[BreachExchange] 21 Biggest Cybercriminal Busts Of 2016

Inga Goddijn inga at riskbasedsecurity.com
Wed Dec 28 17:44:14 EST 2016


http://www.darkreading.com/attacks-breaches/21-biggest-cybercriminal-busts-of-2016/d/d-id/1327792

This year has been a major wake-up call to security pros as cyberattacks
grew larger and more dangerous. Now, hackers are learning their actions
come with hefty consequences. Cybercriminals are starting to spend more
time in the courtroom -- and behind bars -- as law enforcement cracks down
on crime.

Officials recently arrested five more people in connection with the
Avalanche botnet, which came crashing down in an international takedown
operation
<http://www.darkreading.com/threat-intelligence/avalanche-botnet-comes-tumbling-down-in-largest-ever-sinkholing-operation/d/d-id/1327618>.
Since 2009, Avalanche had been used for money muling schemes, malware
spread, and communication among botnets. In early December, the botnet met
its end in the "largest-ever use of sinkholing to combat botnet
infrastructures," as stated by Europol. Officials arrested five people, and
seized, sinkholed, or blocked 800,000 domains, as part of the takedown.

The Avalanche botnet crash was among the largest security events of 2016, a
year of news stories on major cyberattacks and the arrests of individuals
and groups behind them. Many hackers were arrested and/or sentenced for
crimes conducted in 2016 and years prior.

We're hoping for some more positive headlines in 2017. In the meantime, we
take a look back on some of the biggest and most interesting security busts
of this year.
First Hacker Arrested for Cyber-Terror Arrives In Court, Gets 20 Years

Ardit Ferizi is a Kosovo citizen who was arrested in late 2015
<http://www.darkreading.com/attacks-breaches/first-cyberterror-charges-doj-accuses-hacker-of-giving-military-pii-to-isis/d/d-id/1322691>
for hacking and providing material support to a terrorist group, marking
the first time the US charged someone with a cyber terror crime. He was
suspected of providing ISIS with stolen data on about 100,000 people,
including 1,350 US government and military personnel.

Ferizi first appeared
<http://www.darkreading.com/vulnerabilities---threats/first-hacker-arrested-for-cyberterror-charges-arrives-in-american-court/d/d-id/1324133>
in American court in February 2016, at which time he faced a maximum
sentence of 35 years. He was later sentenced in October to 20 years
<http://www.ibtimes.com/who-ardit-ferizi-kosovo-hacker-helped-isis-american-military-details-gets-20-years-us-2421264>
in a US prison.

Man Admits To Laundering $19.6M In Hacking, Telecom Fraud Scam

In February 2016, Muhammad Sohail Qasmani admitted to laundering
<http://www.darkreading.com/attacks-breaches/man-admits-to-laundering-$196-million-in-hacking-telecom-fraud-scam/d/d-id/1324296>
over $19.6 million in support of an international hacking and telecom fraud
scheme. Hackers compromised businesses' PBX systems and reprogrammed unused
phone extensions, which were used to call phony premium numbers controlled
by criminals.

The conspiracy to commit wire fraud, to which Qasmani pleaded guilty,
carried a maximum penalty of 20 years in prison and a $250,000 fine.
Details of his sentencing were not released.

Hospital Hacktivist Arrested In Miami After Failed Escape Attempt

Martin Gottesfeld, an alleged member of Anonymous, was arrested
<http://www.darkreading.com/careers-and-people/hospital-hacktivist-arrested-in-miami-after-failed-escape-attempt-/d/d-id/1324365>
in February and charged with conspiracy for his role in a hacktivist attack
on Boston Children's Hospital. Gottesfeld and his wife were on a boat near
the Cuban coast when they sent a distress signal and were picked up by a
Disney Cruise ship. He was arrested when they returned to port in Miami.

A conspiracy charge carries a maximum sentence of five years in prison,
three years supervised release, and a fine of $250,000, plus restitution.
Gottesfeld was indicted in October for one count each of hacking and
conspiracy.

DOJ Charges 3 Syrian Electronic Army (SEA) Hackers

The US Department of Justice charged
<http://www.darkreading.com/cloud/doj-charges-3-syrian-electronic-army-%28sea%29-hackers-/d/d-id/1324808>
Amad Umar Agha, Firas Dardar, and Peter Romar in March 2016 for several
cyberattacks on US military and media agency websites. For years, suspects
conducted phishing attacks to break into privileged accounts.

