Cybercrime activity. PHOTO: Cybercrime Magazine.

Q1 2019 Hack Blotter: Cybercriminal Investigations, Arrests And Convictions

Morag McGreevey

Toronto, ON. – Jan. 2, 2019

The last quarter of 2018 saw significant arrests for cyber crime. The biggest news of Q4 is undoubtedly worsening relations between the U.S. and China. In December, the U.S. accused China of a 12-year campaign of cyberattacks targeting technology and trade secrets from corporate computers across almost every global industry. China’s Foreign Ministry spokesperson Hua Chunying has denied these allegations, stating that “the Chinese government has never participated in or supported anyone in stealing trade secrets in any way.” Read on to see who was investigated, arrested, and convicted on cyber-related charges this quarter.

RAP SHEET

December

Dec. 25. The Federal Bureau of Investigation and INTERPOL have declared two Ghanians and two Nigerians wanted for their alleged involvement in a $15 million fraud. According to information circulated by the U.S. Department of Justice, the suspects are facing trial in absentia.

Dec. 23. Two Ghanaian citizens and one Nigerian citizen residing in Ghana were arrested by a combined team of security personnel from the Economic and Organised Crime Office, INTERPOL and Bureau of National Investigations and will be extradited to the USA in order to face charges filed in the Western District of Tennessee. The three face charges of conspiracy to commit wire fraud, wire fraud, conspiracy to commit money laundering, conspiracy to commit computer fraud, and aggravated identity fraud.

Dec. 23. A group of officials from the FBI and the Royal Canadian Mounted Police flew to India in July and called on the chief of the police in Noida, adjoining the national capital, in a meeting coordinated by Interpol. The details of the closed-door meeting remained private until a series of raids were reported, indicating a massive crackdown began on fake call centres.

Dec. 21. The U.S. Justice Department indicted two Chinese hackers tied to Beijing’s security services who allegedly targeted companies and agencies in a dozen countries. The DOJ alleges that they were part of a decade-long, government-sponsored global hacking campaign that included the alleged theft of information from 45 US tech companies and government agencies.

Dec. 21. China hit back at the U.S. after the Justice Department brought charges against two of its citizens. China’s Foreign Ministry spokesperson Hua Chunying denied the allegations and stated that “the Chinese government has never participated in or supported anyone in stealing trade secrets in any way.”

Dec. 20. Authorities in the U.S. brought criminal hacking charges against three men as part of an unprecedented, international takedown targeting 15 different “booter” or “stresser” sites — attack-for-hire services that help paying customers launch digital sieges.

Dec. 19. The Greek Supreme Court has accepted a French extradition request for Alexander Vinnik, a Russian bitcoin fraud suspect. The same court has, confusingly, already agreed to extradite to the US and Russia. The accused will remain in Greece until officials sort out the issue of the conflicting decisions.

Dec. 12. Hackers behind a massive breach at hotel group Marriott International left clues suggesting they were working for a Chinese government intelligence gathering operation.

Dec. 10. Andrey Ghinkul, a Moldovian national, was sentenced to time served by a federal court for his crime of conspiracy and damaging a computer. He faced up to 108 months in prison, but cut a deal with prosecutors.

Dec. 6. The arrest of Meng Wanzhou, the chief financial officer of Chinese telecommunications company Huawei, has added a new layer of tension to the United States’ relations with China. Meng was detained in Vancouver, Canada and is sought for extradition by the United States. The arrest is related to alleged violations of US sanctions against Iran.

Dec. 4. The Delhi Police arrested nearly two dozen people on suspicion of defrauding people by sending fake pop-up messages warning them that their computers were infected with a virus and offering to fix the problem at a price. The arrests were made after input from the US Federal Bureau of Investigation and Interpol.

Dec. 3. The Greek Supreme Court has postponed the hearing on appeal of the extradition of Russian national Alexander Vinnik to France, where he is suspected of cybercrimes.

Dec. 3. The government of the United States of America has issued a warning to Ghana and five other African countries to be wary of two cryptocurrency fraudsters who are using investment mechanisms to defraud innocent people.

