05 Jan Hack Blotter, Vol. 4, No. 4: Cybercriminal Arrests And Convictions
The convergence of cybersecurity and law enforcement
– Hillarie McClure, Multimedia Director
Portland, Maine – Jan. 4, 2021
Cybercriminals kept law enforcement agencies on their toes in the final quarter of 2020. Multiple intelligence operations arrested suspects involved with business email compromise (BEC) schemes, as well as phishing and malware attacks. Interpol announced that Operation First Light, which has over 35 participating countries, has led to over 20,000 arrests of online and telephone fraudsters over the past year. The close of this year also saw a former Stradis VP sentenced to federal prison for disrupting PPE shipments during the COVID-19 pandemic.
Read on to learn about the most notable cybersecurity investigations, arrests, and convictions from the past quarter.
December
Dec. 31. A Bhopal, India court sentenced eight cyber fraudsters to five years’ imprisonment. The FBI and the Madhya Pradesh cyber police jointly investigated the case. The individuals had established a fake call center in the Indrapuri area where they posed as officials of U.S. law enforcement agencies to target U.S. loan defaulters.
Dec. 28. Britain’s National Crime Agency has arrested 21 individuals on suspicion of purchasing personally identifiable information from the WeLeakInfo website. Authorities have stated the site provided access to more than 12 billion personal records culled from 10,000 data breaches. The arrests are part of an ongoing investigation stemming from the seizure of the WeLeakInfo website in January by U.S., U.K., and EU law enforcement agencies.
Dec. 28. Directorate of Criminal Investigation (DCI) detectives arrested Sanchez Charles Ogochukwu, a Nigerian Cyber Crime suspect, at Jomo Kenyatta International Airport (JKIA).
Dec. 26. Police in Hyderabad, India arrested three persons from Bengaluru as part of its ongoing crackdown against digital lending platforms. Following the raids at Gurgaon and Hyderabad, the Cyber Crime police officials traced two call centers in the HSR Layout area of Bengaluru. These call centers employed 350 persons who harassed and humiliated clients who failed to repay loans. As many as 27 cases are registered so far at Cyber Crime police station, Hyderabad.
Dec. 22. The virtual private network (VPN) Safe-Inet used by the world’s foremost cybercriminals has been taken down in a coordinated law enforcement action led by the German Reutlingen Police Headquarters together with Europol and law enforcement agencies from around the world.
Dec. 14. An individual, formerly a juvenile, pleaded guilty in New Hampshire’s federal court to committing acts of federal juvenile delinquency in relation to a cyberattack that caused massive disruption in October 2016. The individual conspired with others to create and operate one or more online botnets to launch DDoS cyberattacks against victim computers (specifically targeting those belonging to online gamers or gaming platforms). Because the individual was a juvenile at the time of the commission of the offense, the individual’s identity is being withheld pursuant to the Juvenile Delinquency Act.
Dec. 10. Attorney General Jeff Landry’s Cyber Crime Unit arrested two Bossier City, Louisiana men for internet crimes against children. Ben Gibson, 34, was arrested and charged with four counts of pornography involving juveniles under the age of 13 (possession). Jared Kutz, 30, was arrested and charged with two counts of pornography involving juveniles under the age of 13 (possession).
Dec. 9. Four Chinese nationals were sentenced to prison sentences for participating in a scheme that planted malware on devices sold by Chinese smartphone maker Gionee. The scheme involved Xu Li, the legal representative of Shenzhen Zhipu Technology, a Gionee subsidiary tasked with selling the company’s phones, and the trio of Zhu Ying, Jia Zhengqiang, and Pan Qi, the deputy general manager and software engineers for software firm Beijing Baice Technology.
Dec. 9. Interpol announced that authorities have arrested a total of over 20,000 people in the past year in a coordinated blow against online and telephone fraudsters. Since September 2019, 35 countries have participated in the operation dubbed “First Light” that led to 21,549 arrests in more than 10,000 raids, as well as the seizure of almost $154 million of “illicit funds.”
Dec. 7. A French judge sentenced Russian national Alexander Vinnik, 41, the founder of the now-defunct BTC-e cryptocurrency exchange, to five years in prison and a fine of €100,000 for laundering funds for cybercriminals, including ransomware gangs.
Dec. 5. Italian police arrested two people who have worked at Leonardo for their alleged role in hacking the Italian defence group’s computers to steal sensitive information between 2015 and 2017, prosecutors in the southern city of Naples said. The detentions are a blow for Leonardo which, along with its aerospace activities, also has a large cybersecurity division that counts NATO among its customers.
