Hack Blotter. PHOTO: Cybercrime Magazine.

Cybercriminals Are More Likely Than Ever To Get Caught

Arrests and convictions on the rise, stiffer sentences

David Braue

Melbourne, Australia – May 22, 2022

Cyberattacks have become so common and costly that it has been easy to feel like cybercriminals are getting away with murder. But the truth is somewhat less glamorous — for the criminals — with authorities reporting dozens of high-profile takedowns this year alone.

If you’re prepared to do the crime, the old saying goes, you’d better be prepared to do the time — and, as the ever-growing list of takedowns on Cybercrime Magazine’s Hack Blotter has shown, many cybercriminals are doing just that after being tracked down online and in the real world.

And while ransomware may have become big business for cybercriminals — global ransomware damages are predicted to exceed $265 billion by 2031, according to Cybersecurity Ventures — but authorities have gotten better at disrupting the campaigns and identifying their perpetrators.

In mid-January, for one, Ukrainian authorities arrested five members of a Kyiv-based ransomware gang that had made more than $1 million infecting over 50 companies in Europe and the Americas.

A day later, reports came in that Russian authorities had launched a massive operation across 25 locations — at the request of US authorities — to shut down REvil, an aggressive ransomware criminal group responsible for compromising targets including meat processor JBS and Colonial Pipeline.

Cybercrime Radio: How to make the world a safer place

Craig James, Director of Cybercrime at INTERPOL

That attack had a chilling effect in the ransomware community, where reports of unusual US-Russian cooperation had many cybercriminals concerned they were no longer safe within Russia’s borders.

Neither was 16-year-old Nikita Uvarov, who was arrested and imprisoned for five years by Russian authorities who alleged his construction of a Minecraft version of FSB headquarters constituted “training for terrorist activities.”

Video games were also no longer fun and games for Gary Bowser, a hacker who was imprisoned for over three years for selling devices that enabled customers to play pirated video games on a variety of consoles.

Ransomware gang affiliate Sebastien Vachon-Desjardins was sentenced to seven years’ imprisonment after being implicated in 17 ransomware attacks that caused over $2.8 million in damages in Canada, while US authorities charged four Russian hackers for running a campaign of cyber attacks against global oil, gas, and nuclear power organizations around the world.

Thanks to better collaboration around the world, cybercriminal investigations are now reaching every corner of the globe — as with Interpol’s December takedown of a Nigerian business email compromise (BEC) gang that had been hoarding victim credentials and targeted more than 50,000 organizations.

Airport authorities are proving highly effective at nabbing wanted persons as they transit into and out of the US, with Simon & Schuster UK employee Filippo Bernardini arrested at New York’s JFK airport in January after using identity fraud and email addresses with typos to trick authors into sending him hundreds of unpublished book manuscripts.

Meanwhile, a 14-year-old Croatian was arrested for hacking communication company Tele Operator A1 and stealing around 10 percent of its user data. Seven UK teenagers were arrested for being part of the Lapsus$ hacking group, while an Estonian man was imprisoned for more than five years after being convicted of at least 13 ransomware attacks costing victims around $53m.

Corrupt government employees were also being picked up left, right and center — including a US Department of Defense employee who used other people’s identities to secure over $244,500 in loans, and the wife of a US Navy engineer who conspired with her husband to sell secret data about nuclear submarine programs to a foreign government.

And the horse you logged in on

As well as arresting the people committing ransomware offenses, authorities are also getting better at taking down the infrastructure they rely on — including an underground VPN provider called VPNLab.net shut down by Europol — and investigating the low-level mechanisms used to hide the proceeds of cybercrime.

Law enforcement agencies are also refining their techniques for identifying the operators of supposedly-hidden dark web sites, with Canadian authorities shutting down a dark web marketplace called Canadian HeadQuarters that marketed malware services — and fined its operators more than $300,000.

The international composition of authorities like Interpol — which has 194 member countries — has proven uniquely valuable for investigating online cybercrime, which rapidly and regularly spans international borders and is suited to multi-agency investigations.

“I’m viewed as someone from Interpol who is neutral,” Interpol director of cybercrime Craig Jones told Cybercrime Magazine, noting that cybercrime “is a transactional crime type and we need global solutions to this.”

Thanks to Interpol’s remit, Jones said, “I can go into any of our 194 member countries, and I’m working on behalf of Interpol — and our only aim is around prevention of crime.”

“It doesn’t matter who a threat actor is,” he said. “If the threat actors are causing harm to a community, using a prevention methodology we can then prevent crimes — whether it’s drug smuggling or cybercrime.”

Increasing global collaboration has also helped authorities improve their pursuit of cryptocurrency thieves, thanks to improved methods for tracing criminal transactions across the blockchain.

In January, for example, authorities indicted the former operator of cryptocurrency exchange Cryptsy for embezzling over $1 million in cryptocurrency from its users.

Justice Department authorities seized more than $3.6 billion worth of cryptocurrency that had been stolen from Hong Kong cryptocurrency exchange Bitfinex in 2016, arresting two suspects for trying to launder the money.

UK authorities recovered $5.4 million in cryptocurrency funds stolen from victims in a cryptocurrency scam, while the founder of Indian cryptocurrency exchange BitConnect was charged over a Ponzi scheme that took $2.4 billion from investors to whom he promised “substantial profits and guaranteed returns.”

Sometimes authorities use roundabout methods to convict cybercriminals — such as an action by Her Majesty’s Revenue and Customs to seize numerous NFTs from suspects that used fake identities and shell companies to avoid $1.8 million in value-added taxes on the NFTs.

“It might be that in a geopolitical sense, some countries are not able to have those conversations or carry out those investigations directly,” he said.

“That’s where Interpol steps into that space as a neutral organization on the crime side, and helping to be that neutral interlocutor between those countries. If we get the prevention piece right, then that will negate the crimes and the impact on our communities effectively.”

David Braue is an award-winning technology writer based in Melbourne, Australia.

Go here to read all of David’s Cybercrime Magazine articles.