Cybercrime activity. PHOTO: Cybercrime Magazine.

Hack Blotter, Vol. 3, No. 1: Cybercriminal Arrests And Convictions

Morag McGreevey

Toronto, ON. – Apr. 1, 2019

Q1 2019 saw what may be the biggest breach of classified U.S. documents in history. Harold T. Martin III, who worked in the N.S.A.’s Tailored Access Operations hacking unit, pled guilty to taking classified documents home. Ironically, it was Kaspersky Labs that gave American intelligence officials the tip — the same company that U.S. intelligence officials have previously condemned for being too close with Russian intelligence operations.

Read on to learn about this historic news story and other major developments in cybercrime.

RAP SHEET

March

Mar. 30. Bithumb, the largest cryptocurrency exchange in South Korea, was hacked. More than 3 million EOS ($12.7 million) and 20 million XRP ($6.2 million) appears to be stolen. In an official statement, Bithumb said that all the stolen cryptocurrency is owned by Bithumb. The exchange stated that users’ funds are under the protection of cold wallets.

Mar. 29. Mark Karpeles, who headed Mt. Gox, a Japan-based bitcoin exchange that went bankrupt after a massive hacking, is appealing his conviction on charges of manipulating electronic data.

Mar. 29. Zammis Clark, a computer hacker who caused £3 million of damage in cyberattacks on Microsoft and Nintendo, was spared jail time. Clark hacked into the servers of Hong Kong-based toy firm Vtech in 2015 and gained access to millions of customer accounts, including names and addresses, download histories and profile pictures. The company was forced to suspend its shares after the breach and admitted more than 10 million accounts had been compromised.

Mar. 28. Harold Martin III, a 54-year-old former National Security Agency contractor, pleaded guilty to taking classified documents home in a deal likely to put him in prison for nine years. Martin, who worked in the N.S.A.’s Tailored Access Operations hacking unit, admitted his guilt more than two years after his arrest.

Mar. 27. A panel of experts appointed by the UN Security Council has stated that the cyberattacks on India-based Cosmos Cooperative Bank, from which hackers allegedly withdrew Rs 94 crore from ATMs in 28 countries, was “motivated” by North Korea.

Mar. 22. Vitaly Korchevsky, a former hedge fund manager and pastor, was sentenced to five years in prison and ordered to pay more than $14 million in forfeiture for his role in what the FBI billed as the largest known computer hacking and securities fraud scheme.

Mar. 21. Kim Anh Ho, a 20-year-old from Hephzibah, Georgia, was arrested and charged with conspiring to provide material support to the Islamic State. If convicted, she could face a maximum sentence of 20 years in prison for hacking in support of ISIS.

Mar. 16. Gery Shalon was charged with pilfering information from more than 80 million JPMorgan Chase & Co. clients and running online gambling, stock manipulation and money laundering schemes around the world. However, he has rarely appeared in court since he was charged with those crimes four years ago. Now, people familiar with the matter say that this is because Shalon is cooperating with U.S. authorities.

Mar. 16. An 18-year-old Japanese citizen was taken into police custody for allegedly stealing ¥15 million in cryptocurrency. The accused reportedly stole the funds by hacking a cryptocurrency-related website.

Mar. 14. Rui Pinto, a Portuguese hacker linked to the Football Leaks website that exposed alleged corruption in the sport, will be extradited from Hungary to Portugal.

Mar. 8. Last year, Chinese public security authorities cracked over 57,000 cybercrime cases in an attempt to clean up the internet. Over 83,000 suspects were arrested during the 10-month campaign, which kicked off last February.

Mar. 8. A Russian fugitive, Alexey Dolzhenkov, has been arrested in Thailand after fleeing charges related to illegal financial transactions in his home country. Since receiving Interpol notice, Thai police had tracked the man traveling and found him in Phuket.

Mar. 7. Chinese telecoms giant Huawei has sued the American government and accused it of hacking its servers.

Mar. 6. The U.K.’s National Crime Agency and National Cyber Security Centre have been investigating a suspected Russian hack into a British institute that seeks to counter Russian disinformation.

February

Feb. 27. A Russian military court delivered guilty verdicts against Col. Sergei Mikhailov, a former senior counterintelligence officer, and Ruslan Stoyanov, a Kaspersky Lab executive, of treason. The basis for the charges remains unclear, given the secret nature of the criminal proceedings.

