Hack Blotter

FROM THE EDITORS AT CYBERSECURITY VENTURES

Q4 2016

HackBlotter.com provides chief information security officers (CISOs), IT security teams, and the cyber community with a quarterly diary of noteworthy cybercriminal investigations, apprehensions, arrests and convictions.

CRIME WATCH

Local law enforcement agencies invest into new cybercrime units and labs

bradcaseyheadshotBrad Casey

Menlo Park, Calif. – Jan. 3, 2017

Cyber crooks were caught and convicted for hacks on airports, banks, governments, hospitals, and universities during the last quarter of 2016. The perpetrators included a former Marine, a slew of teenagers, solo hackers and hacktivists, and organized cybercrime groups in the U.S. and internationally.

Millions of dollars were invested into new cybercrime units in Atlanta, Ga. and New York City — which are aiding in investigating and prosecuting cybercriminals.

“We expect to see more cyber combat units opening and expanding across the U.S.” says Steve Morgan, founder and Editor-In-Chief at Cybersecurity Ventures. “Street criminals have shifted to the web, and the local police are catching up” adds Morgan.

RAP SHEET

December

Dec. 29. Former Shelton, Conn. high school student was arrested and charged with computer crimes in the third degree after launching DDoS attacks through a cell phone.

Dec. 27. Nine teenaged hackers associated with Anonymous hacktivism arrested in Thailand.

Dec. 27. Cyber security meets securities fraud as 3 Chinese hackers charged by Manhattan U.S. Attorney’s Office.

Dec. 26. Thai hackers seek revenge for new cybercrime law by hacking government systems.  Thai officials seek revenge by arresting them.

Dec. 21. Saudi hacking group hacks Netflix and Marvels Entertainment Twitter accounts.  

Dec. 20. A new Atlanta cybercrime unit will be aiding in prosecuting cybercriminals who hack into private networks and steal proprietary data, according to the U.S Attorney’s Office Northern District of Georgia.

Dec. 19. The U.S. Department of Justice reports 3 Romanian Nationals allegedly infected more than 60,000 computers, sent out over 11 million fraudulent emails and stolen at least $4 million.

Dec. 18. Nigerian hacker arrested for hacking Los Angeles County email system.  Personally identifying information of approximately 750,000 possibly exposed.

Dec. 15. One arrested for hacking applications for Honk Kong toymaker, VTech.  Personally identifying information of approximately 200,000 children possibly exposed.

Dec. 14. Culprit in largest theft of customer bank data arrested at John F. Kennedy Airport as he returns from overseas.

Dec. 13. Thirty-four suspects arrested in 13 countries in massive DDoS-for-hire-scam.  Many suspects were teenagers.

Dec. 13. 17-year-old sentenced to 12 months rehabilitation after hacking British telecom as a 16-year-old.  Hack done with an iPhone.

Dec. 13. Bulgarian man who used GozNym malware as part of a bank fraud scheme brought before U.S. Federal Court in Pittsburgh.

Dec. 12. 5 arrested by FBI and Europol in take down of Avalanche phishing network.  Millions of computers infected prior to take down thanks to double fast flux method.

Dec. 8. 17-year-old evil genius sentenced to four years in Massachusetts state custody for leading a group of villainous hackers.

Dec. 7. Bahamian hacker who stole unreleased celebrity sex tapes sentenced to 5 years in federal prison by judge in U.S. Southern District of New York.

Dec. 5. Aaron Glende, a.k.a. IcyEagle, of Winona, Minn. was sentenced to 4+ years for selling stolen login credentials on the dark web – including usernames and passwords to bank accounts.

Dec. 4. Alleged hackers Office of Personnel Management arrested by Chinese government.  Whether hack was directed by Chinese government still unclear.

Dec. 1. U.S. and European officials put five key suspects in custody as part of a cybercrime takedown involving a group accused of causing hundreds of millions of dollars in losses worldwide.

November

Nov. 28. 19-year-old autistic Australian arrested for hack of air traffic control system at Tullamarine Airport.  One plane forced to abort scheduled landing during the hack.

