<div dir="ltr"><a href="http://www.darkreading.com/attacks-breaches/21-biggest-cybercriminal-busts-of-2016/d/d-id/1327792">http://www.darkreading.com/attacks-breaches/21-biggest-cybercriminal-busts-of-2016/d/d-id/1327792</a><br><p>This year has been a major wake-up call to security pros as
cyberattacks grew larger and more dangerous. Now, hackers are learning
their actions come with hefty consequences. Cybercriminals are starting
to spend more time in the courtroom -- and behind bars -- as law
enforcement cracks down on crime.</p>
<p>Officials recently arrested five more people in connection with the
Avalanche botnet, which came crashing down in an international <a href="http://www.darkreading.com/threat-intelligence/avalanche-botnet-comes-tumbling-down-in-largest-ever-sinkholing-operation/d/d-id/1327618" target="_blank">takedown operation</a>.
Since 2009, Avalanche had been used for money muling schemes, malware
spread, and communication among botnets. In early December, the botnet
met its end in the "largest-ever use of sinkholing to combat botnet
infrastructures," as stated by Europol. Officials arrested five people,
and seized, sinkholed, or blocked 800,000 domains, as part of the
takedown.</p>
<p>The Avalanche botnet crash was among the largest security events of
2016, a year of news stories on major cyberattacks and the arrests of
individuals and groups behind them. Many hackers were arrested and/or
sentenced for crimes conducted in 2016 and years prior.</p>
<p>We're hoping for some more positive headlines in 2017. In the
meantime, we take a look back on some of the biggest and most
interesting security busts of this year.</p><span class="gmail-docimagecaptiontext"><h2 style="text-align:left">First Hacker Arrested for Cyber-Terror Arrives In Court, Gets 20 Years </h2>
<p align="left">Ardit Ferizi is a Kosovo citizen who was <a href="http://www.darkreading.com/attacks-breaches/first-cyberterror-charges-doj-accuses-hacker-of-giving-military-pii-to-isis/d/d-id/1322691" target="_blank">arrested in late 2015</a>
for hacking and providing material support to a terrorist group,
marking the first time the US charged someone with a cyber terror crime.
He was suspected of providing ISIS with stolen data on about 100,000
people, including 1,350 US government and military personnel.</p>
<p align="left">Ferizi <a href="http://www.darkreading.com/vulnerabilities---threats/first-hacker-arrested-for-cyberterror-charges-arrives-in-american-court/d/d-id/1324133" target="_blank">first appeared</a>
in American court in February 2016, at which time he faced a maximum
sentence of 35 years. He was later sentenced in October to <a href="http://www.ibtimes.com/who-ardit-ferizi-kosovo-hacker-helped-isis-american-military-details-gets-20-years-us-2421264" target="_blank">20 years</a> in a US prison.</p><p align="left"><span class="gmail-docimagecaptiontext"></span></p><h2 style="text-align:left">Man Admits To Laundering $19.6M In Hacking, Telecom Fraud Scam</h2>
<p align="left">In February 2016, Muhammad Sohail Qasmani <a href="http://www.darkreading.com/attacks-breaches/man-admits-to-laundering-$196-million-in-hacking-telecom-fraud-scam/d/d-id/1324296" target="_blank">admitted to laundering</a>
over $19.6 million in support of an international hacking and telecom
fraud scheme. Hackers compromised businesses' PBX systems and
reprogrammed unused phone extensions, which were used to call phony
premium numbers controlled by criminals.</p>
<p align="left">The conspiracy to commit wire fraud, to which Qasmani
pleaded guilty, carried a maximum penalty of 20 years in prison and a
$250,000 fine. Details of his sentencing were not released.</p><p align="left"><span class="gmail-docimagecaptiontext"></span></p><h2 style="text-align:left">Hospital Hacktivist Arrested In Miami After Failed Escape Attempt</h2>
<p align="left">Martin Gottesfeld, an alleged member of Anonymous, <a href="http://www.darkreading.com/careers-and-people/hospital-hacktivist-arrested-in-miami-after-failed-escape-attempt-/d/d-id/1324365" target="_blank">was arrested</a>
in February and charged with conspiracy for his role in a hacktivist
attack on Boston Children's Hospital. Gottesfeld and his wife were on a
boat near the Cuban coast when they sent a distress signal and were
picked up by a Disney Cruise ship. He was arrested when they returned to
port in Miami.</p>
<p align="left">A conspiracy charge carries a maximum sentence of five
years in prison, three years supervised release, and a fine of $250,000,
plus restitution. Gottesfeld was indicted in October for one count each
of hacking and conspiracy.</p><p align="left"><span class="gmail-docimagecaptiontext"></span></p><h2 style="text-align:left">DOJ Charges 3 Syrian Electronic Army (SEA) Hackers</h2>
<p align="left">The US Department of Justice <a href="http://www.darkreading.com/cloud/doj-charges-3-syrian-electronic-army-%28sea%29-hackers-/d/d-id/1324808" target="_blank">charged</a>
Amad Umar Agha, Firas Dardar, and Peter Romar in March 2016 for several
cyberattacks on US military and media agency websites. For years,
suspects conducted phishing attacks to break into privileged accounts.</p>
<p align="left">All three were members of the Syrian Electronic Army
(SEA), a hacking organization in support of Syrian President Bashar
al-Assad. Romar <a href="http://www.bbc.com/news/technology-37517891" target="_blank">pleaded guilty</a>
in September to charges of helping the SEA extort cash from victims.
