Cybercrime activity. PHOTO: Cybercrime Magazine.

Hack Blotter, Vol. 4, No. 3: Cybercriminal Arrests And Convictions

The convergence of cybersecurity and law enforcement

Steve Morgan, Editor-in-Chief

Sausalito, Calif. – Oct. 1, 2020

Q3 saw several high-profile arrests, charges, extraditions and sentences for cybercriminals. Perhaps most notably Russian national Yevgeniy Nikulin was found guilty of hacking LinkedIn and Formspring in a pair of 2012 data breaches, and was sentenced to seven years in prison. During the sentencing hearing, Judge William Alsup remarked: “This is a hard one because when he returns [to Russia] I think he will return to being a hacker again. But we can’t just lock him up and throw away the key.”

Read on to learn more about Nikulin’s trial, and other key cybercrime prosecutions in the most recent quarter.

September

Sep. 30. Roughly 8 years after he infiltrated U.S. social media companies LinkedIn and Formspring, Yevgeniy Nikulin, who stole credentials belonging to 100 million Americans, was found guilty and sentenced to 7 years in prison.

Sep. 30. Indian police arrested a 15-member gang of cybercriminals who were hacking the Facebook accounts of the police officers and making money by sending requests for money to the persons in their friends lists.

Sep. 25. The Polish authorities announced the arrest of four suspected hackers as part of a coordinated strike against cybercrime. This operation was carried out by the Polish Police Centre Bureau of Investigation (Centralne Biuro Śledecze Policji) under the supervision of the Regional Prosecutor’s Office in Warsaw (Prokuratura Regionalna w Warszawie), together with the cybercrime departments of provincial police headquarters and Europol.

Sep. 24. Cybercrime detectives have arrested 15 men in connection with online child sex crimes following two-week operation in Bradford, UK.

Sep. 23. Law enforcement agencies from around the globe have cracked down on dozens of purveyors of illegal goods on the dark web. No fewer than 179 vendors of illicit goods have been handcuffed in an operation dubbed DisrupTor, which comprised several separate but complementary operations and was the result of a collective effort mostly by North American and European authorities. Europe’s law enforcement agency, Europol, lauded the success of the raids in a press release.

Sep. 23. A 22-year old man stood trial in the German state of Hesse, accused of having illegally obtained and shared the personal data of several politicians and prominent figures. The man was charged with data spying, theft and falsification, as well as blackmail, after supposedly gaining access to 73 cases of personal data, including telephone numbers, credit cards, addresses, photos and chat-logs between August 2015 and January 2019.

Sep. 22. A British man questioned over the alleged hacking of Pippa Middleton’s iCloud account has been sentenced to five years in jail in an unrelated case. Nathan Francis Wyatt, who was part of a hacking group called The Dark Overlord, was sentenced for helping the group steal information from several companies in the U.S., including in Missouri, Illinois and Georgia. The 39-year-old pleaded guilty in federal court to conspiring to commit aggravated identity theft and computer fraud, and was ordered to pay $1.5 million dollars in restitution.

Sep. 18. Attorney General Jeff Landry’s Cyber Crime Unit arrested a Louisiana man for internet crimes against children. Dathan McMilleon, 31 of Mer Rouge, was arrested on 100 counts of pornography involving juveniles under the age of 13 (possession), 4 counts of pornography involving juveniles under the age of 17 (possession), and 2 counts of sexual abuse of an animal.

Sep. 17. Five alleged members of the APT41 threat group have been indicted by a federal grand jury, in two separate actions that were unsealed this week. APT41 is known for nation-state-backed cyber-espionage activity as well as financial cybercrime. The Department of Justice alleges that the group “facilitated the theft of source code, software code-signing certificates, customer-account data and valuable business information,” which in turn “facilitated other criminal schemes, including ransomware and cryptojacking.”

Sep. 17. The United States Department of Justice has confirmed the indictment and arrest of two Malaysian businessmen for allegedly conspiring with Chinese hackers in running global hacking operations. Wong Ong Hua, 46, and Ling Yang Ching, 32, were nabbed in Sitiawan by Malaysian authorities, after the U.S. District Court for the District of Columbia issued arrest warrants for the duo.