Dec. 4. A Florida man was arrested for his part in an email scam that stole $46,000 from a Georgia town. Edward Porter Allen III was charged with computer theft for money and was extradited from Florida to Georgia where he’s jailed awaiting a decision on bail.
Dec. 3. An intelligence-driven operation conducted by the Hawks’ Serious Commercial Crime Investigation Unit in Johannesburg in collaboration with U.S Law Enforcement Agencies culminated in the arrest of three men for fraud-related charges and possession of suspected stolen property. The suspects were processed at Wierdabrug in Pretoria for their involvement in the business email compromise fraud-related crime. During September this year, the suspects allegedly created a fraudulent business email order to purchase 200 laptops worth approximately R4 million from Microsoft in the USA, to be delivered in Pretoria.
Dec. 3. The U.S. Department of Justice, the FBI, the U.S. Postal Inspection Service, and six other federal law enforcement agencies announced the completion of the third annual Money Mule Initiative. Over the last two months, the U.S. law enforcement agencies took action against over 2,300 money mules, which involved a wide range of schemes including lottery fraud, romance scams, government imposter fraud, technical support fraud, business email compromise, and unemployment insurance fraud.
Dec. 2. Ryan S. Hernandez, 21, of Palmdale, Calif., was sentenced to three years in prison in U.S. District Court in Seattle for federal crimes related to his computer hacking scheme and possession of child pornography. Hernandez and an associate used a phishing technique to steal credentials of a Nintendo employee, which were exploited to gain access to and download confidential Nintendo files related to its consoles and games.
Dec. 1. Louisiana’s Cyber Crime Unit arrested five men for allegedly committing internet crimes against children. Jared Wilkinson, 20, Pedro Moreno, 40, Gregory Pratt, 53, and Charles Howell IV, 61, were all charged with varying counts of pornography involving juveniles under the age of 13 (possession). Mostafa Rasheed, 40, was also charged with pornography involving juveniles under the age of 13 (possession), as well as sexual abuse of an animal.
November
Nov. 30. An Indian national was sentenced to 20 years in prison by a U.S. District judge in the Southern District of Texas. Hitesh Mabhubhai Patel aka Hitesh Hinglaj, 44, of Ahmedabad, operated and funded India-based call centers that defrauded U.S. victims out of millions of dollars between 2013 and 2016. Patel was also ordered to pay restitution of $8,970,396 to identified victims of his crimes.
Nov. 30. The U.S. Attorney’s Office for Central District of California sentenced Timothy Dalton Vaughn, 22, to nearly 8 years in prison. Vaughan was part of the hacker collective “Apophis Squad” and, along with others, sent threats to more than 80 school districts, reported a fake hijacking of a London-to-San Francisco plane, and tried to extort $20,000 in bitcoin from a business.
Nov. 25. A joint Interpol, Group-IB, and Nigeria Police Force cybercrime investigation resulted in the arrest of three male Nigerian nationals believed to be responsible for distributing malware, carrying out phishing campaigns, business email compromise, and extensive scams worldwide.
Nov. 23. U.S. Police made an arrest in connection with a million-dollar cyber scam involving the sale of an airplane in Australia. An investigation was launched in 2018 after a business email compromise attack interfered with digital communications between a company in New Zealand that was buying an airplane and a company in Australia that was selling it for $1,028,000. The investigation led to the arrest of 36-year-old Cletus N. Anyanwu by Houston Police and the FBI.
Nov. 23. A U.S. federal grand jury returned an indictment against Samuel Mara, 24, of Buffalo, N.Y., with threats by interstate communications and cyberstalking. The charges carry a maximum penalty of 5 years in prison and $250,000.
Nov. 19. Haryana Police arrested 11 members of two cyber fraud gangs in Sirsa for defrauding a large number of people via online companies, such as Amazon, PayZapp, and Dhani. 607 SIMs, 22 mobiles, and two laptops have been recovered.
Nov. 18. Wayne Kenney Jr., 31, pleaded guilty in U.S. District Court to unauthorized computer access and damage of protected computers. Kenney installed malicious software on Auburn, N.H. police computers that prompted ill-natured pop-up messages, as well as the police department losing control of email and social media accounts, which became defaced with embarrassing material.