The FBI is offering up to $100,000 for information on the locations of
accomplices Dardar and Agha, both of whom are on the Most Wanted Cyber
list.</p><p align="left"><span class="gmail-docimagecaptiontext"></span></p><h2 style="text-align:left">DOJ Indicts 7 Iranian Hackers For Attacks On US Banks And NY Dam</h2>
<p align="left">In March 2016, the US Department of Justice <a href="http://www.darkreading.com/cloud/doj-indicts-7-iranian-hackers-for-attacks-on-us-banks-and-new-york-dam/d/d-id/1324834" target="_blank">indicted</a>
seven Iranian hackers with security companies working for the Iranian
government. The hackers allegedly conducted DDoS attacks against major
US financial companies three years ago; one was charged with hacking a
server at a New York dam.</p>
<p align="left">Experts called the incidents a "wake-up call" on the
threat of cybersecurity to our nation's infrastructure, as this marked
the first time the US charged state-sponsored actors with hacking US
industry networks. The Iranian defendants could face up to 10 years in
prison on charges of conspiracy to commit and aid and abet in computer
hacking. Hamid Firoozi could face an additional five years for hacking a
protected machine at the Bowman Dam in Rye, N.Y.<span class="gmail-docimagecaptiontext"></span></p><h2 style="text-align:left">9 Years Prison, $1.7 Million Fine For Malicious Insider</h2>
<p align="left">Anastasio Laoutaris, formerly an IT engineer for Locke Lord LLP, <a href="http://www.darkreading.com/operations/9-years-prison-$17-million-fine-for-malicious-insider-/d/d-id/1325166" target="_blank">was sentenced</a>
to 115 months in prison and a hefty $1.697 million fine for a
cyberattack against his former employer. It was a major punishment for
the malicious insider.</p>
<p align="left">In 2011, four months after his employment there ended,
Laoutaris broke into Locke Lord's systems and issued commands that
caused "significant damage" to its network. The commands deleted or
disabled hundreds of user accounts, desktop and laptop accounts, and
email accounts. He was convicted with 2 counts of intentionally
accessing a computer network without authorization, and intentionally
entering malicious code.</p></span><h2 style="text-align:left">SpyEye Creators Sentenced To Long Prison Terms</h2>
<p align="left">The creators of the SpyEye banking Trojan were handed <a href="http://www.darkreading.com/endpoint/spyeye-creators-sentenced-to-long-prison-terms/d/d-id/1325221" target="_blank">long prison sentences</a>
in April 2016. SpyEye strains infected over 50 million computers and
stole personally identifiable information, banking data, and funds,
causing nearly $1B in financial harm to people and businesses around the
world.</p>
<p align="left">Developer Aleksandr Andreevich Panin received nine years
and six months in prison, plus three years of probation, even though he
did not profit from the scheme. Hamza Bendelladj did profit, and he was
sentenced to 15 years in prison and three years probation.</p>
<p align="left">Their sentences demonstrate how hackers can still be
heavily punished for developing and distributing code, but profiting
from malicious activity can lead to longer terms in prison.</p>
<p align="left"><span class="gmail-docimagecaptiontext"></span></p><h2 style="text-align:left">Ukranian Pleads Guilty To Stealing Press Releases For Insider Trading</h2>
<p align="left">In May 2016, securities trader Vadym Iermolovych <a href="http://www.darkreading.com/vulnerabilities---threats/ukrainian-pleads-guilty-to-stealing-press-releases-for-insider-trading/d/d-id/1325550" target="_blank">pleaded guilty</a>
to stealing and using unpublished press releases for insider trading.
