06 Apr Hack Blotter, Vol. 4, No. 1: Cybercriminal Arrests And Convictions
The convergence of cybersecurity and law enforcement
– Steve Morgan, Editor-in-Chief
Sausalito, Calif. – Apr. 2, 2020
The first quarter of 2020 was busy for cybercriminals and law enforcement alike, as both sought to assert dominance over the Wild West of cyberspace. There was a global crackdown on hacking and cybertheft. Indeed, even Russian authorities (who notoriously turn a blind eye to cybercrime) arrested more than two dozen people as part of a law enforcement operation against an alleged network of illicit websites where users bought and sold stolen payment cards and personal data.
Read on to learn about this story, and other cybersecurity investigations, arrests, and convictions from the past quarter.
March
Mar. 30. FBI agents have arrested a Russian citizen accused of laundering money for a cybercriminal gang that allegedly stole funds from a range of U.S. banks. A complaint against Maksim Boiko alleges that he worked with a transnational organized crime group, called QQAAZZ, by converting stolen money into cryptocurrency.
Mar. 28. As part of their unusual crackdown on hacking, Russian authorities allegedly arrested Alexey Stroganov, also known as “Flint.” Stroganov was caught back in 2006 and sentenced to six years in prison alongside his associate Gerasim Selivanov, but the two were set free after two years. Selivanov was also arrested as part of this week’s bust.
Mar. 25. Russian authorities arrested more than two dozen people as part of a law enforcement operation against an alleged network of illicit websites where users bought and sold stolen payment cards and personal data. The Federal Security Service (FSB) apprehended 25 people, including Russians and foreign nationals, for their alleged roles in a digital identity theft ring.
Mar. 25. Former WikiLeaker-in-chief Julian Assange made a legal bid to be released on bail from HM Prison Belmarsh in southeast London because, he said, he was at increased risk from the virus currently tearing through the UK. District Judge Vanessa Baraitser ruled that he would not be released, even temporarily. Baraitser is presiding over Assange’s wider attempts to avoid extradition to the U.S. over allegations that he helped ex-U.S. Army intelligence analyst Chelsea Manning hack various U.S. government agencies as well as committing espionage on the U.S.
Mar. 25. Several cybercrime gangs have promised to halt their attacks on healthcare organizations during the ongoing coronavirus epidemic. Other ransomware operators said they would be offering free decryption services for healthcare organizations that mistakenly become encrypted.
Mar. 24. The suspected Russian hacker Kirill Victorovich Firsov, who allegedly ran DEER.IO, a platform where hackers could buy and sell stolen personal information, is slated to be extradited to San Diego.
Mar. 16. Europol, along with local police in Spain, Romania and Austria, arrested about two dozen alleged members of two criminal gangs that are accused of stealing millions in euros from bank accounts in several countries by using SIM swapping techniques to steal credentials and passwords.
Mar. 14. U.K. Police reported that Robert Field, 38, of Loughborough, England, was sentenced for 28 counts of causing a computer to perform a function to secure unauthorized data and one count of securing unauthorized access to computer material. Robert Field was arrested back in June 2018 when the Essex Police’s Cyber Crime Team and local officers arrested Field after they received information that he was hacking Apple iCloud accounts.
Mar. 12. An Arizona teenager could be sentenced to more than 600 years in prison after allegedly hacking into a computer and stealing thousands of indecent images of children. Cameron Charles Brush is accused of gaining unauthorized access to a 17-year-old girl’s social media account and stealing sexually explicit images of her. Brush then allegedly threatened to publish the stolen images online unless the victim sent him nude photographs.
Mar. 11. Dutch prosecutor Thijs Berger alleged that there are “strong indications” Russia wants to undermine investigations in the MH17 case. He explained that there was evidence Russian intelligence agents attempted to hack into the computers of Malaysian and Dutch investigations into the downing of Malaysia Airlines Boeing 777. The plane was shot down with a Russian-made Buk missile by pro-Russian rebels in eastern Ukraine, resulting in the death of 298 civilians. Two-thirds of the victims were Dutch.
Mar. 11. Tokyo police arrested two men for alleged possession of NEM, a cryptocurrency, that they knew was stolen in a massive cyberattack on a Japanese startup in 2018.
Mar. 9. The FBI arrested a Russian national believed to be behind Deer.io, a Shopify-like platform that hosts online stores where hackers advertise and sell hacked accounts and stolen user information. The suspect, named Kirill Victorovich Firsov, was arrested at the John F. Kennedy Airport, in New York.
Mar. 6. Yevgeniy Nikulin, a Russian national accused of breaching computer systems at LinkedIn, DropBox and Formspring in 2010, will be going to trial in the U.S. District Court in San Francisco. He has pleaded not guilty to the charges against him.
Mar. 4. Prosecutors in the U.S. have charged two Chinese nationals for allegedly laundering money stolen during a cyberattack on a virtual currency exchange by North Korean hackers. A U.S. Department of Justice indictment, unsealed on Monday, accuses Tian Yinyin and Li Jiadong, known by their online aliases “Snowsjohn” and “Khaleesi,” of laundering more than US$100 million in proceeds from a heist at a cryptocurrency exchange carried out by the mysterious Pyongyang-linked Lazarus Group in 2018.
