Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label hacker arrested. Show all posts

Germany: Individual Hacker Arrested for Stealing € 4 Million via Phishing Attacks

 

Germany’s federal criminal police, Bundeskriminalamt (BKA) carried out home raids on three suspects for executing a large-scale phishing campaign, defrauding internet users of €4 million. The phishing campaign was carried out by the charged suspects between October 3, 2020, and May 29, 2021, as per the evidence gathered by the German Computer Crime Office. 

One of the three suspects, a 24-year-old, has been arrested and charged by the BKA, the second, a 40-year-old, has also been charged with 124 acts of computer fraud, while the investigation for the third suspect is still ongoing.  

The hackers allegedly defrauded their victims by imitating as legitimate German banks and sending them phishing e-mails that were clones of messages from some real banks.  

“These e-mails were visually and linguistically believable based on real bank e-mails. The victims were informed in these letters that their house bank would change their security system – and their own account would be affected [...] The e-mail recipients were thus tricked into clicking on a link, which in turn led to a deceptively real-looking bank page. There, the phishing victims were asked to enter their login data and a current TAN, which in turn enabled the fraudsters to see all the data in the account of the respective victim – including the amount of credit and availability. The perpetrators then contacted the victims and tricked them into revealing further TAN numbers as alleged bank employees. With the TAN, they were then able to withdraw funds from the accounts of the victims.” reads the statement issued by BKA. 

The phishing emails reportedly informed the internet users of the changes in their respective bank’s security systems, beseeching the victims to click on an embedded link to continue using the bank’s services. The links redirected victims to a landing page, asking them to enter their credentials and Transaction Authentication Number (TAN), allowing the hackers access to their online banking accounts and withdrawal funds.  

According to the BKA, the hackers even used DDoS against the banks to conceal their fraudulent transactions. "In order to carry out their crimes, the accused are said to have resorted to offers from other cybercriminals who worked on the dark net, selling various forms of cyber-attacks as crime-as-a-service." BKA stated in an announcement. 

In regard to the active cases of phishing attacks and online fraud, the police urged internet users to take certain cautionary measures, such as never clicking a link or opening file attachments in emails that appear to be from a legitimate bank. If in doubt, the users are recommended to contact their banks personally or obtain information from the bank’s respective websites.

US Arrested Multi-year Phishing Scam Suspect

 

An Italian man who was involved in a multi-year phishing scam aimed towards fraudulently stealing hundreds of unpublished book manuscripts from popular authors such as Margaret Atwood and Ethan Hawke − has been imprisoned. The accused will be in prison for a maximum of 20 years if found guilty of wire fraud and another additional two years for a count of aggravated identity theft. 

The Department of Justice while reporting on the incident, stated, that the man is 29-year-old Filippo Bernardini, was arrested by the FBI on Wednesday at the John F. Kennedy International Airport, in New York. The report also said that he was previously working at London-based publisher Simon & Schuster who allegedly impersonated editors, agents, and others personnel involved in the publishing industry to obtain manuscripts of unpublished books fraudulently. 

“We were shocked and horrified on Wednesday to learn of the allegations of fraud and identity theft by an employee of Simon & Schuster UK. The employee has been suspended pending further information on the case…” Simon & Schuster said in a statement to Variety. 

“…The safekeeping of our authors’ intellectual property is of primary importance to Simon & Schuster, and for all in the publishing industry, and we are grateful to the FBI for investigating these incidents and bringing charges against the alleged perpetrator.” 

Following the incident, agencies said that the scheme was started in August 2016 wherein Bernardini used various fake email addresses which were linked to over 160 domains spoofing literary talent agencies, literary scouting agencies, and publishing houses. 

Furthermore, he also sent phishing emails attacking employees of a New York City-based literary scouting company and obtained their sensitive data to gain access to the organization’s database of synopses and other information regarding upcoming books. 

"These prepublication manuscripts are valuable, and the unauthorized release of a manuscript can dramatically undermine the economics of publishing, and publishing houses generally work to identify and stop the release of pirated, prepublication, manuscripts," the Department of Justice said today. 