Feb. 27. A U.S. judge sentenced website hacker Billy Anderson to three months in prison. Anderson targeted thousands of websites under the hacker name AlfabetoVirtual and boasted about his actions on a hacking forum.

Feb. 23. Russian programmer Stanislav Lisov has pleaded guilty to one count of conspiracy to commit computer hacking in the U.S. Lisov now faces up to five years in prison. Lisov was suspected of developing a “bank Trojan” called NeverQuest, abducting $855,000, and trying (unsuccessfully) to conduct other illegal financial transactions.

Feb. 20. A Thai court ruled that Dmitry Ukrainsky, a Russian man who allegedly was part of a group that stole millions of dollars from online bank accounts, can be extradited to the U.S. However, a Thai court previously ruled that Ukrainsky would be extradited to Russia, once he completed serving a prison sentence in Thailand. It is unclear whether Ukrainsky will be extradited to the U.S. or Russia.

Feb. 20. A group of hackers associated with Russian intelligence hit civil society groups across Europe ahead of the May elections there, according to a blog post published by Microsoft.

Feb. 19. A U.K. court ruled against alleged computer hacker Lauri Love in his bid to reclaim PCs that were seized from him more than 5 years ago, in relation to an extradition request from the U.S.

Feb. 17. Joshua Epiphaniou became the first Cypriot citizen to be put on trial for extradition to the United States, where he is wanted by the FBI on suspicion of extorting almost $60,000 through hacking offenses committed while still a minor. The extradition hearing is ongoing and the court has not yet decided how they will rule.

Feb. 15. Marcus Hutchins, an infamous British computer security researcher, has lost several key motions in a federal hacking case that stems from his alleged contribution to two types of banking malware. He is accused of developing and distributing Kronos and UPAS Kit, two types of banking malware, between 2012 and 2015.

Feb. 14. Australian Police say they have penetrated a $17 million drug syndicate operating on the “dark web” shipping drugs, some of which were disguised as lollies, through the post. Police say the operation was run by a 25-year-old man with highly developed hacking skills.

Feb. 13. The FBI arrested a hacker part of a hacking team known as Apophis Squad. This is the second arrest of an Apophis Squad member after UK police arrested a teenager in August 2018. The two have been charged in an indictment unsealed by the U.S. Department of Justice.

Feb. 12. Turkish police have arrested 24 people allegedly involved in a 13 million Turkish lira ($2.47 million) hack from an unnamed crypto firm in Istanbul.

Feb. 11. Lauri Love, a computer activist who has successfully resisted extradition to the U.S., has applied for the return of his confiscated computers. Love’s equipment was taken when he was arrested under the Computer Misuse Act by the NCA at his home in England in 2013. U.S. prosecutors allege that he has broken into government agencies such as the Federal Reserve, the Army, the U.S. Department of Defense, NASA and the FBI. Love has continued to protest his innocence and faces no charges in the U.S.

Feb. 8. Victor Umeakuka has been arrested for allegedly hacking into bitcoin wallets and stealing coins, which he illegally resells. The suspect, who was arrested by operatives of the Economic and Financial Crimes Commission in Nigeria, reportedly confessed to having hacked into the bitcoin wallets while posing as coin miner “Toby Campbell.”

Feb. 7. Federal authorities have charged four U.S. citizens and 16 foreign nationals for swindling unsuspecting Americans out of millions of dollars through websites such as eBay and Craigslist, the Justice Department announced. The fraud scheme was allegedly based in Romania, where agents from the U.S. Secret Service have been helping authorities locate and arrest those charged.

Feb. 6. The Paris prosecutor’s office is seeking an indictment against Gregory Chelli, a French-Israeli hacker and prank phone call maker it holds responsible for the death in 2014 of a victim of one of his extreme telephone hoaxes.

Feb. 5. Police have arrested Samatar Yusuf, the suspected leader of a cyber group that has been targeting Kenyan banks and siphoning billions of shillings of customers’ deposits. The suspect is a holder of Somali, Kenyan and U.S. passports that intelligence sources believe were acquired fraudulently.