November

Nov. 30. A yearlong joint investigation between the FBI and the Daytona Beach Police Department’s Advanced Technology and Cyber Crimes Unit has led to the arrest of an Embry-Riddle Aeronautical University employee and a graduate student for allegedly hacking the university’s computers.

Nov. 28. Two Iranian computer hackers were charged in connection with a multimillion-dollar cybercrime and extortion scheme that targeted government agencies, cities and businesses. Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri are accused of creating ransomware known as SamSam that encrypted data on the computers of more than 200 victims.

Nov. 28. The U.S. Department of Justice confirmed that a number of Russian threat actors have now been indicted for their part in a Pornhub hack and the ongoing advertising fraud campaign behind it. A joint effort by the Federal Bureau of Investigation and the Department of Homeland Security has resulted in the takedown of the major online fraud operation.

Nov. 28. The lawyer for Alexander Vinnik, the alleged former operator of defunct cryptocurrency exchange BTC-e, has said that a district court in Cyprus has withdrawn their lawsuit on charges “of fraud, money laundering and other crimes.”

Nov. 28. The U.S. Department of Justice announced that it indicted eight individuals as part of a multiyear FBI investigation into gangs that allegedly perpetrated digital advertising fraud, in part, via botnets. Three of the men have been arrested abroad; the rest remain at large.

Nov. 26. The U.S. trial of the Russian hacker Yevgeniy Nikulin, accused of stealing data from LinkedIn and Dropbox, has been postponed until the defendant undergoes a court-mandated psychiatric evaluation. He is scheduled to be transferred from the San Francisco Bay Area this week to a psychiatric facility, where a doctor will determine whether he is fit to stand trial.

Nov. 26. Three Bulgarians were arrested and charged over the theft of cryptocurrencies worth about $5 million, according to the interior ministry and prosecutors’ office. Police seized cryptocurrencies worth about $3 million, as well as computers used by the suspects.

Nov. 23. Ukrainian police have arrested a 42-old-man on charges of infecting over 2,000 users across 50 countries with the DarkComet remote access trojan. The man was arrested after police executed a search warrant at his residence in Lviv, in Western Ukraine.

Nov. 21. Manhattan police arrested and charged Nicholas Truglia with 21 counts of felony crimes related to hacks against 6 individuals, including a $1 million theft of cryptocurrencies from Silicon Valley executive Robert Ross.

Nov. 19. The U.S. Department of Justice’s second-in-command Deputy Attorney General Rod Rosenstein has called on other countries to step up their efforts to extradite accused cybercriminals, warning that the U.S. will “expose” attempts by other governments “to manipulate the extradition process.”

Nov. 19. Two friends who took part in a £77m hack on the TalkTalk website have been jailed. Matthew Hanley and Connor Allsopp, both from Staffordshire, England, admitted their roles in the massive 2015 data breach, which saw 156,959 accounts accessed.

Nov. 16. The U.S. Justice Department inadvertently named Julian Assange in a court filing in an unrelated case, suggesting prosecutors have prepared charges against the WikiLeaks founder under seal.

Nov. 15. The U.S. took its efforts to extradite two alleged members of a financial hacking group to court in London. The accused are alleged to be members of the Infraud Organisation, which was behind a dark web forum said to have caused more than $530 million in losses to individuals and banks.

Nov. 15. The National Assembly of Cambodia approved a law on the extradition of criminals between Cambodia and Russia. Pen Panha, chairman of the commission on legislation and justice, said the law would facilitate the extradition of wanted criminals in both countries.

Nov. 13. Marcel Lehel Lazar, the prolific computer hacker known as “Guccifer,” was extradited to the United States to finish serving a prison sentence related to a cybercrime attack credited with exposing Hillary Clinton’s use of a personal email account while secretary of state.

Nov. 9. Bulgarian police arrested a Russian citizen identified as Alexander Zhukov. The suspected hacker is being held pending extradition to the U.S., where he has been charged with counts of computer fraud and conspiracy to commit computer fraud.

Nov. 5. The Turkish Cybercrime Department arrested 11 suspects in connection to hacking of crypto wallets. According to news reports, cryptocurrency investors whose digital wallets were hacked lost more than $80,000.