"Such pirating can also undermine the secondary markets for published work, such as film and television, and can harm an author’s reputation where an early draft of the written material is distributed in a working form that is not in a finished state."

UK Man Arrested for Cryptocurrency Fraud, Sentenced 20 Years

 

A United Kingdom man who was earlier charged in the US for links to hacking celebrities' and politicians' Twitter accounts was recently arrested for stealing cryptocurrency worth $784,000 of cryptocurrency. Prosecutors in Manhattan, US said that Joseph James O'Connor (age 22) along with his partners stole Bitcoin, Litecoin, and Ethereum, after getting access to target's cellphone no. by linking it to SIM cards. 

O Connor, aka PlugwalkJoe, along with his partners orchestrated a SIM swapping attack targeting three Manhattan cryptocurrency company executives, stealing cryptocurrency from two clients, while laundering it. O Connor's lawyer isn't yet known. As per the prosecutors, the campaign ran from March 2019 to May 2019. O'Connor awaits possible extradition from Spain after the July arrest concerned with a last year's July hack which compromised several Twitter accounts and stole around $118,000 worth of Bitcoins. 

"It named the British man as Joseph James O'Connor and said he faced multiple charges. He was also accused in a criminal complaint of computer intrusions related to takeovers of TikTok and Snapchat accounts, including one incident involving sextortion, as well as cyberstalking a 16-year-old juvenile," reported Reuters earlier in July. These hacked accounts include current US president Joe Biden, former president Barack Obama, Ex Amazon CEO Jeff Bezos, Bill Gates, Warren Buffett, Kim Kardashian, Elon Musk, and rapper Kanye West (currently known as Ye). 

The accused teenager, Graham Ivan Clark, the mastermind behind the Twitter hack, pleaded guilty in March in state court of Florida and is currently serving three years in a juvenile prison. The latest charges against Connor consist of money laundering and conspiracies to commit wire fraud, carrying a minimum of 20 years prison sentence, along with aggravated identity theft and computer hacking conspiracy. 

Reuters reports, "the alleged hacker used the accounts to solicit digital currency, prompting Twitter to take the extraordinary step of preventing some verified accounts from publishing messages for several hours until security to the accounts could be restored."

This Aspiring Hacker was Caught in a Quite Embarrassing Manner

 

The US Department of Justice (DoJ) has arrested a Ukrainian citizen for using a botnet to hack people's passwords. He was caught by his alleged messages to vape shops in Ukraine, including an invoice with his home location. 

Glib Oleksandr Ivanov-Tolpintsev is accused by the Department of Justice of deploying a botnet to break passwords of targeted individuals, which he subsequently sold on the dark web. According to his indictment, Ivanov-Tolpintsev made over $80,000 from the operation. 

The press release from the DoJ reads, “During the course of the conspiracy, Ivanov-Tolpintsev stated that his botnet was capable of decrypting the login credentials of at least 2,000 computers every week...Once sold [on the dark web], credentials were used to facilitate a wide range of illegal activity, including tax fraud and ransomware attacks.” 

On October 3, 2020, Polish police arrested Ivanov-Tolpintsev in Korczowa, Poland, and he was extradited to the United States to stand prosecution for these offenses. 

Amateur Blunders 

According to an IRS affidavit, investigators tracked down Ivanov-Tolpintsev by looking at the contents of the Gmail accounts he used to conduct his dark web activities. 

Many digital receipts from online vape shops were sent to one of these accounts, revealing Ivanov Tolpintsev's name and contact information. 

Furthermore, Ivanov-normal Tolpintsev's email account was set as the recovery address for these accounts. Exploring the contents of his regular account showed a plethora of personally identifying information, including passport scans and Google Photos photos.

The government was able to assemble enough evidence to convince a court to order Ivanov Tolpintsev's arrest and extradition because of his carelessness in separating his criminal digital identity from his physical one. 

Although the investigators haven't revealed much about Ivanov Tolpintsev's botnet case but the case highlights the dangers of depending solely on a password to protect an account. 

Since breaking and auctioning passwords on the dark web may lead to significant attacks like the one on the United Nations, security experts have been urging to implement multi-factor authentication (MFA) systems.