Official charges included conspiracy to commit wire fraud, conspiracy to
commit computer hacking, and aggravated identity theft.</p>
<p align="left">Iermolovych and his collaborators made $30 million over
the course of a five-year operation, the largest known incident of
hacking and securities fraud as of May 2016. Nine people <a href="http://www.darkreading.com/attacks-breaches/the-week-in-justice--3-confessions-2-convictions-and-2-years-for-two-hackers/d/d-id/1324430" target="_blank">were charged</a> by authorities in August 2015, and three pleaded guilty over the following months. Later, in August 2016, a Georgia man <a href="http://www.darkreading.com/vulnerabilities---threats/georgia-man-pleads-guilty-to-hacking-insider-trading/d/d-id/1326484" target="_blank">pleaded guilty</a> to committing wire fraud in the scheme. He is set to be sentenced this month and could face up to 20 years in jail.</p><p align="left"><span class="gmail-docimagecaptiontext"></span></p><h2 style="text-align:left">BEC Scam Mastermind Arrested By Interpol</h2>
<p align="left">Interpol <a href="http://www.darkreading.com/vulnerabilities---threats/bec-scam-mastermind-arrested-by-interpol/d/d-id/1326471?" target="_blank">arrested "Mike,"</a>
a Nigerian national who conducted multiple Business Email Compromise
(BEC), 419, and romance crimes, in June 2016. Mike collected more than
$60 million from businesses, including $15 million from a single victim,
and worked with accomplices in Nigeria, Malaysia, and South Africa.</p>
<p align="left">Trend Micro and Nigeria's Economic and Financial Crime
Commission (EFCC) contributed to the arrest. Experts at Trend Micro were
analyzing malware used in BEC frauds when they discovered evidence in
their command-and-control composition that linked back to Mike. BEC
scams have caused more than $3B in loss this year, the company says.
Employees are targeted via email and tricked into transferring money.</p>
<p align="left">Mike faces charges in Nigeria including hacking, conspiracy, and obtaining money under false pretenses.</p><p align="left"><span class="gmail-docimagecaptiontext"></span></p><h2 style="text-align:left">Chinese Hacker Gets US Prison Term For Military Data Theft</h2>
<p align="left">Su Bin, a Chinese man charged with conspiring to hack US military information, <a href="http://www.darkreading.com/attacks-breaches/chinese-hacker-gets-us-prison-term-for-military-data-theft/d/d-id/1326280" target="_blank">was sentenced</a>
to 46 months in prison and a $10,000 fine in July 2016. He collaborated
with Chinese military hackers to break into the networks of defense
contractors like Boeing, and steal sensitive information like military
aircraft designs.</p>
<p align="left">Su Bin was arrested in July 2014 and <a href="http://www.darkreading.com/attacks-breaches/chinese-national-pleads-guilty-in-us-defense-contractor-hacking-case-/d/d-id/1324859" target="_blank">pleaded guilty</a> in March 2016. At that time, he faced a maximum sentence of five years in prison and a $250,000 fine.</p><p align="left"><span class="gmail-docimagecaptiontext"></span></p><h2 style="text-align:left">White-Hat Hacking Group Founder Arrested In China</h2>
<p align="left">In August 2016, the Chinese police <a href="http://www.darkreading.com/vulnerabilities---threats/white-hat-hacking-group-founder-arrested-in-china/d/d-id/1326458" target="_blank">arrested</a>
nine senior members of the country's biggest "ethical hacking" group,
including founder Fang Xiaodun. Non-profit Wooyun consisted of 5,000
white-hat hackers who exposed system vulnerabilities in websites and
warn owners about flaws that could lead to attack.</p>
<p align="left">The sudden arrests may have been related to legal or
government problems. Some said Wooyun may have broken into official
networks without being authorized to do so. Wooyun also gave owners <a href="http://blogs.wsj.com/chinarealtime/2016/08/01/chinas-white-hat-hackers-fear-dark-times-after-community-founder-is-detained/" target="_blank">45 days</a> to respond to vulnerability reports, a controversial policy that may have also had something to do with the crackdown.</p><p align="left"><span class="gmail-docimagecaptiontext"></span></p><h2 style="text-align:left">Four Years In Jail For Man Charged In Romney Tax Return And Hack Scheme</h2>
<p align="left">Michael Mancil Brown was given a <a href="http://www.darkreading.com/attacks-breaches/four-years-in-jail-for-man-charged-in-romney-tax-return-and-hack-scheme/d/d-id/1326558" target="_blank">four-year jail sentence</a>
for cybercrimes targeting former presidential candidate Mitt Romney,
his wife, and PricewaterhouseCoopers LLP. A US District Court found
Brown guilty of tax return extortion and wire fraud.</p>