Sep. 16. The U.S. has filed charges and is seeking the arrest of two Iranian nationals believed to have carried out cyber-intrusions at the behest of the Iranian government and for their own personal financial gain. In an indictment, prosecutors accused Hooman Heidarian and Mehdi Farhadi of launching cyber-attacks against a wide range of targets since at least 2013.

Sep. 16. Federal prosecutors unsealed charges against five Chinese citizens that officials say appear linked to Chinese intelligence, accusing them of hacking more than 100 companies in the U.S. and overseas, including social-media firms, universities and telecommunications providers.

Sep. 11. A 34-year-old man was arrested in Dublin in connection with an ongoing Garda investigation targeting international criminal organizations committing cyber frauds in Ireland. Detectives from the Garda National Economic Crime Bureau (GNECB) carried out an operation in the city, during which the man was arrested.

Sep. 8. Operatives from Nigeria’s National Bureau of Investigation have arrested several Nigerian nationals suspected of being behind the P167-million cyber heist on the United Coconut Planters Bank perpetrated during the June 12 Independence Day long weekend. The raid was made by government law enforcement agents on a condominium unit in Muntinlupa City after several days of sleuthing at the behest of the highest authorities of the Department of Finance.

Sep. 8. Four Nigerians have been arrested in the Philippines for their alleged involvement in the hacking and diversion of funds from banks. In a statement from the National Bureau of Investigation’s Cybercrime Division chief, it was alleged that the four Nigerians violated the Access Device Law, Anti-Cybercrime law, and falsification of public documents.

Sep. 8. The FBI reportedly foiled an attempt by a team of Russian hackers to extort millions from Elon Musk’s Tesla factory in Sparks, Nevada. The hackers had allegedly offered a member of staff employed at Tesla’s Gigafactory a $1 million bribe to install trojan horse spyware on the company’s computer systems. Instead of accepting the bribe, the employee proceeded to notify the FBI of the intended crime.

Sep. 3. The Royal Canadian Mounted Police laid charges against two people who were allegedly behind cyberattacks against three major Canadian companies in 2017 and 2018. The charges stem from online security breaches reported by Canadian Tire Corp., the Bank of Montreal and Simplii Financial, a unit of the Canadian Imperial Bank of Commerce, where tens of thousands of customers had their personal and account information electronically stolen. 

August

Aug. 30. Online intelligence firm Cyble said that a cybercrime group demanded ransom after gaining unrestricted access to the entire databases of Paytm Mall, although the e-commerce platform denied the claims. Cyble said the cybercrime group with the alias “John Wick” was able to upload a backdoor/Adminer on Paytm Mall application/website, although a Paytm Mall spokesperson said that the claims are “absolutely false.”

Aug. 27. According to a Justice Department civil forfeiture complaint, North Korean hackers stole millions of dollars from virtual currency accounts and then laundered the stolen funds in hopes of making the crime untraceable. The complaint, filed in Washington’s federal court, seeks the forfeiture of 280 virtual currency accounts.

Aug. 26. The U.S. Department of Justice announced charges against a Russian citizen who traveled to the U.S. to recruit and convince an employee of a Nevada company to install malware on their employer’s network in exchange for $1,000,000. According to court documents, Egor Igorevich Kriuchkov, a 27-year-old Russian, was identified as a member of a larger criminal gang who planned to use the malware to gain access to the company’s network, steal sensitive documents, and then extort the victim company for a large ransom payment.

Aug. 26. Indian police arrested two men who launched an over the top (OTT) media service to circulate obscene video contents in the name of adult movies shot illegally, across 22 countries, and have named a Pakistan resident for alleged involvement in the crime. Three other accused were arrested by police on August 10. Seven other accused are absconding. All of them have been booked under section 66 and 67 of Information Technology Act, 2000, said police.