Hacker ordered to pay back £922k

A hacker who carried out cyber attacks on more than 100 companies has been ordered to pay back £922,978.14 of cryptocurrency.

Grant West had been jailed for fraud after carrying out attacks on brands such as Sainsbury's, Uber and Argos.

A police investigation, codename "Operation Draba", uncovered West's activity on the dark web under the moniker of "Courvoisier".

The confiscation order was made during a hearing at Southwark Crown Court.

West, from Sheerness, Kent, used phishing email scams to obtain the financial data of tens of thousands of customers.

He would then sell this personal data in different market places on the dark web, convert the profit made from selling financial details online into cryptocurrency, and store these in multiple accounts.

West, of Ashcroft Caravan Park, was jailed in May at Southwark Crown Court for 10 years and eight months.

Detectives had discovered evidence of West conducting cyber attacks on the websites of 17 major firms.

Following West's arrest, approximately £1m in cryptocurrency was seized from a number of his accounts. Taking currency fluctuations into account the currency is today valued at £922, 978.14.

The cryptocurrency will now be sold and the victims will receive compensation.

As well as financial data, he also sold cannabis which he shipped to customers, and "how to" guides instructing others how to carry out cyber attacks.

West also regularly used stolen credit card details to pay for items for himself, including holidays, food, shopping and household goods. West admitted conspiracy to defraud, possession of criminal property, unauthorised modification of computer material and various drugs offences.

Bulgarian security expert arrested for demonstrating a vulnerability in software for kindergartens


Recently, the Bulgarian police detained an information security specialist Petko Petrov, who published a video about the vulnerability in the IT system of the municipality used in local kindergartens.

Bulgarian security researcher Petko Petkov discovered a vulnerability in the software used in local kindergartens. Petkov made a video demonstrating the vulnerability and posted it on Facebook about a week ago, on June 25. The video shows an automated attack on the portal of the local municipality, through which parents apply for admission of their child to kindergarten. The security expert was able to download the data of almost 236 thousand inhabitants of the Bulgarian city of Stara Zagora where more than 330 thousand people live using such vulnerability.

The specialist wrote a comment to the video that he tried to contact the software developer Information Services AD and the municipal authorities, but his reports about the vulnerability were ignored. Therefore, Petkov published a video to draw attention to the problem. Also, the man posted in the same comment a link to GitHub with PoC-code, opening access to it to everyone.

Even worse, the research explains that the same system is used in other Bulgarian cities, which means that hackers can freely obtain personal data of residents, including passport, information about their marital status, nationality, their relatives, etc.

Shortly after the public disclosure of information about the vulnerability, Bulgarian law enforcement officers arrested Petkov. He was arrested for 24 hours, but the researcher was later released.

According to the Bulgarian Media, the Prosecutor's office intends to charge the man under the article "illegal access to computer information protected by law". Petkov faces from one to three years in prison and a fine of about $ 2,900.

Although the man is now in trouble with the law, he achieved his goal - the problem was noticed, and after the incident the municipality refused to use vulnerable software, as they also failed to contact its developers and get official comments. The Mayor of Stara Zagora Zhivko Todorov told the media that the developer will eliminate the vulnerability at their own expense.

Author of Three Critical Ransomware Families Arrested in Poland




A well-known cyber-criminal believed to be the author of the Polski, Vortex, and Flotera ransomware strains, Tomasz T. was arrested in Poland on Wednesday, but the announcement was made by the Polish Law Enforcement on Friday.

They had been tracking him for quite some time and were ready this time to go ahead with the arrest.
Tomasz T. a.k.a. Thomas or Armaged0n - a Polish citizen who lives permanently in Belgium is responsible for conducting cybercrime such as DDOS attacks, sending malicious software to compromise several computers and using ransomware to encrypt the files.

While working through Europol, the Polish police had alerted their Belgium counterparts, who thusly searched his house and seized the computer equipment, laptop and remote servers also including encryption keys.

 “Apparently, the suspect has been active since 2013, when he first started targeting users via a banking trojan that would replace bank account numbers in users' clipboards with one of his own, so to receive undeserved bank transfers.”
-          according to the Prosecutors.