Mar. 2. According to the government of Kenya, Kenyans spreading fake alerts about coronavirus on social media will be tracked down and arrested pursuant to the Computer and Cybercrime Act. Government spokesman Cyrus Oguna said that “it is criminal to spread such malicious and alarmist statements through social and digital channels.” Sharing fake news and propagating hate speech attracts a Sh5 million fine or a two-year prison sentence, or both.
February
Feb. 29. A Taiwanese man who had been wanted for hacking into other people’s bank accounts returned home after spending 13 years hiding out in China. He was put into coronavirus quarantine. It is unknown whether the Wuhan coronavirus (COVID-19) outbreak played a part in his decision to leave the country.
Feb. 29. A Phillipean court dismissed the charges against a man who allegedly hacked and defaced the website of the Commission on Elections (Comelec) before the 2016 presidential elections. Judge Thelma Bunyi-Medina of the Regional Trial Court Branch 32 acquitted Paul Biteng of the charges of illegal access, data interference and misuse of devices under Republic Act 10175 or the Cybercrime Prevention Act of 2012.
Feb. 28. The investigation into allegations that someone tried to hack Georgia’s voter-registration system in 2018 has been completed by the Georgia Bureau of Investigation and sent to the state’s attorney general, a spokesperson for the department said.
Feb. 26. The FBI indicted Moulay O. Ishak for a May 2018 hack that took down Ticketfly’s servers. Ishak, who is believed to go by the hacker pseudonym IShAkDz, has not been arrested, although a warrant has been issued for his arrest. He is being charged with one felony count of extortion in relation to damage to a protected computer and one count of forfeiture.
Feb. 26. Finland’s customs agency has been struggling with what to do with a horde of bitcoin it fears could end up back in the hands of criminals if sold off. Customs confiscated a bitcoin trove following a successful bust of an online dark market in September 2016. Since then, it has been trying to offload the bitcoin. However, the agency fears that the cryptocurrency will be used for money laundering if released back into the market.
Feb. 21. The FBI arrested a man linked to former Rep. Katie Hill’s campaign for allegedly hacking one of Hill’s 2018 primary opponents. A criminal complaint charges Arthur Jan Dam with staging a series of cyberattacks in the run-up to the primary that crippled the target’s website, depriving the campaign of resources ahead of a loss to Hill.
Feb. 19. A lawyer for Julian Assange said that former Republican congressman Dana Rohrabacher, an ally of President Trump, made an offer to the WikiLeaks founder on behalf of Trump to pardon Assange in exchange for saying that Russia had nothing to do with the 2016 hack and leak of emails from the Democratic National Committee.
Feb. 17. Portuguese national Rui Pinto, 31, is set to stand trial accused of unlawfully accessing emails and leaking private details that led to financial fair play investigation into Manchester City FC’s finances. Pinto is said to have gained unauthorized access to email accounts of numerous European football clubs throughout Europe and subsequently shared information obtained from the emails to a German news agency. Prosecutors claim Pinto also created the website, Football Leaks, in order to share stolen information.
Feb. 12. The leader of the opposition British Labour Party, Jeremy Corbyn, asked the UK Prime Minister, Boris Johnson, to stop the eventual extradition of WikiLeaks founder Julian Assange to the United States. Corbyn made the call during the traditional weekly appearance of the head of Government before Parliament, to answer questions from legislators, and in which he criticized the current extradition treaty between London and Washington.
Feb. 10. An MSP employee was arrested for trying to sell information that would allow hackers to take over the cloud servers of Atlanta-based Chimera Technologies. “I’m selling access to an MSP,” Marquavious D. Britt allegedly wrote as “w0zniak” in a post to Torum, a dark web forum popular with hackers. He boasted that he had access to Chimera’s virtual private servers, which included customers such as law offices, accountants, and a pharmaceutical company.
Feb. 10. The U.S. Department of Justice announced charges against four Chinese military-backed hackers in connection with carrying out the 2017 cyberattack against Equifax, a consumer credit reporting agency. The intrusion led to the largest known theft of personally identifiable information ever carried out by state-sponsored actors.
Feb. 7. The English Football Association (FA) has closed an investigation into allegations that employees of Liverpool hacked into Manchester City’s scouting system. The incident stretches back to 2013 when Liverpool employees are alleged to have hacked a player database used by City scouts.
Feb. 6. Three alleged cybercriminals in Adelaide and Sydney, Australia have been accused of stealing more than $11 million by hacking into businesses and modifying payroll, superannuation and credit card details.
Feb. 4. Federal prosecutors in Virginia have taken the unusual step of conducting a public search for victims of a Russian national whose website facilitated more than $20 million in credit card fraud. Aleksei Burkov of St. Petersburg, Russia, pleaded guilty last month in U.S. District Court in Alexandria to fraud, money laundering and other charges. He will be sentenced in May.
Feb. 4. In an interview with BBC, alleged computer hacker Lauri Love has said he was “actively to acutely suicidal” when facing extradition to the U.S. after being accused of stealing data from U.S. agencies including the FBI, the Federal Reserve and NASA computer systems.