<p align="left">In 2012, the Department of Justice said Brown falsely
claimed to hack the PwC network and steal the tax return details of Mitt
and Ann Romney prior to 2010. He proceeded to send extortion letters
demanding $1 million in bitcoins as ransom for not releasing the
documents, which were sent to the Franklin offices of PwC, the
Democratic party, the Republican party, and Pastebin.com.</p><p></p><p></p><p></p><p></p><p></p><span class="gmail-docimagecaptiontext"></span><p></p><p align="left"><span class="gmail-docimagecaptiontext"></span></p><h2 style="text-align:left">Russian Hacker Convicted of 38 Counts Related To PoS Hack Scheme</h2>
<p align="left">Russian cybercriminal Roman Valerevich Seleznev <a href="http://www.darkreading.com/endpoint/russian-hacker-convicted-of-38-counts-related-to-pos-hack-scheme/d/d-id/1326758?" target="_blank">was convicted</a>
in August 2016 of 38 counts of wire fraud, identity theft, possession
of unauthorized access devices, and other charges. All related to his
4-year scheme of hacking PoS devices to steal and sell credit card
information online.</p>
<p align="left">Between October 2009 and October 2013, Seleznev stole
data from retail systems using malware he installed using a server he
controlled in Russia. When he was arrested in July 2014, his computer
had more than 1.7 million credit card numbers. Seleznev was set to be
sentenced earlier this month but there have been no updates on his
sentence, which could run between 4 and 34 years in prison.</p><p align="left"><span class="gmail-docimagecaptiontext"></span></p><h2 style="text-align:left">Israeli Teenagers Held For Allegedly Running Hacking Service</h2>
<p align="left">Two 18-year-old Israelis <a href="http://www.darkreading.com/careers-and-people/israeli-teenagers-held-for-allegedly-running-hacking-service-/d/d-id/1326880" target="_blank">were arrested</a>
in September, suspected of running a service through which paying
customers could hack websites. Their service, vDos, allegedly cost
between $30 and $200 a month per attack. Over the course of two years,
it was used for more than 150,000 DDoS attacks and generated a reported
$600,000.</p>
<p align="left">Itay Huri and Yarden Bidani were arrested after security
expert Brian Krebs published an article about the brains behind vDos.
Huri and Bidani each posted $10,000 in bail.</p><p align="left"><span class="gmail-docimagecaptiontext"></span></p><h2 style="text-align:left">Two teenagers Arrested For Alleged Cyberattack-For-Hire Services</h2>
<p align="left">Teenagers Zachary Buchta (Maryland) and Bradley Jan Willem van Rooy (Netherlands) <a href="http://www.darkreading.com/attacks-breaches/two-teenagers-arrested-for-alleged-cyberattack-for-hire-services/d/d-id/1327112" target="_blank">were arrested</a>
in October on suspicion of contributing to a hacking scheme involving
DDoS attacks, cyberattack-for-hire services, and trafficking stolen bank
card data. Both were allegedly part of the Lizard Squad and PoodleCorp
hacking groups.</p>
<p align="left">Authorities first noticed the two while investigating
complaints for harassing phone calls. They found the website
<a href="http://phonebomber.net">phonebomber.net</a>, which was controlled by the hacking group, and this led
to the discovery of a larger scam involving DDoS attacks on various
businesses and stolen bank card data.</p>
<p align="left">The conspiracy charge comes with a maximum prison term of 10 years.</p><p align="left"><span class="gmail-docimagecaptiontext"></span></p><h2 style="text-align:left">Guccifer Sent Back To Romanian Prison</h2>
<p align="left">Marcel Lazar, otherwise known as Guccifer, <a href="http://www.darkreading.com/careers-and-people/guccifer-sent-back-to-romanian-prison-/d/d-id/1327196" target="_blank">was sentenced</a>
to 52 months in prison for several advanced hacks in the US targeting
high-profile individuals like Colin Powell and Hillary Clinton advisor
Sidney Blumenthal. He exposed Clinton's use of a private server to send
and receive classified emails during her term as Secretary of State.</p>
<p align="left">Lazar returned to Romania in October to complete a
seven-year sentence from an earlier crime. He had been extradited to the
US in April to face felony charges and will return to the US to serve
his next sentence.</p><p align="left"><span class="gmail-docimagecaptiontext"></span></p><h2 style="text-align:left">NSA Contractor Over 20 Years Stole More Than 50 Terabytes of Government Data</h2>
<p align="left">Harold Martin, formerly a contractor with the National
Security Agency (NSA), was arrested earlier this year for stealing
classified data in what could be the largest-ever case of insider theft.