He was able to spread this ransomware through the means of email by pretending to impersonate official correspondence from well-known companies such as DHL, Zara, Cinema City, PAY U, WizzAir and many more. While utilizing the Online portal, Tomasz operated under the epithet "Armaged0n," which he used on the infamous Hack Forums cybercrime portal too.

The Polish tech news site Zaufana Trzecia Strona (ZTS) was the first to draw the lines between the three ransomware strains to the Armaged0n persona and later tracked down an extensive email spear-phishing operation.

Armaged0n Hack forum profile

The police suspects that Tomasz infected thousands of users with ransomware and made over $145,000 from his criminal undertakings. ZTS, CERT Poland, security analysts, police, and the impersonated companies all worked together to track him down.

Polish Cybercriminal has been accused with various complaints such as accepting and transferring funds from crimes, infecting computer systems with malware such as the Polish Ransomware, Vortex or Floter and for influencing automatic data processing for financial benefits. All these ransomware’s Decryption keys have likewise been collected from his system.

The suspect, questioned by the prosecutor, conceded to the 181 different crimes that he was charged with.

Nonetheless, after performing the procedural steps, the prosecutor filed a motion to apply to him a temporary detention for a period of three months.

Creator of 'Mariposa botnet' sentenced to 58 months


A Slovenia hacker accused of writing code of one of the largest known botnet "Mariposa botnet" and sentenced to 58 months by Slovenia court, BBC reports.

Mariposa(Spanish word for 'Butterfly') botnet is notorious botnet discovered in 2008 designed to steal sensitive information.

The botnet reportedly infected more than 12 million computers, used for Denial of service attacks, email spamming.

Matjaz Skorjanc, a 27-year-old, known with online name "Iserdo", was arrested in 2010 and found guilty of creating the malicious program and assisting others in wrongdoings and money laundering.

The court also ordered him to pay 3,000 euro($4,100) fine and give up a flat and a car that he bought with money earned by selling malicious program to a Spanish criminals.

His girlfriend "Nusa Coh", known with her IRC nickname "L0La" was also sentenced to 8 months probation for doing money laundering.

Hacker sentenced to 18 months for hacking US government systems

A Pennsylvania hacker has been sentenced to 18 months for hacking into and selling the access to various computer networks, also fined $25,000.

According to the Boston Globe, Andrew James Miller, 24 year old, who lives with his parents in Pennsylvania, hacked into the computers of various law enforcement agencies, academic institutions, corporations and government agencies including the Dept. of Energy.

He is said to be part of the part of a underground hacker group called "
Underground Intelligence Agency" with online moniker "Green.

The man asked sorry for his actions and said "wish to do anything I can to correct the situation".

Assistant US Attorney Adam J. Bookbinder highlighted that Miller was fully aware that his actions are illegal. But because of making money, he was willing to do it.

12 Year old Anonymous hacker hacks websites for Video Games


A 12 year old school boy from Quebec has admitted hacking several government and police websites as part of Anonymous operations  in spring 2012.

According to Toronto sun report, the boy whose name can't be published is said to have involved with computer since he was 9 year old.

His actions were not politically motivated.  He traded the pirated information for video games.

The hacker is said to have hacked websites including government sites of Chile, Montreal Police sites, , the Quebec Institute of Public Health and some other websites.


Court heard he used different cyber attacks including defacing websites, compromising data from servers and Denial of service attacks.

Silk Road taken down by FBI

Notorious online marketplace "Silk Road" has been taken down by the FBI and the owner "Ross Ulbricht" a.k.a (Dread Pirate Roberts) has been arrested . Proving that "Perfect security is impossible"

He has been charged with  conspiracy to traffic narcotics, conspiracy to hack computers, and conspiracy to launder money.

The website now shows a "This Hidden Site Has Been Seized" message





Silk Road was the drug dealing website in the world .It used the "TOR hidden network" to hide itself and its users.It seems Ross Ulbricht was caught due to his own mistakes and NOT due to a vulnerability in the TOR network.