All three were members of the Syrian Electronic Army (SEA), a hacking
organization in support of Syrian President Bashar al-Assad. Romar pleaded
guilty <http://www.bbc.com/news/technology-37517891> in September to
charges of helping the SEA extort cash from victims. The FBI is offering up
to $100,000 for information on the locations of accomplices Dardar and
Agha, both of whom are on the Most Wanted Cyber list.

DOJ Indicts 7 Iranian Hackers For Attacks On US Banks And NY Dam

In March 2016, the US Department of Justice indicted
<http://www.darkreading.com/cloud/doj-indicts-7-iranian-hackers-for-attacks-on-us-banks-and-new-york-dam/d/d-id/1324834>
seven Iranian hackers with security companies working for the Iranian
government. The hackers allegedly conducted DDoS attacks against major US
financial companies three years ago; one was charged with hacking a server
at a New York dam.

Experts called the incidents a "wake-up call" on the threat of
cybersecurity to our nation's infrastructure, as this marked the first time
the US charged state-sponsored actors with hacking US industry networks.
The Iranian defendants could face up to 10 years in prison on charges of
conspiracy to commit and aid and abet in computer hacking. Hamid Firoozi
could face an additional five years for hacking a protected machine at the
Bowman Dam in Rye, N.Y.
9 Years Prison, $1.7 Million Fine For Malicious Insider

Anastasio Laoutaris, formerly an IT engineer for Locke Lord LLP, was
sentenced
<http://www.darkreading.com/operations/9-years-prison-$17-million-fine-for-malicious-insider-/d/d-id/1325166>
to 115 months in prison and a hefty $1.697 million fine for a cyberattack
against his former employer. It was a major punishment for the malicious
insider.

In 2011, four months after his employment there ended, Laoutaris broke into
Locke Lord's systems and issued commands that caused "significant damage"
to its network. The commands deleted or disabled hundreds of user accounts,
desktop and laptop accounts, and email accounts. He was convicted with 2
counts of intentionally accessing a computer network without authorization,
and intentionally entering malicious code.
SpyEye Creators Sentenced To Long Prison Terms

The creators of the SpyEye banking Trojan were handed long prison sentences
<http://www.darkreading.com/endpoint/spyeye-creators-sentenced-to-long-prison-terms/d/d-id/1325221>
in April 2016. SpyEye strains infected over 50 million computers and stole
personally identifiable information, banking data, and funds, causing
nearly $1B in financial harm to people and businesses around the world.

Developer Aleksandr Andreevich Panin received nine years and six months in
prison, plus three years of probation, even though he did not profit from
the scheme. Hamza Bendelladj did profit, and he was sentenced to 15 years
in prison and three years probation.

Their sentences demonstrate how hackers can still be heavily punished for
developing and distributing code, but profiting from malicious activity can
lead to longer terms in prison.

Ukranian Pleads Guilty To Stealing Press Releases For Insider Trading

In May 2016, securities trader Vadym Iermolovych pleaded guilty
<http://www.darkreading.com/vulnerabilities---threats/ukrainian-pleads-guilty-to-stealing-press-releases-for-insider-trading/d/d-id/1325550>
to stealing and using unpublished press releases for insider trading.
Official charges included conspiracy to commit wire fraud, conspiracy to
commit computer hacking, and aggravated identity theft.

Iermolovych and his collaborators made $30 million over the course of a
five-year operation, the largest known incident of hacking and securities
fraud as of May 2016. Nine people were charged
<http://www.darkreading.com/attacks-breaches/the-week-in-justice--3-confessions-2-convictions-and-2-years-for-two-hackers/d/d-id/1324430>
by authorities in August 2015, and three pleaded guilty over the following
months. Later, in August 2016, a Georgia man pleaded guilty
<http://www.darkreading.com/vulnerabilities---threats/georgia-man-pleads-guilty-to-hacking-insider-trading/d/d-id/1326484>
to committing wire fraud in the scheme. He is set to be sentenced this
month and could face up to 20 years in jail.

BEC Scam Mastermind Arrested By Interpol

Interpol arrested "Mike,"
<http://www.darkreading.com/vulnerabilities---threats/bec-scam-mastermind-arrested-by-interpol/d/d-id/1326471?>
a Nigerian national who conducted multiple Business Email Compromise (BEC),
419, and romance crimes, in June 2016. Mike collected more than $60 million
from businesses, including $15 million from a single victim, and worked
with accomplices in Nigeria, Malaysia, and South Africa.

