThe BBC wrote to the Russian Embassy in London asking if the Russian government or its intelligence agencies engaged with cyber criminals to aid cyber espionage but received no replyppPenchukov soon rose to the top again and became a leader of IcedID a gang that infected more than 150000 computers with malicious software and led to various types of cyberattack including ransomware Penchukov was in charge of a team of hackers who would sift through the infected computers to work out how best to make money from themppOne victim they infected with ransomware in 2020 was the University of Vermont Medical Center in the US According to US prosecutors this led to the loss of more than 30m 23m and left the medical centre unable to provide many critical patient services for more than two weeksppAlthough noone died prosecutors say the attack which disabled 5000 hospital computers created a risk of death or serious injury to patients Penchukov denies he actually did it claiming he only admitted to it in order to reduce his sentenceppOverall Penchukov who has since changed his surname to Andreev feels the two nineyear sentences he is serving concurrently are too much for what he did he is hoping to get out much sooner He has also been ordered to pay 54m 414m in restitution to victimsppHis view as a young hacker who started in cybercrime as a teenager is that Western companies and people could afford to lose money and that everything was covered by insurance anywayppBut when I speak to one of his early victims from the Jabber Zeus days it is clear his attacks did have a harmful impact on innocent peopleppLiebers Luggage a familyrun business in Albuquerque New Mexico had 12000 9200 stolen in one swipe by the gang Owner Leslee still recalls the shock years laterppIt was just disbelief and horror when the bank called because we had no idea what had happened and the bank clearly didnt have any idea she saysppWhile a modest sum it was devastating for the business as the money was used for paying rent buying merchandise and paying staffppThey did not have any savings to fall back on and to make matters worse Leslees elderly mother was in charge of the company accounts and she blamed herself until the theft was uncoveredppWe had all of those feelings the anger the frustration the fear she saysppWhen I ask them what they would like to say to the hackers responsible they think it is futile to try to change the minds of these callous criminalsppTheres nothing that we could say that would affect him Leslee saysppI wouldnt give him the time of day her husband Frank addsppPenchukov says he did not think about the victims and he does not seem to do so much now either The only sign of remorse in our conversation was when he talked about a ransomware attack on a disabled childrens charityppHis only real regret seems to be that he became too trusting with his fellow hackers which ultimately led to him and many other criminals being caughtppYou cant make friends in cybercrime because the next day your friends will be arrested and they will become an informant he saysppParanoia is a constant friend of hackers he says But success leads to mistakesppIf you do cybercrime long enough you lose your edge he says wistfullyppAs if to highlight the disloyal nature of the cyber underworld Penchukov says he deliberately avoided any further contact with his onetime Jabber Zeus collaborator and friend Maksim Yakubets after the Russian was outed and sanctioned in 2019 by Western authoritiesppPenchukov says that he noticed a distinct change in the hacker community as people shunned working with Yakubets and many of his alleged Evil Corp associatesppPreviously Penchukov and Aqua as Yakubets was known had hung out in Moscow drinking and eating in luxury restaurants He had bodyguards which I thought was strange almost like he wanted to show off his wealth or something he saysppBeing ostracised from the cyber crime world did not deter Evil Corp though and last year the UKs National Crime Agency accused other members of the Yakubets family of being involved in the decadelong crime spree sanctioning 16 members of the organisation in totalppBut unlike Penchukov the chances of police collaring him or others in the gang seem low With a 5m bounty out for information leading to his arrest Yakubets and his alleged coconspirators are unlikely to repeat Penchukovs mistake of leaving their countryppThe worldfirst law aims to reduce the risks children face online but its received pushbackppLand drones are increasingly the only means of transporting supplies to the embattled city of PokrovskppAs AIgenerated music floods streaming platforms questions bubble over whether listeners are owed more transparency ppAppearing from the Vatican via video the pontiff spoke to youth attending a Catholic conference in the US state of Indiana
ppRollsRoyce says improvements to one of its engines will mean it could fly for twice as longppCopyright 2025 BBC All rights reserved The BBC is not responsible for the content of external sites Read about our approach to external linkingpp p