This site had been a major point used lawmakers and politicians to try to curtail the growth of the TOR
 network.And now the recent actions by the FBI against many hidden sites in the TOR network is indeed a very big setback for it.

All the transactions in silkroad were done using Bitcoins and since the news of Ross Ulbricht's arrest bitcoin value has dropped quite a bit (Due to paranoid selling). But this is just the currency stabilizing itself, when it stabilizes BTC value will rise again. And the removal of association from such illigal market places might actually be a good thing for bitcoins.

Ross Ulbricht's LinkedIn Profile:http://www.linkedin.com/in/rossulbricht
Full Arrest Warrant: http://www1.icsi.berkeley.edu/~nweaver/UlbrichtCriminalComplaint.pdf
Full Details on how he was caught: https://medium.com/p/d48995e8eb5a



Note: I Will update as the story develops . You can tweet me at @SuriyaME   if you have something to add to this article. 

Scammer who stole financial info arrested by CIB


An alleged scammer who is responsible for stealing personal data of more than 10,000k people through a spam mail pretending to be from the Bureau of National Health Insurance has been arrested in China.

Surnamed Pan, tricks victims into download and open the attachment that contained a malicious software allowing him to steal the personal data from the affected computers.

According to China Post report, he used few techniques to avoid the antivirus detection and tested his malware numerous time before launching the real attack.

Criminal Investigation Bureau (CIB) said he had stolen "vast amounts of classified financial information from location companies".  He then used those details for accessing the online banking accounts and committed credit card fraud.

Hacker arrested by Taiwan Police for hacking classic music website


The China Posts reports that Taiwan police has arrested an individual suspect surnamed Shih on May 1 for hacking into a popular local classic music website.

The police raided the apartment of Shih and seized his computer which is found to be used in his hacking attempts.

The hacker admitted that he hacked into the website's customer database and made unauthorized changes to customer data by exploiting the SQL Injection vulnerability.

Criminal Investigation Bureau (CIB) stated the investigation was launched after it received a report from the web site's operator who said their site had been been hacked in March.

Accused SpyEye Virus creator extradited from Thailand to US


An Algerian man who is believed to be the creator of the infamous Banking Trojan "SpyEye" was extradited from Thailand to the United States to face charges.

Hamza Bendelladj, 24-year-old, also known as Bx1, will face charges for allegedly playing a role in developing, marketing ,distributing and controlling the SpyEye virus, according to FBI report.

SpyEye is a Banking Trojan(similar to Zeus virus) that steals confidential personal data and finance information such as online banking credentials , credit card information.

He was arrested at Suvarnabhumi Airport in Bangkok, Thailand, on Jan 5, while he was in transit from Malaysia to Egypt.

If convicted, he will face a maximum sentence of up to 30 years in prison for conspiracy to commit wire and bank fraud; up to 20 years for each wire fraud count; up to five years for conspiracy to commit computer fraud; up to five or 10 years for each count of computer fraud; and fines of up to $14 million.

Ex-employee arrested for hacking into High-voltage power manufacturer's network


A Software programmer who was employed at the High-voltage power manufacturer company arrested for hacking into the computer network of the company.

According to the FBI report, Michael Meneses, was employed at the victim company as a software programmer and system manager specializing in developing and customizing the software that the company used to run its business operations.

He was one of two employees who were primarily responsible for ensuring that the software that drove the company’s manufacturing business. His responsibilities gave him high-level access to the company’s computer network.

He had voiced displeasure at having been passed over for promotions, tendered his resignation in late December 2011.  Then, he allegedly launched cyber attack against the company and steal employee's security credentials.  He then used those credentials for accessing the network remotely via VPN.  The complaint says the company suffered over $90,000 in damages as a result of Meneses’s intrusions.

If convicted, he will face a statutory maximum sentence of years’ imprisonment, a $250,000 fine, and restitution.

Cybercriminals behind Carberp Trojan arrested in Ukraine


The masterminds allegedly behind one of the notorious banking Trojan Carberp that stoles millions of dollars and the developers have been arrested in Ukraine.

