Cybercrime activity. PHOTO: Cybercrime Magazine.

Hack Blotter: Cybercriminal Investigations, Arrests And Convictions For Q1 2018

Morag McGreevey

Sausalito, Calif. – Apr. 2, 2018

There is no denying that cybercrime has enormous stakes: one cybercrime gang stole more than $1 billion by hacking ATMs. It’s an international problem, with cyber criminals ignoring national borders in pursuit of valuable data, personal information, state secrets, and financial assets.

International law enforcement is working overtime to keep up with the sheer amount of cybercrime that takes place. There have been some major successes in Q1 2018, with major cyber criminals being arrested, charged, and extradited for trial. Check out our rap sheet covering the latest cybercrimes.

March

Mar. 30. Yevgeniy Nikulin, who is accused of orchestrating hacks against LinkedIn, Dropbox and Springform back in 2012, has been extradited from the Czech Republic to San Francisco.

Mar. 29. Europol arrested twenty suspected fraudsters in connection with a banking fraud scheme that resulted in the loss of over a million euros. The arrests are the result of a two-year investigation between the agency, the Romanian National Police, the Italian National Police, and Eurojust.

Mar. 26. The British government says that it concurs with the charges against multiple Iranians contained in an indictment announced by the U.S. Department of Justice.

Mar. 26. In a joint operation between Europol and law enforcement authorities from Belarus, Romania, Taiwan, Spain, and the FBI, the leader of a cybercrime gang that stole over $1 billion by hacking ATMs was arrested in Spain.

Mar. 23. The United States announced sanctions against nine Iranians and an Iranian company for a massive three-year campaign to hack into more than 300 universities across the world. This has been described as one of the largest state-sponsored hacking sprees to be prosecuted.

Mar. 15. The Trump administration has blamed Russia for a campaign of cyberattacks that targeted the U.S. power grid. This is the first time that the U.S. has publically blamed Moscow of hacking into American Energy Infrastructure.

Mar. 14. Jun Ying, the former chief information officer of Equifax, is facing insider trading charges after allegedly dumping his stock after learning of the company’s data breach.

Mar. 9. Two Ukrainian nationals were sentenced to five years in prison for launching DDoS attacks on dating site Anastaciadate.com in 2015.

Mar. 7. Russian President Vladimir Putin has stated that Russia would “never” extradite the 13 Russian nationals recently indicted by the U.S. Department of Justice on charges that they meddled in the 2016 U.S. elections.

Mar. 5. At a small hearing in a Moscow court, Konstantin Kozlovsky, the 29-year-old hacker at the centre of the scandal surrounding the Kremlin’s cyberattacks on the 2016 U.S. presidential election, said that he is ready to give detailed evidence that the Kremlin was directly involved in the attacks.

Mar. 4. Six months later, there has been little legislative response to the Equifax breach. Most activity has been limited to legal channels: a rare 50-state-class action lawsuit against the company will be argued in Georgia, U.S.

Mar. 2. Former U.S. intelligence contractor Reality Leigh Winner appeared in court in Augusta, Georgia, where her lawyers asked the judge to exclude her statements to FBI agents on the day she was arrested. Winner has pleaded not guilty to charges she leaked a top-secret document to the Intercept about Russian interference in the 2016 election. She faces up to 10 years in prison.

February

Feb. 26. Australian universities have been targeted by hackers with connections to Iran in recent months, and “a number of investigations” are in progress, according to cybersecurity firm CrowdStrike.

Feb. 26. Authorities in the Ukraine rearrested Hennadiy Kapkanov, the alleged mastermind of an international cybercrime gang that was uncovered in a series of international raids more than one year ago.

Feb. 24. Russian military spies hacked several hundred computers used by authorities at the 2018 Winter Olympic Games in South Korea, according to U.S. intelligence sources. The Russian spies tried to make it appear as through the intrusion was conducted by North Korea.

Feb. 20. A North Korean cyber espionage group that was previously known only for targeting South Korea has expanded its target area, with attacks now hitting Japan and the Middle East.

Feb. 17. The U.S. Department of Justice has announced federal hacking charges against Oriyomi Sadiq Aloba, a Texas resident accused of sending millions of malicious phishing emails after breaching the Los Angeles County Superior Court computer system.

Feb. 16. Former IT administrator Christopher Grupe was sentenced to 366 days in federal prison after being convicted under the Consumer Fraud and Abuse Act.

Feb. 15. A group of Ukrainian hackers used Google Ads to steal $50 million of Bitcoin from users and investors at Luxembourg-based Blockchain.info.

Feb. 15. A 24-year-old man from Britain was sentenced to two years in prison for running a website that allowed cyber criminals to test attacks against anti-virus scanners.

Feb. 14. The Bucharest Court of Appeals admitted an extradition request filed by the U.S. for two Romanians charged with hacking into the Washington D.C. Police surveillance cameras.

Feb. 12. Employees at the Russian Federation Nuclear Centre were arrested on suspicion of using the institution’s supercomputers to mine cryptocurrency.

Feb. 10. Pyeongchang Olympic organisers investigate a possible attack on their internet and Wi-Fi systems that took place about 45 minutes before the opening ceremony.