Trend Micro and Nigeria's Economic and Financial Crime Commission (EFCC)
contributed to the arrest. Experts at Trend Micro were analyzing malware
used in BEC frauds when they discovered evidence in their
command-and-control composition that linked back to Mike. BEC scams have
caused more than $3B in loss this year, the company says. Employees are
targeted via email and tricked into transferring money.

Mike faces charges in Nigeria including hacking, conspiracy, and obtaining
money under false pretenses.

Chinese Hacker Gets US Prison Term For Military Data Theft

Su Bin, a Chinese man charged with conspiring to hack US military
information, was sentenced
<http://www.darkreading.com/attacks-breaches/chinese-hacker-gets-us-prison-term-for-military-data-theft/d/d-id/1326280>
to 46 months in prison and a $10,000 fine in July 2016. He collaborated
with Chinese military hackers to break into the networks of defense
contractors like Boeing, and steal sensitive information like military
aircraft designs.

Su Bin was arrested in July 2014 and pleaded guilty
<http://www.darkreading.com/attacks-breaches/chinese-national-pleads-guilty-in-us-defense-contractor-hacking-case-/d/d-id/1324859>
in March 2016. At that time, he faced a maximum sentence of five years in
prison and a $250,000 fine.

White-Hat Hacking Group Founder Arrested In China

In August 2016, the Chinese police arrested
<http://www.darkreading.com/vulnerabilities---threats/white-hat-hacking-group-founder-arrested-in-china/d/d-id/1326458>
nine senior members of the country's biggest "ethical hacking" group,
including founder Fang Xiaodun. Non-profit Wooyun consisted of 5,000
white-hat hackers who exposed system vulnerabilities in websites and warn
owners about flaws that could lead to attack.

The sudden arrests may have been related to legal or government problems.
Some said Wooyun may have broken into official networks without being
authorized to do so. Wooyun also gave owners 45 days
<http://blogs.wsj.com/chinarealtime/2016/08/01/chinas-white-hat-hackers-fear-dark-times-after-community-founder-is-detained/>
to respond to vulnerability reports, a controversial policy that may have
also had something to do with the crackdown.

Four Years In Jail For Man Charged In Romney Tax Return And Hack Scheme

Michael Mancil Brown was given a four-year jail sentence
<http://www.darkreading.com/attacks-breaches/four-years-in-jail-for-man-charged-in-romney-tax-return-and-hack-scheme/d/d-id/1326558>
for cybercrimes targeting former presidential candidate Mitt Romney, his
wife, and PricewaterhouseCoopers LLP. A US District Court found Brown
guilty of tax return extortion and wire fraud.

In 2012, the Department of Justice said Brown falsely claimed to hack the
PwC network and steal the tax return details of Mitt and Ann Romney prior
to 2010. He proceeded to send extortion letters demanding $1 million in
bitcoins as ransom for not releasing the documents, which were sent to the
Franklin offices of PwC, the Democratic party, the Republican party, and
Pastebin.com.

Russian Hacker Convicted of 38 Counts Related To PoS Hack Scheme

Russian cybercriminal Roman Valerevich Seleznev was convicted
<http://www.darkreading.com/endpoint/russian-hacker-convicted-of-38-counts-related-to-pos-hack-scheme/d/d-id/1326758?>
in August 2016 of 38 counts of wire fraud, identity theft, possession of
unauthorized access devices, and other charges. All related to his 4-year
scheme of hacking PoS devices to steal and sell credit card information
online.

Between October 2009 and October 2013, Seleznev stole data from retail
systems using malware he installed using a server he controlled in Russia.
When he was arrested in July 2014, his computer had more than 1.7 million
credit card numbers. Seleznev was set to be sentenced earlier this month
but there have been no updates on his sentence, which could run between 4
and 34 years in prison.

Israeli Teenagers Held For Allegedly Running Hacking Service

Two 18-year-old Israelis were arrested
<http://www.darkreading.com/careers-and-people/israeli-teenagers-held-for-allegedly-running-hacking-service-/d/d-id/1326880>
in September, suspected of running a service through which paying customers
could hack websites. Their service, vDos, allegedly cost between $30 and
$200 a month per attack. Over the course of two years, it was used for more
than 150,000 DDoS attacks and generated a reported $600,000.

Itay Huri and Yarden Bidani were arrested after security expert Brian Krebs
published an article about the brains behind vDos. Huri and Bidani each
posted $10,000 in bail.