Nov. 1. The Department of Justice charged a Chinese state-owned company, its Taiwanese partner and three individuals on Thursday with stealing trade secrets from an American technology company, the latest move by the Trump administration to crack down on China’s “economic espionage.”

Nov. 1. the U.S. Department of Justice unsealed charges against two more members of the Chinese Ministry of State Security relating to a concerted effort to steal commercial aviation secrets from U.S. based companies.

October

Oct. 30. The United States indicted 10 Chinese, including two intelligence officers, over a five-year scheme to steal technology from US and French aerospace firms by hacking into their computers.

Oct. 29. Paras Jha, one of the co-authors of the devastating Mirai botnet, has been sentenced to home incarceration and community service, and ordered to pay $8.6 million in restitution for his role in a series of distributed denial-of-service attacks.

Oct. 25. An Australian woman has been charged after almost $500,000 of cryptocurrency was allegedly stolen through high-tech identity fraud. The New South Wales Police are warning investors that the theft of digital assets will soon become commonplace.

Oct. 24. Police arrested 25 Chinese and Taiwanese nationals who are allegedly involved in telecom fraud in Dingras, Ilocos Norte. The police Anti-Cybercrime Group said that the group allegedly pretended to be policemen, prosecutors or judges and fabricated warrants of arrest or court decisions against their victims, whom they asked to wire money in their bank account in exchange for dropping the fake charges.

Oct. 15. Thai police have arrested who they believe is the prime suspect in an expansive Bitcoin fraud case that swindled a Finnish investor out of nearly $25,000,000 dollars. Prinya Jaravijit was apprehended by police after arriving back in the country from the United States.

Oct. 12. For the first time, the U.S. Department of Justice announced it had arrested and charged a Chinese intelligence officer with economic espionage and theft of trade secrets from U.S. aviation and aerospace companies.

Oct. 12. The Chinese intelligence official charged by the U.S. Department of Justice was arrested in Belgium and will be extradited to the United States to face charges.

Oct. 11. Authorities in Oklahoma City arrested a man believed to be one of the most infamous “SIM swappers,” who steal cellphone numbers and use them in cryptocurrency heists. He is accused of stealing $14 million in cryptocurrency in one single heist.

Oct. 9. The cyber cell of Ahmedabad Crime Branch in India arrested 10 people, including Rahul Thakur, for allegedly leading the ‘Thakur Sena’ and spreading anti-migrant sentiments.

Oct. 9. Romeo Vasile Chita, a Romanian man accused of orchestrating a large-scale cyber fraud ring that carried out schemes to steal more than $4 million, made his first appearance in a U.S. court on Tuesday, a decade after he was first charged.

Oct. 8. Russia’s Foreign Ministry has dismissed claims that Russia tried to hack Organization for the Prohibition of Chemical Weapons during a probe into the poisoning of former Russian spy Sergei Skripal.

Oct. 6. Irish national Gary Davis, who is also known as Libertas, has pled guilty to charges related to drug trafficking and is now facing up to 20 years in prison. Davis is accused of operating the infamous dark web marketplace Silk Road.

Oct. 4. Media reports that a Russian cyber-attack on the headquarters of international chemical weapons watchdog Organization for the Prohibition of Chemical Weapons was disrupted by Dutch military intelligence.

Oct. 4. The U.S. Justice Department has indicted seven Russian military intelligence figures for their alleged role in leaking Olympic athletes’ drug-test data, and targeting organizations probing the poisoning of the Skripals in the UK.

Oct. 4. The US government warned that a hacking group widely known as cloudhopper, which Western cybersecurity firms have linked to the Chinese government, has launched attacks on technology service providers in a campaign to steal data from their clients.

Oct. 2. Turkish prosecutors ordered the detention of 417 suspects in a money laundering investigation into the transfer of about $419 million worth of foreign currency to bank accounts abroad.

Stay tuned for the Q2 2019 edition of the Hack Blotter.

Hack Blotter Archives

Morag McGreevey is a freelance writer covering cybersecurity, national security, VC deals, and investing.



+

Send this to a friend