Nov. 17. Symantec implicated APT10 (or Cicada) in the Chinese government-linked hack that stole sensitive information from numerous Japanese companies and their subsidiaries. The operatives have been indicted by the U.S. and sanctioned by the European Union.
Nov. 17. FIN7 recruiter, Andrii Kolpakov, pleaded guilty to conspiracy to commit wire and bank fraud and conspiracy to commit computer hacking. FIN7 is a global hacking crew accused of stealing more than $1 billion by posing as a cybersecurity vendor. U.S. prosecutors accused Kolpakov, a Ukrainian national, of working as a manager and recruiter for the crew, a role in which he hired and supervised computer specialists who spent their days stealing payment card information from dozens of companies, including Chipotle, Red Robin, and Sonic Drive-In.
Nov. 13. A joint operation, Operation Egypto, involving the U.S. and Brazilian authorities seized $24 million in cryptocurrency from an online fraud scheme that defrauded tens of thousands of investors. The operation tracked Marcos Antonio Fagundes, the online fraud syndicate’s mastermind, who is facing charges of illegal operation of a financial institution, fraudulent management of a financial institution, misappropriation, violation of securities law, and money laundering.
Nov. 12. U.S. Immigration and Customs Enforcement (ICE) Homeland Security Investigations (HSI) — in collaboration with the Brazil Ministry of Justice and the Public Security (MJSP) Secretariat for Integrated Operation (SEOPI) Cyber Laboratory — arrested 113 alleged child predators across the U.S. and in South America, Nov. 2 to 6, during phase seven of Operation Protected Childhood (OPC VII).
Nov. 12. Cryptocurrency exchange Binance has awarded $200,000 to a team of unidentified investigators after the cybercriminals behind a 2018 phishing campaign were reportedly indicted in the U.S. by the Department of Justice.
Nov. 12. Julio Manuel Reyes Zuniga was extradited to Los Angeles to face charges of a “virtual kidnapping” scam. From his prison cell outside of Mexico City, Reyes Zuniga of San Pedro, Calif., dialed families in Southern California and told them that loved ones had been abducted, demanding ransoms. Families paid cash, wired money, and handed over expensive assets to learn there had been no kidnappings.
Nov. 10. A 65-year-old man has been ordered to federal prison after admitting to conspiring to commit money laundering for his role in a complex email fraud scheme. Kenety Kim aka Myung Kim, of Firecrest, Wash., engaged in a business email compromise scheme using “spoof” emails, including false accounts for a construction company and several major appliance companies.
Nov. 4. Two former eBay executives were indicted with cyber-stalking charges connected to harassment of the editor and publisher of a newsletter critical of their former employer. Former senior director of safety and security, James Baugh, and director of global resiliency, David Harville, were charged with multiple counts by a federal grand jury in Boston, Mass.
Nov. 5. The U.S. Department of Justice seized 27 more domain names that Iran’s Islamic Revolutionary Guard Corps (IRGC) used to further a global disinformation campaign. All 27 of these domains violated U.S. sanctions targeting both the IRGC and Iranian government. Four were disguised as legitimate news outlets but were used by the IRGC to target readers in the United States with the goal of influencing U.S. policy and opinion — in violation of the Foreign Agents Registration Act (FARA).
Nov. 2. The Indian State Cyber Cell has arrested three more accused from Pune, who were involved in selling Duty Credit Scrip worth 20 million rupees using the digital signatures of two companies of Pithampur. One of the culprits was an import-export consultant of a company who used to prepare the digital signature of the company with the help of another accused.
October
Oct. 29. In a rare case of international law enforcement cooperation, an American man from Mesa, Ariz., was arrested in Vietnam and extradited back to the U.S. related to charges of illegal online activity and child sexual exploitation.
Oct. 29. Ex eBay employees pleaded guilty to participating in a cyberstalking campaign against a Massachusetts couple whose online newsletter was viewed by top eBay executives as critical of the company. Federal prosecutors in Boston said former eBay employees Stephanie Stockwell and Brian Gilbert harassed the couple via Twitter and sent them disturbing packages to their home, including a bloody pig mask and live spiders and cockroaches.
Oct. 27. Only days before the November election, Microsoft turned to a federal judge in Alexandria, Va., arguing a ransomware network run by Russian-speaking cybercriminals posed a growing threat to the integrity of the vote. The corporation asserted its computer code is illegally used to operate Trickbot ransomware.