Feb. 1. Joel Ortiz, 20, pled guilty to stealing $5 million in cryptocurrency through SIM swapping. Ortiz accepted a plea deal of 10 years in prison.

January

Jan. 29. The Prosecution Service of Hungary has accused a computer specialist of breaking into the Magyar Telekom database and committing a ‘crime of disturbing a public utility’ and endangered society. The man is defended by The Hungarian Civil Liberties Union.

Jan 29. Garda cybercrime experts are examining a massive intelligence trove from Europol which they believe could lead to the arrest of hackers involved in attacks on government websites.

Jan. 29. Russian national Anton Bogdanov, arrested at Phuket International Airport at the request of the U.S. Government, has voluntarily agreed to be extradited to the U.S. on three charges of computer crimes, as well as charges of criminal conspiracy, fraud with identification documents and money laundering.

Jan. 28. Two groups of cybercriminals have likely stolen approximately $1 billion in cryptocurrency hacks, according to a new report from Chainalysis.

Jan. 25. The Cyber Crime Cell of the Federal Investigation Agency (FIA) has apprehended a Nigerian national who was allegedly involved in bank fraud. According to FIA officials, the suspect was involved in defrauding various banks of Rs3.5 million.

Jan. 24. An investigation by EU law enforcement agency Europol and British and German police agencies has led to the arrest of a 36-year-old man suspected of carrying out a series of crypto thefts. The British man is suspected of stealing around €10 million worth of iota tokens.

Jan. 14. Chinese police have arrested a man suspected of hacking the Wi-Fi at a branch of Haidilao, a popular food chain, to broadcast pornographic videos. Law enforcement in Wuhan says the man used his smartphone to hack the hotpot restaurant’s Wi-Fi.

Jan. 12. Chinese tech company Huawei has fired a sales director who was arrested in Poland and charged with spying for China, saying he has brought the firm’s reputation “into disrepute.” Polish authorities have arrested Wang, a Chinese citizen and former diplomat, along with a Polish cybersecurity expert who had held several top government cybersecurity jobs and also worked at the telecom company Orange.

Jan. 12. Egypt’s Ministry of Interior announced that its General Directorate of Information Technology had arrested the creator of a computer program “designed to steal confidential data from Facebook accounts (phone numbers and email addresses linked to the accounts).” The suspect faces accusations of selling stolen data to other parties for money and using it for marketing and advertising on social media websites.

Jan. 11. Daniel Kaye, the British cybercriminal who admitted attacking an African phone company and inadvertently crashing Liberia’s internet, has been jailed. The 30-year-old hacker remains at the heart of a major international investigation into hundreds of acts of cyber sabotage around the world.

Jan. 10. Indian police have arrested four members of a gang of ATM hackers in Panipat, including Amit Tyagi, an MCA degree holder hailing from Jagriti Vihar in Meerut, Uttar Pradesh.

Jan. 10. According to people familiar with the matter, the National Security Agency has discovered what has been called the largest breach of classified data in its history, after it received a tip from Russian cybersecurity firm Kaspersky.

Jan. 10. Dubai Police said that they, in cooperation with the International Criminal Police Organization (Interpol) in Italy, arrested an Arab national suspected of participating in cyberattacks directed at a school in the UAE.

Jan. 8. A German high school student confessed to being behind a massive data theft of politicians’ online accounts. The incident revived concerns over cybersecurity in a country with one of the world’s toughest privacy laws.

Jan. 7. German police raided the home of a 19-year-old man identified as a witness in a massive hack that affected nearly 1,000 German politicians and other personalities.

Jan. 3. The Dark Overlord hacking group that claims to have breached a British insurer says their cache of stolen files includes confidential documents on the September 11 terrorist attacks. The group promises to release these documents, saying, “what we’ll be releasing is the truth. The truth about one of the most recognizable incidents in recent history and one which is shrouded in mystery with little transparency and not many answers.”

Jan. 1. Paul Whelan, a former U.S. Marine arrested in Russia on espionage charges, was visiting Moscow over the holidays to attend a wedding when he was arrested. The Russian Federal Security Service said he was caught “during an espionage operation,” but gave no further details.

Hack Blotter Archives

Morag McGreevey is a freelance writer covering cybersecurity, national security, VC deals, and investing.