Cybercrime activity. PHOTO: Cybercrime Magazine.

Hack Blotter, Vol. 3, No. 2: Cybercriminal Arrests And Convictions

Morag McGreevey

Toronto, ON. – Jul. 18, 2019

Q2 2019 saw significant arrests, charges, and sentences for cybercriminals across the globe. International law enforcement made great strides towards breaking down several cybergangs, including the NozGym Cybercrime Network, the Wall Street Market, and a group known as the Community.

There were also new developments with regard to older hacking cases. The U.S. laid new charges against WikiLeaks founder Julian Assange under the Espionage Act, and a San Francisco court found Yevgeny Nikulin, a Russian man alleged to be behind one of the largest data breaches in U.S. history, mentally competent to stand trial. However, these developments were rarely straightforward or uncontroversial. For example, Nikulin was subject to a separate ruling in the Czech Republic’s highest court, which found that Nikulin’s rights were violated when he was extradited to the U.S. before a separate asylum case was finalized.

Read on to learn about these, and other major developments, in cybercrime this quarter.

RAP SHEET

June

Jun. 26. Five men and one woman were arrested on suspicion of running cryptocurrency scams which have netted them €24 million in bitcoin. The suspects were arrested in their homes in the United Kingdom and the Netherlands as the result of a 14-month joint operation between Europol, Eurojust, the UK’s National Crime Agency, South West Regional Cyber Crime Unit, as well as Dutch police. 

Jun. 24. Israeli Police arrested two brothers, Eli and Assaf Gigi, for allegedly perpetrating a multi-year phishing scheme and participating in a 2016 hack of Bitfinex. The two allegedly stole over $100 million in cryptocurrency.

Jun. 20. An Ecuadorean judge ordered that Ola Bini, a 36-year-old Swedish software developer and personal friend of WikiLeaks founder Julian Assange, be freed. This came two months after he was detained for alleged participation in a hacking attempt on the government.

Jun. 14. Spanish police have arrested 35 people allegedly involved in an international counterfeit bank card ring that laundered its profits using bitcoin.

Jun. 14. Australian police arrested a man accused of masterminding a hacking operation into government networks. Dean Poot, 28, was arrested at his home in a joint operation between Australian Federal Police and the Victoria Police E-Crime squad.

Jun. 14. Indian officials arrested seven Nigerian nationals accused of duping 4,727 people from across India on the pretext of providing income tax returns. The accused allegedly hacked into bank accounts, mobile and personal data of the victim, got access to their accounts and transferred money.

Jun. 13. British Home Secretary Sajid Javid officially signed an extradition order to send WikiLeaks founder Julian Assange to the United States.

Jun. 11. The Federal Bureau of Investigation is chasing the founder of cryptocurrency mining marketplace NiceHash over an alleged plot to create and distribute malware through major dark web forum Darkode.

Jun. 10. Daniel Kelley was sentenced to four years in jail over the £77 million TalkTalk cyberattack, amongst other cyberattacks.

Jun. 10. Eight years after U.S. law enforcement opened a case in the operations of the Mariposa malware gang, officials are now moving forward with new charges and arrest warrants against four suspects.

Jun. 10. Internet entrepreneur Kim Dotcom and three of his former colleagues took their fight against being extradited to the U.S. to New Zealand’s Supreme Court.

Jun. 9. A U.S. federal court in Washington, D.C. has unsealed an indictment charging an America, a Spaniard and two Slovenians with racketeering and conspiracy to commit wire fraud and bank fraud through Darkode, a major computer hacking forum.

Jun. 8. An American man is facing federal charges in a hacking spree that authorities say netted him hundreds of thousands of dollars in Kohl’s Cash. Authorities say Richard Gordon sold users Kohl’s Cash coupon codes, turning a profit of nearly $100,000.

Jun. 5. Despite an arrest being made, the Carbanak cybercriminal group appears to still be in action. While the leader of the group was apprehended in Alicante, Spain, earlier this year, spear-phishing campaigns appear to have continued subsequent to the arrest.

Jun. 4. Mexican authorities arrested a group of hackers known as the “Bandidos Revolutions Team,” which infiltrated Mexico’s domestic financial transfer system. The hackers allegedly stole between 100 million and 300 million pesos (between $5.2 million and $15.7 million) per month.

