We’re not in the business of giving advice to alleged cybercriminals, but maybe, just maybe, if you have no discernible income, you might want to resist the urge to pay $110,000 in cash for a Corvette.
That’s just one of the alleged mistakes that led to the recent arrest of two men on claims that they operated the WWH-Club cybercrime forum and stolen credit card marketplace.
Russian national Pavel Kublitskii and Alexandr Khodyrev of Kazakhstan face charges that include conspiracy to commit offenses against the United States, trafficking in unauthorized access devices, and possession of multiple unauthorized access devices. Each charge carries a potential 10-year prison sentence.
Apparently their lavish lifestyle – with no discernable income – caught the attention of the Internal Revenue Service. An affidavit from an FBI agent filed in the U.S. District Court for the Middle District of Florida on Aug. 6 is an interesting look both into how cybercrime forums operate and how easily suspects can trip themselves up. In this case, investigators found both a cash and a digital trail.
Suspects Arrived in U.S. on Asylum Claim
Kublitskii and Khodyrev arrived together in south Florida in December 2022, claiming asylum – more than two years after U.S. authorities had begun investigating WWH-Club.
Upon arrival in Florida, Kublitskii opened an account at Bank of America with an opening deposit of $50,000 in cash, the affidavit states.
“A review of bank records and social media posts revealed Kublitskii rented a luxury condominium in Sunny Isles Beach, Florida, and he spends his time visiting the beach and various tourist attractions such as Sea World in Orlando, Florida,” the FBI affidavit states. “Despite an apparent expensive lifestyle, there is no evidence Kublitskii is or has been employed.
“Furthermore, subsequent to his arrival in Florida, there is also no evidence that Khodyrev is or has been employed,” the affidavit continues. “Yet, in or around March 2023, Khodyrev purchased a 2023 Corvette at a South Florida dealership with approximately $110,000 cash.”
It’s not clear from available documents when or how investigators made all the connections they did; the affidavit does not include “all aspects of the investigation, but rather only information sufficient to establish such probable cause.”
Still, beyond the claims of lavish spending, the defendants may have also linked online accounts too closely.
Personal, Forum Gmail Accounts Linked
After using a warrant to obtain a copy of the WWH server from DigitalOcean, FBI computer scientists reconstructed the forum and database. The investigators eventually obtained warrants for 95 email accounts linked to forum administrators, 70 from the database and then 25 additional ones later.
They connected Bitpay payments and cookies to five email accounts, one of which was connected to a WWH admin account that also contained Kublitskii’s “personal photographs, travel and identification documents, and online purchases sent.” Those accounts also shared travel plans and photos from “a dolphin excursion in Punta Cana for Kublitskii and his family.”
Despite the arrests, WWH-Club remains operational. Kublitskii and Khodyrev are, of course, innocent until proven guilty, and Court Watch reports that it’s not clear if Khodyrev has even been arrested. But in the meantime, the FBI affidavit makes for interesting reading.