Two teenagers Arrested For Alleged Cyberattack-For-Hire Services

Teenagers Zachary Buchta (Maryland) and Bradley Jan Willem van Rooy
(Netherlands) were arrested
<http://www.darkreading.com/attacks-breaches/two-teenagers-arrested-for-alleged-cyberattack-for-hire-services/d/d-id/1327112>
in October on suspicion of contributing to a hacking scheme involving DDoS
attacks, cyberattack-for-hire services, and trafficking stolen bank card
data. Both were allegedly part of the Lizard Squad and PoodleCorp hacking
groups.

Authorities first noticed the two while investigating complaints for
harassing phone calls. They found the website phonebomber.net, which was
controlled by the hacking group, and this led to the discovery of a larger
scam involving DDoS attacks on various businesses and stolen bank card data.

The conspiracy charge comes with a maximum prison term of 10 years.

Guccifer Sent Back To Romanian Prison

Marcel Lazar, otherwise known as Guccifer, was sentenced
<http://www.darkreading.com/careers-and-people/guccifer-sent-back-to-romanian-prison-/d/d-id/1327196>
to 52 months in prison for several advanced hacks in the US targeting
high-profile individuals like Colin Powell and Hillary Clinton advisor
Sidney Blumenthal. He exposed Clinton's use of a private server to send and
receive classified emails during her term as Secretary of State.

Lazar returned to Romania in October to complete a seven-year sentence from
an earlier crime. He had been extradited to the US in April to face felony
charges and will return to the US to serve his next sentence.

NSA Contractor Over 20 Years Stole More Than 50 Terabytes of Government Data

Harold Martin, formerly a contractor with the National Security Agency
(NSA), was arrested earlier this year for stealing classified data in what
could be the largest-ever case of insider theft. Martin was arrested for
stealing
<http://www.darkreading.com/threat-intelligence/nsa-contractor-over-20-years-stole-more-than-50-terabytes-of-govt-data-/d/d-id/1327254>
50 terabytes of electronic data, and six banker's boxes of print files, in
the 20 years he worked for the US government.

Much of the information was classified as Secret or Top Secret; some was
considered by the government to be key to national defense and security.
Martin's store of information dwarfs the amount of data taken by Edward
Snowden in 2013.

NullCrew Hacker Gets 45-Month Jail Term

Timothy Justen French, member of the NullCrew hacking group, was sentenced
<http://www.darkreading.com/careers-and-people/nullcrew-hacker-gets-45-month-jail-term-/d/d-id/1327368>
to 45 months in jail for a series of cyberattacks around the world.
Combined, his attacks against businesses, universities, and government
organizations cost $792,000 in financial damage.

A DoJ report says French exploited vulnerabilities in victims' computers,
then leaked their usernames, email accounts, and passwords, leaving them
open to fraud and identity theft.

178 Arrested In Money Mule Crackdown

Towards the end of November, Europol announced
<http://www.darkreading.com/careers-and-people/178-arrested-in-money-mule-crackdown/d/d-id/1327558>
it arrested 178 people associated with money mule operations being used to
launder payment card fraud and profits from cybercrime. This was the second
crackdown, or European Money Mule Action (EMMA), and was supported by 16
European countries in addition to the US Secret Service, FBI, and 106 banks
and private partners.
Russian Authorities Make Arrests In Wake Of Central Bank Cyberattack

Russian authorities arrested around 50 suspects
<http://www.darkreading.com/attacks-breaches/russian-authorities-make-arrests-in-wake-of-central-bank-cyberattack-/d/d-id/1327678>
in connection with a May cyberattack at its central bank, which involved
$19 million and hacks on third-party accounts. The arrests were the result
of collaboration by the Federal Security Service (FSB) and Interior
Ministry.

American Hacker Arrested For 2014 JP Morgan Chase Breach

Joshua Samuel Aaron was arrested
<http://www.darkreading.com/careers-and-people/american-hacker-arrested-for-2014-jp-morgan-chase-breach-/d/d-id/1327726>
earlier this month for allegedly orchestrating the 2014 JP Morgan Chase
breach, in addition to other criminal activity. Along with accomplice Gery
Shalon, Aaron has been charged with securities fraud, wire fraud, computer
hacking, and identity theft, as well as conspiracies to commit these crimes.

The DoJ states the two were behind cyberattacks against US financial
businesses, brokerage firms, and publishers of financial news. They are
suspected of the largest-ever theft of customer data from a US financial
company.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161228/bd711930/attachment.html>


More information about the BreachExchange mailing list