Jun. 4. A Swedish court rejected a request to arrest and detain WikiLeaks founder Julian Assange, halting, for now, an extradition attempt by Swedish prosecutors over a recently reopened rape investigation from 2010. Swedish prosecutors say they will proceed to question Assange while in British detention instead. The decision could make possible extradition to the U.S. easier, where Assange faces numerous counts of violating the Espionage Act.

May

May 31. A U.S. judge ordered that Yevgeny Nikulin, a Russian man extradited from the Czech Republic and charged in one of the largest data breaches in U.S. history, is mentally competent to stand trial. The ruling concludes a months-long process of psychiatric evaluations.

May 30. An Indian man was arrested for helping others hack into several people’s bank accounts and possessing a country-made pistol. The accused, Ramesh Kawaria, is suspected to be part of a larger gang that hacks into people’s bank accounts by buying copies of their ID proofs from various agencies.

May 23. Julian Assange has been charged with an 18-count indictment that supersedes his previous charge. The United States is alleging that Assange conspired with, and “aided and abetted,” Chelsea Manning to remove U.S. classified documents.

May 19. Defiant Tech Inc., the company behind the LeakedSource.com portal, plead guilty to criminal charges, according to a press release from the Royal Canadian Mounted Police.

May 16. Authorities from the U.S., Georgia, Ukraine, Moldova, Germany, Bulgaria, Europol and Eurojust announced the GozNym Cybercrime Network takedown.

May 16. Cyber mastermind Alexander Konovolov and alleged accomplice, Marat Kazandjian, are being prosecuted in Georgia for their alleged part in the GozNym network.

May 16. New details emerged regarding the arrest of Michael Phan of Tel Aviv and Yonatan Fingel of Ashdod. The two were arrested by a Tel Aviv cybercrime unit on the day that the U.S. Justice Department unsealed a grand jury indictment against Phan and his alleged accomplice Tal Prihar, who was also arrested on May 6 in Paris. Prihar and Phan were charged with money laundering conspiracy.

May 15. Deputies from the Los Angeles County Sheriff’s Department’s Fraud & Cyber Crimes Bureau, in collaboration with Homeland Security Investigations Special Agents, arrested Reyad Gafar Abbas on conspiracy to commit wire fraud, wire fraud and identity theft charges. He was one of nine people indicted as part of a multinational hacking group known as “The Community.”

May 11. Michael Terpin, a prominent cryptocurrency advocate and founder of Marketwire, was awarded a whopping $75.8 million civil judgment against SIM Swap perpetrator Nicholas Truglia.

May 10. The United States Department of Justice released a fifteen-count indictment that charges a hacking group labeled “The Community” with SIM swapping in order to steal cryptocurrencies.

May 9. Two Chinese hackers have been charged in the massive 2015 data breach of health insurer Anthem that impacted more than 78 million people.

May 8. Two Israeli citizens are accused of facilitating online sales of illicit drugs and guns in exchange for nearly $15.5 million worth of bitcoin kickbacks. U.S. Attorney Scott W. Brady described the case as “the single most significant law enforcement disruption of the Darknet to date.”

May 6. A Ukrainian man was arrested in the Netherlands and extradited to the U.S., where he was arraigned in front of a New Jersey judge to face charges of orchestrating malvertising campaigns for almost five years. According to court documents, Oleksii Ivanov has been behind multiple fake companies and shipped over 100 million bad ads to users all across the world.

May. 4. The F.I.A. Cyber Crime Wing arrested 10 people, including the ringleaders of an international group involved in stealing the data of credit and debit cards by hacking the security system of banks.

May 3. German police announced that three men were being held in custody as part of an international investigation into the illegal online operation named “Wall Street Market,” which was shut down this week.

May 2. Cambodian police arrested a Chinese national for allegedly hacking a bank account of a Chinese company, where he was employed, and stealing about $50,000 before disappearing.

May 1. WikiLeaks founder Julian Assange was sentenced to 50 weeks in jail for a 2012 bail breach offense in the U.K.

April

 Apr. 30. Maria Butina, the only Russian arrested and convicted in the three-year investigation of Moscow’s interference in U.S. politics, called her conviction absurd and a “disgrace” for American justice. The 30-year-old was sentenced to 18 months in prison.

Apr. 29. “It is the United States’ position that putting Huawei or any other untrustworthy vendor in any part of the 5G telecommunications network is a risk,” said Robert Strayer, deputy assistant secretary for cyber, international communications and information policy at the State Department. The U.S. will rethink cooperation with allies who use Huawei due to suspicions about Chinese hacking and spying threats.