Aug. 25. Merseyside Police have arrested, and subsequently released under investigation, a fifteen-year-old boy under the suspicion of hacking into a number of PayPal accounts in the UK earlier this year. The arrest was made under the Computer Misuse Act 1990 and Merseyside Police have advised all PayPal users to set up two-factor authentication on their accounts to prevent cybercriminals from taking over their accounts.

Aug. 20. A Brisbane accountant has been charged with multiple money laundering offenses over her alleged involvement in a “relentless” email scam worth more than $3 million. The 65-year-old Carina woman has been accused of being a “money mule” for hackers who had fraudulently gained access to the email accounts of businesses.

Aug. 20. The former Uber security chief has been charged for ‘paying hackers $100,000 to cover up a data breach’ that exposed email and phone numbers of 57 million drivers and passengers. Federal prosecutors on Thursday charged Joe Sullivan, 52, with obstructing justice and concealing a felony over a 2016 hack.

Aug. 19. Bitcoin exchange Binance has revealed it joined forces with Ukrainian police to take down a cybercrime gang thought to be responsible for laundering $42 million in cryptocurrencies. First announced by the Cyberpolice of Ukraine back in June, the raid led to the arrest of three residents from the Poltava region. They have been accused of laundering the funds via 20 online cryptocurrency exchanges over the 2018-19 period.

Aug. 18. Law enforcement in Ukraine announced the arrest of a cybercrime gang who ran 20 cryptocurrency exchanges where they laundered more than $42 million in funds for criminal groups. The group, which authorities said had three members, has been operating from Ukraine’s Poltava region since 2018.

Aug. 13. An Australian court has sentenced a woman to two years in prison over charges of stealing 100,000 XRP tokens in January 2018. Authorities said she hacked into the email of a 56-year-old man with whom she shared her surname. After locking him out of his email account for two days, she allegedly stole all his XRP tokens. The victim reported the crime to the local police, leading to the first arrest of a digital currency thief months later.

Aug. 6. The U.S. Department of State is offering up to $10 million as a reward for information on foreign interference in U.S. elections. Part of the department’s Rewards for Justice Program, the initiative is open to anyone who can provide information “leading to the identification or location of any person who works with or for a foreign government for the purpose of interfering with U.S. elections through certain illegal cyber activities.”

Aug. 5. A Web-streamed court hearing for the 17-year-old alleged mastermind of the July 15 mass hack against Twitter (referenced immediately below) was cut short after mischief-makers injected a pornographic video clip into the proceeding. The incident occurred at a bond hearing held via the videoconferencing service Zoom by the Hillsborough County, Fla. criminal court in the case of Graham Clark.

Aug. 4. A 30-year-old Moldovan national pleaded guilty in a U.S. court to participation in a transnational cybercrime organization that caused more than half a billion dollars in losses, the U.S. Department of Justice said on Friday. The organization victimized millions worldwide in one of the “largest cyberfraud enterprises ever prosecuted by the Department of Justice,” the statement said.

Aug. 3. The Minister of Internal Affairs of Belarus announced the arrest of a 31-year-old man on charges of distributing the GandCrab ransomware. The man, whose name was not released, was arrested in Gomel, a small city in southeastern Belarus, at the intersection with the Russian and Ukraine border.

July 

Jul. 31.  Two teens and a man in his early 20s have been arrested for cyberattack on high-profile Twitter users that took place in mid-July. The three males are Mason Sheppard (aka “Chaewon”), 19, of Bognor Regis in the UK, Nima Fazeli (aka “Rolex”), 22, of Orlando, Florida, and a 17-year-old boy from Tampa, Florida.

Jul. 27. A London court abandoned a hearing into the U.S. government’s request to extradite WikiLeaks founder Julian Assange to the U.S. after the 48-year-old was unable to appear by video link to the court.

Jul. 24. The U.S. State Department is offering rewards of up to $1 million for information that could lead to the arrest and conviction of two Ukrainian nationals who allegedly hacked the Security and Exchange Commission’s EDGAR system server in 2016.