Feb. 3. Indian police arrested an ATM hacker from the Dharmanagar area. The arrested man has been identified as 23-year-old Sunny Buddy, originally a resident of Haryana. He was arrested while he tried to swap an ATM card from an SBI ATM counter.
January
Jan. 31. 21-year-old California man Ryan Hernandez pleaded guilty in U.S. District Court in Seattle to federal crimes related to his computer hacking scheme and his possession of child pornography found on his digital devices.
Jan. 30. Three men have been arrested in the UK in connection with the €13 million cyber-heist at Bank of Valletta in February last year. The breakthrough in the investigation into the audacious hacking was announced in a statement by the UK’s National Crime Agency. Hackers were able to access BOV systems and move the money into foreign accounts before some of the cash was spent on high-end goods.
Jan. 27. Aleksei Burkov, a Russian hacker once described as “an asset of supreme importance” to Moscow, has pleaded guilty in a U.S. court to running a site that sold stolen payment card data and to administering a highly secretive crime forum.
Jan. 27. Portuguese hacker Rui Pinto has taken responsibility for disclosing hundreds of thousands of files revealing how billionaire Isabel dos Santos, daughter of Angola’s former president, built a vast business empire, his lawyers said. The hacker handed over a hard drive “containing all data related to the recent revelations concerning Ms Isabel Dos Santos’s fortune” to a whistle-blowing organisation in 2018.
Jan. 25. The Indonesian National Police, in a joint press conference with Interpol and cybersecurity firm Group-IB, announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers. Dubbed “Operation Night Fury,” the investigation was led by Interpol’s ASEAN Cyber Capability Desk.
Jan. 24. A Russian national pleaded guilty to running a website that helped people commit more than $20 million in credit-card fraud. Aleksei Burkov, 29, of St. Petersburg, Russia, entered the plea to charges including fraud and money laundering in a federal court in Alexandria. He was extradited to the U.S. from Israel in November over the objection of Russian officials.
Jan. 23. Greece’s Council of State ruled for the extradition to France of Alexander Vinnik, an alleged hacker and former operator of now-shuttered crypto exchange BTC-e.
Jan. 21. Brazilian federal prosecutors have charged Glenn Greenwald with violating the country’s cybersecurity laws. According to a 95-page complaint, Greenwald was part of the “criminal organization” that hacked into the phones of several public officials and prosecutors in 2019. The charges come after Greenwald’s website published multiple reports that exposed unethical behavior from some of Brazil’s highest public officials.
Jan. 17. A Portuguese judge ruled that prosecutors have enough evidence incriminating Rui Pinto for him to stand trial. Prosecutors accuse Pinto of attempted extortion and hacking into secret information held by Sporting Lisbon and the Portuguese soccer federation, including financial dealings. He is also accused of illegal access to confidential data held on computers at the Portuguese attorney general’s office.
Jan. 17. A teenager from Montreal, Canada, is facing four criminal charges in connection with a $50m SIM-swapping scam that targeted two renowned Canadian blockchain experts. Eighteen-year-old hacker Samy Bensaci is accused of being part of a crime ring that stole millions of dollars in cryptocurrency by gaining unauthorized access to the cell phones of cryptocurrency holders in America and Canada.
Jan. 17. Two men were arrested in the Netherlands and Northern Ireland under suspicion of trying to sell 12 billion usernames and passwords online. The website WeLeakInfo.com was later shut down by the FBI.
Jan. 13. In the midst of the impeachment investigation into President Donald Trump, Russian hackers attacked the Ukrainian gas company linked to the inquiry. Researchers at Area 1, a security company run by a former National Security Agency official, said Russian hackers sent phishing emails to subsidiaries of Burisma Holdings to try to penetrate the Ukrainian energy company.
Jan. 13. A man who participated in a scheme to break into the UK’s National Lottery website and hijack customer accounts has been jailed for nine months. According to the UK’s National Crime Agency, Anwar Batson, from Notting Hill, London, provided others with help and tuition to compromise the lottery’s operator, Camelot.
Jan. 9. Virgil Griffith, the Ethereum developer arrested after allegedly traveling to North Korea to speak at a cryptocurrency conference, has been indicted. Court documents show that Griffith is being charged with one count of conspiracy to violate the International Emergency Economic Powers Act.
Jan. 8. A Romanian man was sentenced to 10 years in federal prison for his role in a sophisticated, decade-long malware and hacking operation that netted him and his colleagues millions of dollars. Chief U.S. District Judge Patricia Gaughan gave Tiberiu Danet half the prison time she imposed on his co-defendants because of the level of cooperation Danet gave to the federal government.
Jan. 7. A UK man was sentenced to two years in prison for infecting at least three female victims with malware and then watching and recording victims via their webcams. Scott Cowley, 27, of St. Helens, a town northwest of Liverpool, was arrested as part of an international law enforcement operation that cracked down on users who bought Imminent Monitor, a malware strain sold online since 2013, and disguised as a remote administration tool.
– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.
Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.