Feb. 9. One of the individuals charged by the U.S. Justice Department earlier in the week was arrested in Bangkok, Thailand and will face extradition.

Feb. 7. The U.S. Justice Department charged 36 individuals as part of a takedown of an international online cybercrime ring that trafficked personal and financial information. Thirteen of the defendants have already been arrested, including five Americans.

Feb. 5. British actor Hugh Grant settled a phone-hacking case with UK newspapers. The details of the settlement were not made public, but Grant reportedly donated a six-figure sum to Hacked Off, an anti-hacking activist group.

Feb. 5. Peter Yuryevich Levashov, believed to be one of the world’s most notorious spam kingpins, has been extradited to the United States to face federal hacking and spamming charges. He was arrested in Spain last year.

Feb. 5. An operation coordinated by the UK National Crime Agency with the support of Europol uncovered the distributors of the Remote Access Trojan (RAT) Luminosity Link, a hacking tool that allows cybercriminals to remotely gain control over victims’ computers.

Feb. 5. A Columbia University graduate student was arrested for leaving key logger malware on USB sticks left throughout campus.

Feb. 5. A U.K. Court of Appeal ruled that Lauri Love will not be extradited to the United States to face trial for his alleged involvement in a hacktivist campaign targeting the FBI, NASA, and other U.S. government agencies.

Feb. 3. The FBI has identified a new phishing scam, where the hackers created a fake federal online crime complaint portal on social media to deceive users into giving out their private information. The FBI notes that they have received over 100 complaints about the scam, although no monetary losses were yet reported.

Feb. 3. Suspected Russian hacker Pyotr Levashov, who was extradited from Spain, pleaded not guilty before a U.S. judge. Prosecutors claim he ran a massive computer network that sent out spam and installed malicious software.

January

Jan. 31. Varun Sarja, a former University of Kansas freshman, hacked into multiple campus computers to change their grades from F’s to A’s. He is now facing a string of felony computer crime charges.

Jan. 31. A former TechCrunch employee was arrested in Australia on allegations that he hacked a car sharing company, charged vehicles to other users and stole confidential customer data.

Jan. 31. A gang of criminals is using sophisticated techniques to access ATMs and infect them with specialized malware. In the security industry, this technique is known as jackpotting. This is the first jackpotting attack to be reported in the United States. So far, the thieves have stolen more than $1 million.

Jan. 26. Hackers working for the Dutch General Intelligence and Security Service penetrated computers used by the group “Cozy Bear.” Unmasking these hackers could provide key evidence for investigators trying to solve the U.S. Democratic National Committee breach.

Jan. 25. A whistleblower has claimed that the Moscow-based cybersecurity technology company Kaspersky Lab is controlled by Russian intelligence, and has been used by Russian spies to access private documents from other countries.

Jan. 21. British hacker Alex Bessell was jailed for cyberattacks against Pokemon, Google, and Skype. He was convicted of money laundering, and authorities said that he made more than £50,000 in proceeds from selling malware.

Jan. 21. Authorities in Russia have broken up a widespread scheme involving gas-station employees who used software programs on electronic gas pumps to con customers into paying more money. The Russian Federal Security Service arrested Denis Zayev on the charge that he created this software.

Jan. 19. Reports suggest that Lebanon’s government was complicit in a blatant cyber espionage campaign, undertaken by a group of operatives named Dark Caracal.

Jan. 18. Former Korn Ferry International executive recruiter David Nosal is making a last-ditch effort to stay out of prison. In 2016, his conviction for trade secret theft and violating a federal anti-hacking statute was upheld by the U.S. Court of Appeals for the Ninth Circuit. His lawyer has now filed court papers asking judges to reduce or set-aside Nosal’s prison sentence.

Jan. 16. Canadian man Jordan Evan Bloom was arrested by the Royal Canadian Mounted Police for allegedly operating LeakedSource.com and selling stolen usernames and passwords. He has been charged with trafficking in identity information, unauthorized use of computer, mischief to data and possession of property obtained by crime.

Jan. 12. The CIA has attributed to Russian military hackers a cyberattack that crippled computers in Ukraine June 2017 in an effort to disrupt that country’s financial system amid its ongoing war with separatists loyal to the Kremlin.

Jan. 10. Special Counsel Robert Mueller has added Ryan Dickey, a senior lawyer with significant cybercrime expertise, to his team. This addition suggests that Mueller’s investigation may be focusing on computer hacking.

Jan. 10. The U.S. Department of Justice unveiled an indictment against 28-year-old Ohio resident Phillip Durachinsky, who is accused of spying on Apple Mac owners via the malware strain FruitFly and producing child pornography.

Jan. 7. A thirty-year-old Hong Kong man was arrested in connection with two cyberattacks in which individuals’ sensitive information was held for ransom.

Jan. 6. Marcus Hutchins, the hero who inadvertently halted the global spread of WannaCry, is facing trial in the U.S. for creating and selling the Kronos malware, which harvests bank details. According to his lawyers, Hutchins (who plead not guilty on all charges) was coerced into giving a confession while intoxicated and sleep-deprived.

Stay tuned for the Q2 2018 edition of the Hack Blotter.

Morag McGreevey is a freelance writer covering cybersecurity, national security, VC deals, and investing.

Hack Blotter Archives



Send this to a friend