Cybercrime activity. PHOTO: Cybercrime Magazine.

Hack Blotter, Vol. 2, No. 3: Cybercriminal Arrests And Convictions

Morag McGreevey

Sausalito, Calif. – Oct. 2, 2018

Cybercrime remains an ongoing concern for law enforcement across the globe. And, as was evident in the extradition struggle between the U.S., France, and Russia, over BTC-e.com administrator Alexander Vinnik, sometimes different countries have competing aims. Nonetheless, it is in every country’s best interest to crack down on cybercrime and protect their citizens. Read on to see who was investigated, arrested, and convicted on cyber-related charges this quarter.

RAP SHEET

September

Sep. 22. Latvian man Ruslan Bondars was sentenced to 14 years in prison for facilitating cybercrime by creating and running a service named Scan4You, which allowed malware authors to check the detection rates of their malicious code.

Sep. 20. A U.S. court gave three men who pleaded guilty to developing and operating a powerful botnet known as Mirai (which, in its heyday, comprised hundreds of thousands of Internet-of-Things devices) unusually lenient sentences due to their extensive cooperation with the FBI.

Sep. 20. Romanian woman Eveline Cismaru pleaded guilty to a cyber attack that took control of two-thirds of D.C. police surveillance cameras days before President Trump’s presidential inauguration in January 2017.

Sep. 20. Shanghai police arrested a man in connection with a data leak at NASDAQ-listed hotelier Huazhu Group. According to the police, the suspect had hacked and stolen user data from hotels under the Huazhu Group and tried to sell it on overseas websites.

Sep. 19. Australian police charged a 31-year-old Brazilian born French national for crimes related to inserting skimming devices to ATMs across the Brisbane.

Sep. 18. A 19-year-old man from the United Kingdom, who was the leader of a cybercriminal group which launched distributed denial-of-service attacks against multiple websites, pled guilty to making bomb threats against thousands of schools. He was originally arrested on Aug. 31 by officers with the U.K.’s National Crime Agency.

Sep. 17. The U.S. District Court for the Eastern District of California concluded a 14-month-long civil forfeiture case to seize assets and property that belonged to Alexandre Cazes, a Canadian national who committed suicide after being arrested on suspicion of operating the darknet marketplace AlphaBay.

Sep. 17. Coordinated police raids in Germany and Sweden have resulted in the arrest of two individuals suspected of running a cyber fraud gang that used stolen payment card data to help smuggle people from the Middle East into Europe.

Sep. 14. The Supreme Court in Greece ruled today that Alexander Vinnik, the owner of the Bitcoin exchange platform BTC-e.com through which ransomware operators laundered cyber-crime money, will be extradited to Russia. France and the U.S. also sought extradition.

Sep. 14. Nigerian man Fisayo Oluwafemi was arrested in Australia for orchestrating a $3 million business email compromise scam from within a local immigration centre.

Sep. 14. A total of four suspects have been arrested in connection with the malware attack on Cosmos Bank in Pune City, India.

Sep. 13. Russian national Peter Levashov, who was extradited to the U.S. in February, pled guilty to conspiracy, wire fraud, intentional damage to a protected computer and aggravated identity theft. For two decades, Levashov ran multiple botnets that harvested online credentials while pumping out spam, banking Trojans, and ransomware.

Sep. 13. A Romanian court has ruled that Marcel Lehel Lazar, the hacker known as “Guccifer” who discovered the existence of Hillary Clinton’s private email server, will be extradited to the U.S. to serve a 52-month prison sentence.

Sep. 9. The Chinese Ministry of Public Security has detected over 22,000 cyber criminal cases and arrested over 33,000 suspects in first six months of its drive against online crime.

Sep. 8. Andrei Tyurin, a Russian citizen who is alleged to have performed key cyber-work in a hack of JPMorgan Chase & Co. and about a dozen other companies, was extradited to New York from the Republic of Georgia.

Sep. 7. The FBI charged North Korean computer programmer Park Jin Hyok with a series of high-profile cyber attacks, including the 2017 WannaCry ransomware attack and the hacking of Sony Pictures in 2014. He is also charged with conspiring with others to steal $81 million from a bank in Bangladesh.

August

Aug. 30. The Cobalt Group, a notorious hacking group that targets financial organizations and is thought to be the perpetrator of cyber attacks against the SWIFT banking network and ATM systems, has launched a new campaign targeting employees of two banks.

Aug. 30. Despite China’s efforts to crack down on cybersecurity, a hacker is now selling the data of 130 million hotel guests for eight Bitcoin ($56,000) on a Chinese Dark Web forum.

Aug. 25. Yevgeniy Nikulin, a Russian charged with hacking LinkedIn, is of great interest in a U.S. probe of election meddling, according to a Justice Department official. Russian officials have shown unusually strong interest in his case, arranging at least once to visit him in jail when the attorneys weren’t present.

Aug. 24. Former National Security Agency contractor Reality Leigh Winner, 25, has been sentenced to more than five years in prison after pleading guilty to leaking a classified report with information on Russia’s involvement in the 2016 presidential election.

Aug. 24. The Iranian hacking group known as Cobalt Dickens or Silent Librarian has continued its phishing operations undeterred by indictments from the U.S. Department of Justice. In March 2018, the DOJ charged nine hackers it believed were behind the group’s activity.