Nov. 26. Rangers arrest 4 individuals associated with hacking group that commits millions of dollars worth of financial fraud.

Nov. 25. Fifth arrest made in conjunction with TalkTalk hack when police arrest 18-year-old in Wales.

Nov. 25. Hacktivist, Deric Lostutter pleads guilty to illegally accessing a computer without authorization when he attempted to bring attention to sexual assault case involving 2 of Steubenville High School’s athletes.

Nov. 18. 3 hackers arrested for mobile upgrade scam against mobile operator Three customers.  Database containing personally identifying information of 8.8 million customers possibly exposed.

Nov. 17. A $10 million 17,000 square foot cybercrime lab has opened in the Manhattan (NYC) District Attorney’s office. The lab is involved with investigating cybercrime and identity theft.

Nov. 14. 31-year-old man with Aspergers syndrome extradited to U.S. for stealing data from FBI, NASA, and Federal Reserve.

Nov. 10. Former Marine arrested for conducting a man-in-the-middle attack against Google Maps and the FBI.  Recorded private phone conversations in the process.

Nov. 4. Jonathan Powell, 29, was arrested by the FBI for trying to hack approximately 2,000 email accounts at two universities in the New York City area.

Nov. 4. 14 arrested, mostly in London, for conducting massive cyber bank fraud scam.  11 million Euros laundered.

Nov. 2. Arizona man arrested for hacking email accounts at 1 university in New York and another in Pennsylvania.  Also tried to hack 75 other universities.

Nov. 2. Commanding Officer of NYPD’s 10th Precint reports a significant uptick in grand larcenies over the last 28-day period — comprised largely of cyber crime.

Nov. 2. Former teen Canadian hacker serving 4-year prison sentence for hacking U.S. federal agencies.

October

Oct. 31. Ryan Collins sentenced to 18 months in jail after hacking 50 iCloud accounts of celebrities.  Some celebrities included Jennifer Lawrence and Kirsten Dunst.  

Oct. 31. Arizona man arrested for DDoS-ing 9-1-1 emergency system by utilizing JavaScript exploit.

Oct. 28. Dwayne Cartouche Hans Jr, of Richland, Washington arrested after stealing $134,000 from a bank.  Utilized Home IP address, and personal e-mail account in scam.

Oct. 26. 29-year-old Russian hacker arrested in Prague after hacking LinkedIn and Dropbox.

Oct. 24. Martin Gottesfeld charged with DDoS-ing Boston Children’s Hospital and Wayside Youth Family Support.  Claims he did it to fight the wrongful treatment of children.

Oct. 19. Russia demands that suspected LinkedIn hacker be returned home to Russia.

Oct. 17. Justice Department charges Ardit Ferizi with stealing personal information of military troops and passing the information along to ISIS.  Believed to be the leader of Kosova Hacker’s Security.

Oct. 14. You could be arrested for bringing a Samsung phone onto an airplane. You can’t even place your phone in checked luggage.

Oct. 13. Chinese hackers arrested at the request of U.S. government for hacking U.S. businesses.

Oct. 11. Perpetrator in world’s largest bank hack arrested in Russia.  Extradition process a little hazy.

Oct. 11. Hacker of Hillary Clinton’s illicit email server transferred from U.S. to Bucharest where he will serve a separate sentence for hacking in Hungary.  

Oct. 10. 2 Dutch members of hacking group Lizard Squad charged with hacking in Chicago District Court.  Suspected of hacking Playstation and Xbox Live networks during Christmas 2014.

Oct. 7. After being fired from the IT department of Lucchese Bootmaker, ex-employee hacks into company server and essentially shutsdown network.  Arrested by FBI.  

Oct. 5. Indonesian man arrested in Jakarta after displaying porn on digital public billboard.  Accused claims it was an accident.

Stay tuned for the Q1 2017 edition of the Hack Blotter.

Brad Casey is a freelancer writing about any and all things IT and cybersecurity related.

grayfooterline

© 2016-2017 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this Report by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.

WeakPasswordFinder-CybersecurityVentures 300x250-gif_v2