Apr. 26. British culture minister Jeremy Wright said that he could not rule out a criminal investigation over the “unacceptable” disclosure of confidential discussions on the role of China’s Huawei Technologies in 5G network supply chains. Huawei, the world’s biggest producer of telecoms equipment, is under intense scrutiny after the United States told allies not to use its technology because of fears it could be a vehicle for Chinese spying.

Apr. 24. Britain is set to toughen the rules under which Huawei Technologies Co. operates in the country. The measures, designed to address concerns that Chinese intelligence could use Huawei’s systems to spy on other countries, are expected to involve closer state oversight and may restrict the vendor from some sensitive parts of the U.K.’s telecom networks.

Apr. 19. Marcus Hutchins, the British hacker who stopped the spread of the WannaCry ransomware worm created by North Korea, has taken a plea deal, admitting guilt in the U.S. to unrelated hacking charges.

Apr. 18. A U.S. federal judge sentenced a Macedonian man responsible for creating and operating a now-defunct hub for the collection and sale of stolen information on credit card accounts — called Codeshop — to 90 months in prison. The sentence for Djevair Ametovski, also known as “xhevo” and “sindrom,” concluded an eight-year investigation and prosecution by the U.S. Secret Service and the U.S. Attorney’s Office for the Eastern District of New York.

Apr. 16. A Russian hacker allegedly at the center of the theft of financial data of more than 80 million JPMorgan Chase & Co. clients is in negotiations with U.S. prosecutors to avoid a trial. Andrei Tyurin, who was arrested in the Republic of Georgia and extradited to the U.S. last September, is accused of having performed key tasks in the hack of JPMorgan and about a dozen other companies.

Apr. 12. Two Romanian nationals have been convicted by a U.S. federal jury for their roles in stealing more than $4 million from victims by creating a botnet of more than 400,000 PCs through custom-designed malware called Bayrob.

Apr. 12. Czech President Miloš Zeman has welcomed the nation’s Constitutional Court ruling striking down a March 2018 order to extradite suspected Russian hacker Yevgeniy Nikulin to the United States.

Apr. 12. Police in Ecuador have arrested Swedish programmer and digital privacy activist Ola Bini for allegedly trying to destabilize the Ecuadorian government by “collaborating” with WikiLeaks. Bini was arrested at Quito Airport in Ecuador on his way to Japan.

Apr. 11. British police arrested WikiLeaks founder Julian Assange at the Ecuadorian embassy in London. This move was made in response to a U.S. extradition request on charges that he aided the hacking of classified material on U.S. government computers in 2010.

Apr. 10. A former agent of Russia’s Federal Security Service has been sentenced to six years in maximum-security prison on charges of treason in the agency’s worst scandal in recent history. Ex-FSB operative Dmitry Dokuchayev was the last of four high-profile figures to receive treason sentences. All four were arrested in Russia in December 2016 shortly after the U.S. accused Russia of trying to influence its presidential election through hacking.

Apr. 9. The Czech Republic’s highest court says a former justice minister violated the rights of an alleged Russian hacker Yevgeniy Nikulin by allowing his extradition to the U.S. before a separate asylum case was finalized.

Apr. 9. 24-year-old cyber-criminal Zain Qaiser, who blackmailed computer users worldwide, has been jailed for six years for his role with what U.K. investigators described as one of the most sophisticated cybercrime groups they have ever investigated.

Apr. 3. U.S. Secret Service agents arrested Chinese woman Yujing Zhang at President Trump’s private Mar-a-Lago resort. The woman, a Chinese citizen, lied to investigators and had a thumb drive containing malware in her possession at the time of her arrest.

Apr. 2. Zammis Clark, of Bracknell, England, received a 15-month jail sentence after he pleaded guilty to five counts of computer hacking, including gaining access to unauthorized programs and data and uploading malicious software.

Apr. 2. A U.S. court upheld the 27-year prison sentence of Russian computer hacker Roman Seleznev, who was extradited to the United States while on vacation with his family in the Maldives to face charges he stole credit card numbers and millions of dollars. Seleznev claimed the U.S. government kidnapped him when he was finally arrested.

Hack Blotter Archives

Morag McGreevey is a freelance writer covering cybersecurity, national security, VC deals, and investing.