Oct. 23. A federal grand jury indicted a Costa Rican man in connection with a scheme to steal over $1 million from people who believed they had won the lottery and had to pay a tax in advance to receive the alleged winnings. Allan Francisco Castrillo Bastos, 39, a citizen of Costa Rica residing in El Paso, Texas, was charged with conspiracy to commit wire fraud, ten counts of wire fraud, making a false statement to obtain credit, and conspiracy to commit money laundering. Castrillo Bastos misrepresented his income by failing to disclose that it was fraudulently obtained and he disguised the income as derived from the sale of Bitcoin.
Oct. 22. The Cyber Crime Division of Karnataka Criminal Investigation Department arrested four individuals for allegedly impersonating public figures, government officers, and police officials on social media platforms to transfer funds from friends and followers. The accused misused Aadhar cards to avail SIM cards, revealing a serious flaw in the verification process followed by Mobile Service Provider Companies while issuing new mobile connections.
Oct. 21. Former Stradis VP sentenced to federal prison for disrupting PPE shipments. Christopher Dobbins, 41, hacked his former medical packaging company employer, Stradis, and sabotaged their electronic shipping records, causing more than $200,000 in damage, and delayed the shipment of PPE during the COVID-19 pandemic.
Oct. 20. The Israeli police arrested 16 suspects involved in a complex cellular fraud case amounting to over half a million NIS. The undercover operation investigated suspected fraud amounting to hundreds of thousands of NIS by a group of 16 people from all over the country, who systematically operated for a long time under the organized management of a couple from Kiryat Tiv’on.
Oct. 20. The U.S. government formally charged six Russian Intelligence officers for conducting multiple destructive malware attacks. All six individuals charged were members of Unit 74455 of the Russian Main Intelligence Directorate (GRU). The breadth of crimes that DOJ accuses the hackers of committing is extensive, including shutting down Ukraine’s power grid twice, the launch of faux ransomware NotPetya, which caused billions of dollars in damages globally, and the cyberattacks on the 2018 Olympics in South Korea.
Oct. 19. A 33-year-old Iranian national who ran a financial services company designed to circumvent financial sanctions on Iran has been sentenced in the U.S. after being arrested and extradited from the U.K. His company, Payment24.ir, was an online platform that helped Iranian nationals conduct prohibited transactions, such as the purchase of computer software and servers.
Oct. 15. William Y. Asiedu, 27, of Albany, N.Y., pleaded guilty to allegations of his involvement in an international romance scam, where suspects fraudulently obtained more than $445,000 from two women they met online.
Oct. 15. The UK’s National Crime Agency (NCA) has revealed it arrested six men in October last year as part of an international investigation into the QQAAZZ money laundering ring, which operated on behalf of some of the world’s most dangerous and prolific cybercriminals.
Oct. 8. The U.S. Department of Justice reported the seizure of 92 domain names that Iran’s Islamic Revolutionary Guard Corps (IRGC) used in a global disinformation campaign. Four of the domains claimed to be legitimate news outlets but were controlled by the IRGC, which targeted the U.S. with Iranian propaganda to influence domestic and foreign policy.
Oct. 6. A 29-year-old man from Hawaii who was arrested in May for illegally carrying ammunition during a protest rally has now been charged with orchestrating email attacks on the Honolulu Police Department’s computers. He was accused of sending thousands of emails to a server used to help report and enforce stay-at-home violations. Authorities characterized the attack as an email bomb.
Oct. 6. John McAfee was arrested in Spain yesterday and is awaiting extradition on charges of tax evasion, the U.S. Department of Justice announced. The DOJ announced the charges shortly after the Securities and Exchange Commission revealed it had brought civil charges against McAfee, alleging that he made over $23.1 million in undisclosed compensation from recommending seven cryptocurrency offerings on Twitter that were materially false and misleading.
Oct. 5. The alleged leaders of an international video game piracy group apparently didn’t do enough to protect their scheme from the prying eyes of the feds. The Department of Justice says two men have been arrested on felony charges of helping run Team Xecuter, which sold modification kits and other tools that allowed users of the Nintendo Switch and other gaming devices to play pirated versions of games.
Oct. 5. Richard Liriano, a former IT employee at a New York City-based hospital, was sentenced to 30 months in prison for using malicious software programs to hack into numerous co-workers’ email accounts. Liriano stole the usernames and passwords of 70 hospital employees, costing the hospital more than $350,000. He used the stolen credentials to hack into employees’ online accounts, which stored personal photographs, videos, and private documents including tax records.
– Hillarie McClure is Multimedia Director at Cybercrime Magazine.