Carberp is a banking Trojan that first appeared in 2010 and started as a private malware used by a single group.  The gang in 2011 sold the malware's builder, a tool used to customize their Trojan program for $10,000 to a limited number of customers.

28-year-old Russian, the alleged leader of the group arrested along with about 20 individuals aged between 25 and 30 years old.

According to Kommersant Ukraine report, the cyber criminal ring is responsible for stealing more than $250 million in Ukraine and Russia alone.

5 CyberCriminals arrested for stealing 2 million Euros via e-banking hacks


Slovenian Police performed 12 house searches and arrested five cyber criminals who are believed to be responsible for the malware attacks that steals money from companies bank accounts.

It all started last year when the Slovenian national Computer Emergency Response Team(SI-CERT) started receive reports regarding a malware attacks.

The victims received emails pretending to be coming from a local bank and state tax authority with a Trojan horse attached.

The malware installs the Remote Administration tool that steals victim's e-banking credentials and send it to the cyber criminals.

"With stolen credentials and in the case where the victim did not remove the smart card containing the bank-issued certificate from the reader after use, the doors to the company's bank accounts were left open to the criminal gang." SI-CERT's report reads.

The attackers cleverly planned their attacks to happen on Fridays or the day before national holidays, so that the companies wouldn't immediately notice the theft.

According to the report, the criminal group used 25 money mules to transfer around 2 million Euros.

More than 1600 Indians were arrested in 2011 for CyberCrimes

cybercrime and law in india

More than 1,600 Indians were arrested in 2011 for Cyber Crimes registered under the Information Technology (IT) Act (2000) and under sections of Indian Penal Code (IPC), nearly 30% more than previous year.

According to Times of India report, Indian Minister of State for Communications Milind Deora said that a total 1,630 persons arrested in 2011 comprised 1,184 under Information Technology (IT) Act (2000) and 446 under sections of the Indian Penal Code (IPC) related to cybercrimes.

In 2010, the number of arrests for cybercrime under the IT Act (2000) was 799 and 394 under sections of the Indian Penal Code (IPC), making a total of 1,193.

Last year's cybercrime cases pertained to tampering computer source documents, hacking, obscene publication/transmission in electronic form and failure of compliance/order of certifying Authority, among other reasons.

Feds charge Anonymous spokesperson Barrett Brown for sharing link to stolen credit card data


Is it crime to share a link to data leaks? The Today indictment of Anonymous spokesperson shows sharing link to data leaks is crime.

Barrett Brown , the former spokesperson for the Anonymous hacktivist, has been charged of one count of trafficking stolen authentication features, one count of access device fraud, and ten counts of aggravated identity theft.

The charges are related to the Stratfor hack carried out by hacktivists at the end of 2011.

Brown isn’t charged with committing the stratfor hack but for posting links to file contains the 5,000 credit card details that were stolen in the incident.

" By transferring and posting the hyperlink, Brown caused the data to be made available to other persons online, without the knowledge and authorization of Stratfor and the card holders." The Feds says.

From the story, We can come to a conclusion that all Journalist who covers the hacking incident and links to data leaks are making crime.

At that time of stratfor hacking incident, links to the stolen credit card details were widely shared on twitter - are all the users who shared the links going to be rounded up and arrested, too?

Anonymous hacker convicted for attack on PayPal, Visa and MasterCard as part of Operation Payback

Anonymus hacker

A British Student hacker associated with the Anonymous hacktivist has been convicted in UK for his involvement in series of cyber attacks against the Paypal, Mastercard, Visa in 2010 as part of 'Operation Payback'

Christopher Weatherhead, 22 year-old, online handle 'Nerdo', was found guilty following the guilty pleas of three others — Jake Birchall, Ashley Rhodes and Peter Gibson.

The four hackers were arrested for orchestrating denial of service attacks against the companies because they had stopped processing payments for WikiLeaks. The attacks cost PayPal £3.5m.

The hacker also overwhelmed the servers of the British Recorded Music Industry and replaced with a message :

"You've tried to bite the Anonymous hand. You angered the hive and now you are being stung."

Weatherhead, who will be sentenced at a later date, could face up to 10 years in prison.