A 29-year-old Russian rapper who loved to do what rappers do – as in, post photos of himself on social media as he made kissy-kissy with wads of cash or swigged pricey champagne – will be appearing in court in Pennsylvania this week to face charges of money laundering for cybercrooks.
His name is Maksim Boiko, also known as Maxim Boyko, “gangass”, or the rapper Plinofficial. Here he is, documenting his big-ticket fun-funs:
Those posts are just part of the what the FBI calls “evidence of unexplained wealth”. Here’s more: a photo posted to Boiko’s Instagram account in August 2015, showing a big stack of Chinese Yuan on a table, along with signs that say “Maksim” (after all, why brag-post unexplained wealth without making sure your name appears, over and over?).
If you’re interested in a) Russian rap, b) how a young man originally from Siberia became enamored with African American music, black hip-hop style and the famous “money phone” meme of using stacks of cash to pretend you’re speaking on one of the “brick” mobile phones of the 1980s, and/or d) the rise of the Trap genre of hip-hop and Boiko’s part in its entrance to the Russian music scene, the BBC’s got you covered.
If not, don’t sweat it. Suffice it to say that he never got far in his musical career: according to the BBC, MTV Russia fans voted Boiko the 74th best Russian rapper, and he rarely performed in public.
He allegedly did a whole lot better with money laundering.
In an affidavit filed in March and unsealed in April, FBI Special Agent Samantha Shelnick said that Boiko was in thick with BTC-e: a popular, fraudulent Russian cryptocurrency exchange that – up until the US seized the site in 2017 – was used by lots and lots of cybercrooks for money laundering.
The (ongoing) BTC-e saga
One of the specialties of BTC-e was laundering ransomware profits. At the time the exchange was shuttered, Google research showed that BTC-e was handling 95% of all ransomware payments.
According to the US Treasury Department’s Financial Crimes Enforcement Network (FinCEN), BTC-e processed at least $3m in payments made by victims of the Cryptolocker and Locky ransomware attacks. It also allegedly took in money hacked out of Mt. Gox, which was one of the first and most successful exchanges – that is, until 2014, when it collapsed after a massive bitcoin heist.
According to the US Justice Department (DOJ), by the time it was seized, BTC-e had allegedly taken in deposits valued at over USD $4 billion.
As of July 2019 – two years after the BTC-e takedown – the US was still chasing the defunct exchange, trying to get at a fine of USD $100 million that it had imposed in 2017 for facilitating ransomware and dark web drug sales.
How does Boiko fit in?
The FBI alleges that Boiko helped launder money for BTC-e. The rapper allegedly used the alias Gangass to cover his dealings with cybercrooks. He also allegedly chatted with them on secure, encrypted Jabber instant message platforms, including “exploit.im”, which the bureau says is used almost exclusively by cybercriminals.
According to the affidavit, a search of FBI databases revealed that the email account plinofficial@me.com was used to register an account on BTC-e. Whoever registered the account using that email also provided the name “Maksim Boiko” and the username “gangass.” Data from BTC-e showed that before BTC-e was seized, the account allegedly belonging to Boiko had received $387,964 worth of deposits and had withdrawn approximately 136 Bitcoin.
How do you get evidence from an encrypted messaging app?
In a nutshell, a secure encrypted messaging app isn’t all that secure if you take screenshots of your chats and then stick them in an email.
According to the 29-page affidavit, the FBI got to Boiko’s alleged Jabber conversations through a court-authorized search of his Apple iCloud account, which, conveniently enough, contained photos of his alleged Jabber communications with accounts held by crooks.
One example was a screenshot of a Jabber chat with the account salazar001@xmpp.jp: an account that the FBI says was associated with one of the leaders of a transnational organized crime group called QQAAZZ. The leader is referred to as “Conspirator A” in the affidavit. In the conversation, dated July 2019, salazar001@xmpp.jp receives confirmation of payment sent in the amount of 3.482 Bitcoin: approximately $35,000. Another Jabber conversation negotiated the sale of 300 credit cards.
In another conversation between gangass@exploit.im and what the FBI calls a known cybercrook using the alias “Moneybooster,” Moneybooster put in a request for a corporate account that could handle a transfer of “200-300k.” Gangass responded by providing an account for a Hong Kong company called Arco Technology (Hongkong) Limited, along with a bank address and account number. When the transfer was blocked a few days later, the two talked over whether they could keep using the credentials or not. Moneybooster’s reply:
… it won’t kill your credentials … but the same bank won’t work for me because it’s on the Chase blacklist.
… which the FBI says shows that “gangass was aware that the funds are being obtained from a victim whose bank account login information was stolen and that the attempted transfer was fraudulent.”
These are just some examples of the funds stolen from US victims that were transferred, or attempted to be transferred, to bank accounts under the QQAAZZ group’s control:
Over the ocean and straight into the FBI’s arms
In January, Boiko and his wife came to the US. They arrived at the Miami airport and were caught carrying USD $20,000 in cash. US Customs and Border Patrol wanted to know, Where’d he get all that? Bitcoin investments and Russian rental properties, Boiko said.
Nah, we don’t think so, the FBI said. It turns out that besides the suspicious $20K in US currency, agents had been monitoring all those social media photos and chats, eyeballing Boiko’s documentation of piles of cash that dated back as far as 2015.
The photographs … are evidence of Boiko’s unexplained wealth, [and] are inconsistent with the practices of a legitimate business operation and are consistent with the allegations set forth herein.
The FBI arrested Boiko at a Miami condo on 28 March – a date that the BBC says was just days before the rapper’s album launch. As it turns out, this wasn’t the first time that noteworthy events in Boiko’s musical career have coincided with money-laundering busts. In fact, Boiko announced his long-awaited solo album on the same day in July 2017 that Greek police arrested Russian citizen Alexander Vinnik, the alleged mastermind of BTC-e. Vinnik was indicted in the US on 21 counts.
Vinnik was incarcerated in Greece until January 2020, when France won out over Russia and the US in the battle to extradite him.
Earlier this month, Boiko’s lawyer, Arkady Bukh, told Cyberscoop that the rapper plans to plead not guilty. Due to the pandemic, he was arraigned via Zoom in the Western District of Pennsylvania. There was a fact-finding session held on 11 May. There hasn’t yet been a date set for the next hearing.