Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label US Court. Show all posts

US Court Rules Against Tornado Cash Sanctions




A U.S. appeals court has ruled that the Treasury Department overstepped its authority when it imposed sanctions on the cryptocurrency mixer Tornado Cash in 2022. The department accused Tornado Cash of facilitating over $7 billion in the laundering of funds, a portion of which was reportedly linked to North Korean hackers. However, the court stated that the sanctions were not lawfully justified under federal law.


Tornado Cash is a cryptocurrency mixer—a type of software that anonymizes digital transactions. It helps users conceal the origin and ownership of their cryptocurrencies by pooling and shuffling deposits. The Treasury's Office of Foreign Assets Control (OFAC) has blacklisted Tornado Cash under the International Emergency Economic Powers Act (IEEPA), as it was alleged that it had been used for laundering cybercrime proceeds, among which is $455 million reportedly stolen by the Lazarus Group, a North Korean hacking group.


Court's Ruling and Key Arguments

This came about with a decision by a panel of three judges from the New Orleans 5th U.S. Circuit Court of Appeals. A spokesperson from the panel, Judge Don Willett, wrote, "The smart contracts forming Tornado Cash did not constitute 'property.'" Law puts the authorization of regulating the property to OFAC but held that because these were immutables and unchangeables, the codes could neither be owned nor controlled hence would exempt from sanctions.


The court acknowledged that the risks that technologies like Tornado Cash pose are legitimate, but it held that updating the law to address such issues is the job of Congress, not the judiciary.

The lawsuit challenging the sanctions was brought by six Tornado Cash users with the financial support of Coinbase, a major cryptocurrency exchange. The court's decision was called a "historic win for crypto and liberty" by Paul Grewal, Coinbase's chief legal officer. Coinbase had argued that sanctioning an entire technology could stifle innovation and harm privacy rights. 


Legal Troubles for Tornado Cash Developers

Despite the court ruling, there are still legal problems for those associated with Tornado Cash. In May, developer Alexey Pertsev was sentenced to over five years in prison in the Netherlands for money laundering. Founders of Tornado Cash, Roman Semenov and Roman Storm, are also charged with money laundering and sanctions violations in the United States.


The Bigger Picture 

This case, therefore, underlines the legal and ethical challenges of privacy-focused technologies such as cryptocurrency mixers. It also calls for updated regulations to balance innovation, privacy, and security in the digital age.


UK Scammer Made Millions by Breaching Into Execs’ Office365 Inboxes

 

A man has been charged by federal authorities for allegedly engaging in a "hack-to-trade" scam that allowed him to profit millions of dollars by breaching the Office365 accounts of executives at publicly traded firms and accessing their quarterly financial reports ahead of time. 

Robert B. Westbrook, a citizen of the United Kingdom, is accused of making approximately $3.75 million in 2019 and 2020 from stock trades that profited from the illegally obtained information, according to the lawsuit filed by the US Attorney's office for the district of New Jersey. 

Prosecutors claimed that after gaining access to it, he made stock trades. He was able to take action and profit from the information before the wider public did thanks to the prior notice. The US Securities and Exchange Commission filed a separate civil claim against Westbrook, seeking an order to pay civil fines and refund all illicit gains. 

“The SEC is engaged in ongoing efforts to protect markets and investors from the consequences of cyber fraud,” Jorge G. Tenreiro, acting chief of the SEC’s Crypto Assets and Cyber Unit, noted in a statement. “As this case demonstrates, even though Westbrook took multiple steps to conceal his identity—including using anonymous email accounts, VPN services, and utilizing bitcoin—the Commission’s advanced data analytics, crypto asset tracing, and technology can uncover fraud even in cases involving sophisticated international hacking.” 

According to a federal indictment issued in the US District Court for the District of New Jersey, Westbrook hacked the email accounts of executives from five publicly traded US firms. He carried out the intrusions by misusing Microsoft's password reset feature for Office365 accounts. Westbrook allegedly went on to establish forwarding rules in certain cases, that led all incoming emails to be automatically forwarded to an email address under his control. 

Once an individual secures unauthorized access to an email account, it’s possible to hide the breach by disabling or deleting password reset alerts and burying password reset rules deep inside account settings. 

Prosecutors charged Westbrook with one count each of securities and wire fraud, as well as five counts of computer fraud. The securities fraud count has a maximum punishment of up to 20 years in prison and $5 million in fines. 