Jul. 21. The Justice Department announced charges against two suspected Chinese hackers who allegedly targeted U.S. companies conducting COVID-19 research. The 11-count indictment accuses the defendants, Li Xiaoyu and Dong Jiazhi, of conducting a hacking campaign that has targeted companies, nongovernmental organizations as well as Chinese dissidents and clergy in the United States and around the world.

Jul. 20. An alleged cybercriminal has become the first Cypriot national to be extradited from the Republic of Cyprus to the United States. Joshua Polloso Epifaniou, a 21-year-old who is wanted in two U.S. states, was arrested in Cyprus in February 2018. A five-count indictment filed in the Northern District of Georgia charges Epifaniou with conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud and identity theft, and extortion related to a protected computer.

Jul. 15. Six persons have been arrested in connection with the hacking of a universal bank in Ghana, which led to the illegal transfer of ¢46 million into accounts of eight persons in different banks. The Cyber Crime Unit of the Criminal Investigations Department (CID) of the Ghana Police Service arrested a former banker and owner of Adom Sika Savings and Loans Limited, Sam Acquah, and a web developer, James Taylor, believed to be the masterminds of the cybercrime.

Jul. 13. The U.S. Secret Service created the Cyber Fraud Task Forces (CFTF), aimed at preventing, detecting and mitigating complex cyber-enabled financial crime — including making arrests and convictions. The CFTF is the result of a formal merging of two of the Secret Service’s existing units into a single unified network.

Jul. 11. A jury found Russian hacker Yevgeniy Nikulin guilty for breaching the internal networks of LinkedIn, Dropbox, and Formspring back in 2012 and then selling their user databases on the black market. The jury verdict was passed on Friday during what was the first trial to be held in California since the onset of the COVID-19 pandemic.

Jul. 8. Prosecutors tied up their case against Yevgeniy Nikulin, a Russian man accused of hacking tech companies LinkedIn, Dropbox and Formspring in 2012.

Jul. 10. A Nigerian man (known online as ‘Hushpuppi’) accused of multimillion-dollar fraud and money laundering by the United States was kidnapped by the FBI from Dubai, alleged his lawyer.

Jul. 7. An Indonesian man has been arrested for allegedly attacking more than 1,000 websites using malicious ransomware for personal gain. The 24-year-old suspect, identified by initials A.D.C., has attacked websites belonging to judicial institutions, regional department offices, state agencies and universities, National Police spokesman Insp. Gen. Argo Yuwono said in Jakarta.

Jul. 7. Two weeks after a cybersecurity firm released the identity of an alleged hacker from Kazakhstan, federal authorities in Seattle unsealed a 2018 indictment charging the man with an array of computer crimes. Andrey Turchin, known in hacking circles as “fxmsp,” and his accomplices ran a prolific hacking ring that attacked hundreds of victims, including government agencies, schools, banks and luxury hotel chains on six continents, the indictment said.

Jul. 5. A Northern Irish man who has a previous conviction for hacking is facing criminal charges in Alaska for his alleged involvement in cyberattacks in America. A U.S. court unsealed an indictment and arrest warrant for Aaron Sterritt, 20, who is alleged to have used the aliases Vamp and Viktor while participating with two others in a massive distributed denial-of-service (DDoS) attack, by creating an army of botnets.

Jul. 4. Nigerian social-media celebrity Hushpuppi was extradited to the U.S. from Dubai to face fraud charges. Ramon Olorunwa Abbas was flown to Chicago and appeared in court the following day. He faces criminal charges “alleging he conspired to launder hundreds of millions of dollars from ‘business email compromise’ (BEC) frauds and other scams,” the DOJ said Friday.

Jul. 3. Police arrested more than 800 people across Europe after shutting down an encrypted phone system used by organized crime groups to plot murders and drug deals. French and Dutch police hacked into the EncroChat network so they could read millions of messages “over the shoulders” of suspects as they communicated with custom-made devices. Britain said it had arrested 746 people as a result of the operation in what it called a “massive breakthrough” against organized crime.

Hack Blotter Archives

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.