Cybersecurity Wins: January 2018

It seems like another new phishing attack or ransomware strain is always waiting just around the corner. But it’s good to recognize the successes happening in the battle against cyber theft, cyber espionage, and social engineering, and that many of the criminals involved are being brought to justice. Here are some highlights of cybersecurity wins from the last few months of 2017.

‘Game of Thrones’ Hacker Indicted

In November, the US Department of Justice charged Behzad Mesri with hacking HBO’s system and attempting to extort the network for $6 million in Bitcoin. Previously a hacker for the Iranian military, Mesri has been indicted on a variety of charges, from wire fraud and computer hacking to extortion and identity theft.

The HBO hack caught the attention of the general public last summer, when Mesri stole scripts and plot summaries for upcoming Game of Thrones episodes. He also leaked unaired episodes of other popular HBO shows, such as Curb Your Enthusiasm, and compromised employee email accounts, according to Vanity Fair.

Although charged, Mesri — who went by the hacker pseudonym “Skote Vahshat” — is not in US custody. “Mesri now stands charged with federal crimes, and although not arrested today, he will forever have to look over his shoulder until he is made to face justice,” said acting Manhattan US Attorney Joon H. Kim.
 

WannaCry Hero Still on the Hook for Hacking

While some disagree as to whether North Korea was behind the WannaCry ransomware, it is clear that British researcher Marcus Hutchins effectively stopped the attacks in May by activating a kill switch that prevented the virus from spreading. But that goodwill hasn’t erased his hacking past.

While Hutchins has been praised for stopping WannaCry, he was arrested three months later by the FBI, accused of helping to create and distribute the banking trojan Kronos in 2014. Hutchins has pleaded not guilty to the charges against him and does not yet have a trial date, according to a December BuzzFeed News article.
 

Andromeda Botnet Shut Down, Belarus Man Arrested

In December, “one of Eastern Europe’s most prolific cybercriminals” was arrested as part of an operation to shut down the Andromeda botnet, according to Reuters. The man was arrested by national police in Belarus in cooperation with Europol and an international cadre of law enforcement agencies; he has been described as the creator and administrator of the long-running malware network.

Swedish-American cybersecurity firm Recorded Future claims that the man arrested in Belarus is the hacker “Ar3s,” or Sergei Yarets, who has been prominent in the Russian-speaking cybercrime underground since 2004.

What do our cybersecurity experts think is ahead for phishing and other threats in 2018? 

Canadian Used Phishing to Crack Gmail Passwords for Russia’s FSB

In November, Karim Baratov pleaded guilty to US federal conspiracy and identity theft charges, admitting that he cracked Gmail passwords of government officials on behalf of a person who turned out to be an officer with Russia’s Federal Security Service (FSB).

According to the Daily Beast, Canadian citizen Baratov “primarily used phishing attacks that tricked users into entering their passwords into a fake password reset page, and he maintained a fleet of look-alike web addresses for Gmail, Russia’s Mail.Ru, and other webmail providers.”

Baratov is also accused of working with three Russian nationals to compromise 500 million Yahoo accounts in 2014.
 

Maryland Hacker-for-Hire Pleads Guilty

Zachary Buchta faces up to 2.5 years in prison after pleading guilty in December to one count of conspiracy to damage protected computers, according to the Chicago Tribune. Arrested in 2016, Buchta has been charged with shutting down the networks of gaming companies and “phone-bombing” victims as part of hacker groups Lizard Squad and PoodleCorp.

Buchta’s plea deal includes paying $350,000 in restitution to two online gambling companies he helped victimize.
 

Russian Carding Kingpin Receives Second Sentence

Roman Seleznev, already serving a 27-year sentence for cybercrime, has received an additional 14-year sentence for credit card and identity theft conspiracy, according to KrebsOnSecurity. The two sentences will be served concurrently.

Seleznev is known by his hacker nicknames “nCux” and “Bulba,” and enjoyed a lavish lifestyle prior to his 2014 arrest. The laptop found with him contained more than 1.7 million stolen credit card numbers, according to the US Department of Justice. Seleznev is thought to have earned tens of millions of dollars from his fraudulent activities.
 

Student Hacked School System to Change Grades

Trevor Graves, a former University of Iowa student, was arrested in October and charged with hacking into the school’s system to change grades. From 2015 to 2016, Graves allegedly used a keylogger to compromise the information of approximately 250 faculty, staff, and students, according to SC Magazine. The keylogger, which was discovered in 2017, is believed to have given Graves the access he needed to escalate his privileges and change grades within the school’s computer system.
 

Affiliates of Chinese Cybersecurity Firm Indicted

In November, three people were indicted for hacking into the networks of Siemens, Trimble, and Moodys Analytics, according to Reuters. The three defendants — Wu Yingzhuo, Dong Hao and Xia Lei — are allegedly “owners, employees, and associates” of a Chinese cybersecurity firm, Guangzhou Bo Yu Information Technology Company. The three used spear phishing emails and malware to gain access to “confidential business and commercial information, work product, and sensitive employee information.”
 

Romanians Arrested for Spreading Ransomware

Romanian authorities arrested five people in December in connection with CTB-Locker and Cerber file-encrypting ransomware. The CTB-Locker operators used a ransomware-as-a-service business model; they collected a 30% commission on the extortion but didn’t actually develop the software.

An international group of investigators is still searching for those responsible for building the software and others involved in spreading it.
 

IoT Botnet Co-Creators Plead Guilty

Two men have pleaded guilty for their roles in developing and using Mirai malware, which was created to enslave Internet of Things (IoT) devices for use in large-scale attacks against websites and networks. Paras Jha and Josiah White would target organizations with DDoS attacks and then either extort them or try to sell the companies services to help fend off the attacks.

Mirai “is responsible for coordinating some of the largest and most disruptive online attacks the internet has ever witnessed,” according to security blogger Brian Krebs. Jha and White also pleaded guilty to using the botnet to conduct click fraud.
 

Chinese National Charged with Providing Sakula Malware

In August, Yu Pingan of Shanghai was arrested in Los Angeles, accused of providing the Sakula malware linked to the theft of millions of American government security clearance records. The US Department of Justice claims Yu was part of a group that used Sakula to attack a series of American companies, according to Reuters and CNBC. The same malware was also involved in US Office of Personnel Management hacks discovered in 2014 and 2015.