The maximum penalty for wire fraud is up to 20 years in jail and a fine of either $250,000 or double the gain or loss from the offence, whichever is greater. Each computer fraud count is punishable by up to five years in prison and a maximum penalty of $250,000 or twice the offense's gain or loss, whichever is greater.

US Authorities Charge Alleged Key Member of Russian Karakurt Ransomware Outfit

 

The U.S. Department of Justice (DOJ) released a statement this week charging a member of a Russian cybercrime group with financial fraud, extortion, and money laundering in a U.S. court. The 33-year-old Moscow-based Latvian national Deniss Zolotarjovs was extradited to the United States earlier this month after being detained by Georgian authorities in December 2023.

Court records indicate that Zolotarjovs is linked with the ransomware outfit Karakurt, which exfiltrates victim data and holds it hostage until a cryptocurrency ransom is paid. The gang runs an auction portal and leak site where they identify the victim companies and allow users to download stolen data. The group has demanded ransom in Bitcoin ranging from $25,000 to $13 million. 

Previous findings suggest that Karakurt was related to the now-defunct ransomware gang Conti. Researchers believe Karakurt was a side project of the group behind Conti, allowing them to monetise data stolen during attacks when organisations were able to halt the ransomware encryption process. Zolotarjovs allegedly used the alias "Sforza_cesarini" and was an active member of Karakurt. 

He is suspected of engaging with other members, laundering cryptocurrency, and exploiting the group's victims. According to the DOJ, he is the first alleged member of the organisation to be arrested and extradited to the United States. According to court records, Zolotarjovs is involved in attacks on at least six undisclosed US companies. 

Karakurt stole "a large volume of private client data" in one attack in 2021, which included lab results, medical information, Social Security numbers that matched names, addresses, dates of birth, and home addresses. The company negotiated a ransom payment of $250,000 down from Karakurt's initial demand of about $650,000. 

In addition to carrying out open-source research to find phone numbers, emails, or other accounts through which victims could be contacted and pressured to either pay a ransom or re-enter a chat with the ransomware group, Zolotarjovs was probably in charge of negotiating Karakurt's "cold case extortions." 

“Some of the chats indicated that Sforza’s efforts to revive cold cases were successful in extracting ransom payments,” court documents noted.

US Authorities Charge LockBit Ransomware Ringleader

 

US officials have uncovered and indicted the ringleader of LockBit, a widespread ransomware operation that has extorted victims out of half a billion dollars. He is facing over two dozen criminal charges. 

According to a 26-count indictment released on Tuesday, Dmitry Khoroshev, 31, served as LockBit's "developer and administrator," overseeing code development and recruiting affiliates to execute the ransomware on its victims. The alleged cybercriminal got 20% of each ransom payment for his role in the operation, totaling $100 million in cryptocurrency over four years, the US Justice Department noted.

“Today’s indictment…continues the FBI’s ongoing disruption of the BlockBit criminal ecosystem,” FBI Director Christopher Wray noted in the statement. 

Since its founding in 2019, LockBit has allegedly defrauded at least 2,500 individuals across more than 120 countries of at least $500 million in extortion. The U.S. Justice Department noted in its statement that it is also accountable for several billions of dollars' worth of "broader losses" linked to lost profits, incident responses, and ransom recoveries. 

In the indictment, US investigators demanded that Khoroshev surrender his $100 million share of the ill-gotten gains. Meanwhile, the UK, United States, and Australia have sanctioned the mastermind, freezing his assets and prohibiting him from travelling. The US State Department is offering a $10 million prize for information that leads to Khoroshev's capture. The latest charge comes several months after authorities took steps to shut down the ransomware operation. In February, international law enforcement confiscated LockBit's infrastructure, thereby halting operations. Around the same time, US authorities prosecuted two Russian cybercriminals using Lockbit ransomware to target a number of businesses and organisations. 

LockBit's rebuild issue 

The group's attempt to rebuild over the last few months looks to be failing, with the gang still operating at a low capacity and its new leak site being used to publicise victims targeted prior to the takedown, as well as to claim credit for the crimes of others. 

According to the NCA's most recent data, the frequency of monthly LockBit assaults in the UK has decreased by 73% since late February, and those that do occur are carried out by less sophisticated attackers with far lower impact. 

“Since Operation Cronos took disruptive action, LockBit has been battling to reassert its dominance and, most importantly, its credibility within the cyber criminal community,” stated Don Smith, vice-president of SecureWorks’ Counter Threat Unit.