Aug. 22. According to the lawyer of President Donald Trump’s former personal lawyer, Michael Cohen, Cohen has “knowledge” about computer hacking and collusion that may interest Special Counsel Robert Mueller in his investigation into Russian interference in the 2016 election.

Aug. 20. Police in China have arrested suspects in connection with crypto theft that amounts to $87 million where cyber-criminals have targeted bitcoin holders and other digital currency users.

Aug. 20. Following the announcement of the Romanian Intelligence Service of a large-scale cyber attack on Romanian banks, Bitdefender specialists give details of the attack and its alleged association with the Carbanak group, known since 2013 for attacking over 100 banks in over 40 countries.

Aug. 20. UK hacking prosecutions have plummeted with only 47 charges recorded last year. A lack of resources is one of the reasons for this exceptionally low prosecution record.

Aug. 18. Police in Florida have arrested Ricky Joseph Handschumacher, a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars’ worth of bitcoin and other cryptocurrencies from victims.

Aug. 17. A teenager from Melbourne, Australia is facing criminal charges after he allegedly accessed Apple’s network without permission, leading to the theft of documents and the apparent compromise of customer accounts.

Aug. 15. Two Nigerian nationals have been convicted in federal court in Atlanta on a variety of charges after luring employees at Georgia Tech and the University of Virginia into giving them personal information.

Aug. 13. The FBI is warning financial institutions that their ATMs could be targeted in a hacking attempt.

Aug. 10. Police arrested actor Jiratpisit “Boom” Jaravijit, 27, in Chatuchak district of Thailand for alleged money-laundering following a complaint that he fraudulently lured a foreigner into investing 797 million baht in digital currency.

Aug. 2. The U.S. Justice Department announced that three Ukrainians have been arrested on criminal hacking charges including stealing payment card numbers, in attacks on more than 100 U.S. companies.

July

Jul. 30. Russian hackers are alleged to have attacked a Swiss lab that analyzed Novichok nerve agent samples from Salisbury.

Jul. 27. Ecuador’s president says his government is talking to British authorities about how to end Julian Assange’s asylum in its London embassy. Ecuador granted Assange asylum in 2012, but he faces arrest in Britain for breaching his bail terms and could be extradited to the United States.

Jul. 24. Yevgeniy Nikulin, accused of hacking into LinkedIn, Dropbox and Formspring, is currently on suicide watch, and refuses to cooperate with his lawyer. He pleaded not guilty to the charges against him.

Jul. 22. Security experts speculate that state actors were likely behind Singapore’s biggest ever cyberattack, due to its scale and sophistication. Hackers broke into a government database and stole the health records of 1.5 million Singaporeans, including Prime Minister Lee Hsien Loong.

Jul. 19. President Donald Trump declined Russian President Vladimir Putin’s offer to interrogate the 12 Russian intelligence officers indicted on charges linked to attempted interference in the 2016 U.S. presidential election.

Jul. 17. 21-year-old Susan Atrach was charged for hacking into Selena Gomez’s email account and extracting sensitive data. Atrach was charged with felonies that include stealing computer data to conduct fraud, identity theft, obtaining money or data using illegal means and hacking into celebrity accounts.

Jul. 16. Russian President Vladimir Putin said that he may give U.S. officials access to the 12 alleged Russian intelligence agents and computer criminals named in a U.S. Department of Justice indictment earlier in the week.

Jul. 16. According to Russian President Vladimir Putin, Russia was the target of almost 25 million cyber-attacks during the World Cup. The president did not indicate who may have been behind the attacks.

Jul. 14. Alexander Vinnik, an administrator of the Bitcoin platform BTC-e who was arrested in Greece on an international warrant for cybercrime, has been ordered by a Greek court to be extradited to France. Vinnik is appealing the court’s decision.

Jul. 14. Ireland extradited Irish national Gary Davis to the United States to face charges that he helped run the now-defunct Silk Road, the online black market where illegal drugs and other goods were bought and sold.

Jul. 13. The Justice Department announced the indictment of twelve Russian intelligence officers for their role in Russia’s interference in the 2016 election.

Jul. 11. Eight individuals have been arrested for allegedly defrauding companies and U.S. citizens out of $15 million.

Jul. 11. U.S. cybersecurity firm FireEye claims that a Chinese espionage group has hacked several key Cambodian government entities ahead of the Kingdom’s national election.

Jul. 9. Former hedge fund manager Vitaly Korchevsky and securities trader Vladislav Khalupsky were convicted of participating in a scheme that made $30 million by trading on information from stolen press releases. The two worked cybercriminals to hack major newswire companies and lift press releases ahead of their distribution.

Jul. 6. A Chinese wind turbine company convicted of stealing clean energy software from a Wisconsin firm was fined $1.5 million and given a year’s probation to pay off more than $58 million in restitution.

Jul. 6. The New Zealand Court of Appeal has upheld the decision that German-Finnish internet mogul and Megaupload founder Kim Dotcom can be extradited to the United States for prosecution on criminal copyright infringement and related charges.

Hack Blotter Archives

Morag McGreevey is a freelance writer covering cybersecurity, national security, VC deals, and investing.