Martin was arrested <a href="http://www.darkreading.com/threat-intelligence/nsa-contractor-over-20-years-stole-more-than-50-terabytes-of-govt-data-/d/d-id/1327254" target="_blank">for stealing</a> 50 terabytes of electronic data, and six banker's boxes of print files, in the 20 years he worked for the US government.</p>
<p align="left">Much of the information was classified as Secret or Top
Secret; some was considered by the government to be key to national
defense and security. Martin's store of information dwarfs the amount of
data taken by Edward Snowden in 2013.</p><p align="left"><span class="gmail-docimagecaptiontext"></span></p><h2 style="text-align:left">NullCrew Hacker Gets 45-Month Jail Term</h2>
<p align="left">Timothy Justen French, member of the NullCrew hacking group, <a href="http://www.darkreading.com/careers-and-people/nullcrew-hacker-gets-45-month-jail-term-/d/d-id/1327368" target="_blank">was sentenced</a>
to 45 months in jail for a series of cyberattacks around the world.
Combined, his attacks against businesses, universities, and government
organizations cost $792,000 in financial damage.</p>
<p align="left">A DoJ report says French exploited vulnerabilities in
victims' computers, then leaked their usernames, email accounts, and
passwords, leaving them open to fraud and identity theft.</p><p align="left"><span class="gmail-docimagecaptiontext"></span></p><h2 style="text-align:left">178 Arrested In Money Mule Crackdown</h2>
<p align="left">Towards the end of November, <a href="http://www.darkreading.com/careers-and-people/178-arrested-in-money-mule-crackdown/d/d-id/1327558" target="_blank">Europol announced</a>
it arrested 178 people associated with money mule operations being used
to launder payment card fraud and profits from cybercrime. This was the
second crackdown, or European Money Mule Action (EMMA), and was
supported by 16 European countries in addition to the US Secret Service,
FBI, and 106 banks and private partners.</p><h2 style="text-align:left">Russian Authorities Make Arrests In Wake Of Central Bank Cyberattack</h2>
<p align="left">Russian authorities arrested around <a href="http://www.darkreading.com/attacks-breaches/russian-authorities-make-arrests-in-wake-of-central-bank-cyberattack-/d/d-id/1327678">50 suspects</a>
in connection with a May cyberattack at its central bank, which
involved $19 million and hacks on third-party accounts. The arrests were
the result of collaboration by the Federal Security Service (FSB) and
Interior Ministry.</p><p align="left"><span class="gmail-docimagecaptiontext"></span></p><h2 style="text-align:left">American Hacker Arrested For 2014 JP Morgan Chase Breach</h2>
<p align="left">Joshua Samuel Aaron <a href="http://www.darkreading.com/careers-and-people/american-hacker-arrested-for-2014-jp-morgan-chase-breach-/d/d-id/1327726">was arrested</a>
earlier this month for allegedly orchestrating the 2014 JP Morgan Chase
breach, in addition to other criminal activity. Along with accomplice
Gery Shalon, Aaron has been charged with securities fraud, wire fraud,
computer hacking, and identity theft, as well as conspiracies to commit
these crimes.</p>
<p align="left">The DoJ states the two were behind cyberattacks against
US financial businesses, brokerage firms, and publishers of financial
news. They are suspected of the largest-ever theft of customer data from
a US financial company.</p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p></div>