Cyber Security Wins: February 2015

The latest installment in this series highlights recent arrests, convictions, and other activities related to the war against cyber theft, cyber espionage, and social engineering scams. (Catch up on previous cyber security wins by reviewing our December 2014 report.) 

18-Year-Old Arrested in UK in Connection with December DDoS Attacks on Sony, Microsoft

On January 16, several media outlets reported the arrest of an 18-year-old male near Liverpool as part of a joint UK and U.S. investigation into the Christmas distributed denial of service (DDoS) attacks against Sony Playstation and Microsoft Xbox online networks. The individual — reportedly a member of the “Lizard Squad” attack-for-hire service — was also suspected of active participation in several fake hostage and bomb threat reports, an illegal activity known as “swatting.”

Other members of the Lizard Squad were also identified prior to this arrest, according to Krebs on Security. UK police arrested 22-year-old Vincent Omari in late December, and 17-year-old Julius Kivimӓki was questioned by authorities in Finland. Sources suspect, however, that the core members of the Lizard Squad remain at large.
 

Silk Road’s ‘Right-Hand Man’ Arrested by Federal Agents

Brian Richard Farrell, a 26-year-old hacker known as “DoctorClu,” was arrested by U.S. federal agents in January. The resident of Bellevue, Washington, is said to have been the second in command for Silk Road 2.0, the infamous Darknet source for illegal drugs and hacking tools.

Silk Road 2.0 has been the target of intense international investigations. Ross Ulbrict, the original operator of Silk Road, and Blake Benthall, the “next in line,” were already in custody at the time of Farrell’s arrest. Investigators allege that Farrell — who is believe to be Benthall’s right-hand man — was running Silk Road 2.0 out of his home. A raid of the property turned up $35,000 in cash; silver bullion bars worth $3,900; and computers, prescription drugs, and drug paraphernalia.
 

Criminal Mastermind Will Be Extradited to U.S. for Trial

In late January, following a lengthy extradition proceeding, a Dutch court ruled that Vladimir Drinkman, one of America’s most wanted cybercriminals, will be forced to stand trial in the U.S. If convicted, he faces up to 30 years in prison.

The 34-year-old is allegedly one of the masterminds of an immense worldwide hacking and data breach scheme that resulted in hundreds of millions of dollars in losses and the theft of more than 160 million credit card numbers. He is also accused of taking part in other attacks, including hacking the electronic stock exchange Nasdaq, as well as cyber-­heists that victimized 7-Eleven, the Hannaford Brothers supermarket chain, Visa, Dow Jones, and Jet Blue. 
 

Israeli Police, FBI Arrest Man Suspected of Stealing IP from Madonna, Other Artists

In late January, Israeli police arrested a resident of Tel-Aviv who is suspected of stealing intellectual property (IP) from Madonna and several other artists. According to police, the man leaked unreleased songs and sold other materials online, including photos, song ideas and sketches, and other personal and professional property.

Wired.com reported that the man, identified as 39-year-old Adi Lederman, is an aspiring singer himself and that his capture was the result of a joint investigation by the FBI, the internet crime unit of Israel’s anti-fraud police, and an Israeli private investigator.
 

Singapore Hacker ‘The Messiah’ Sentenced to 56 Months

James Raj Arokiasamy, a hacker whose online handle is “The Messiah,” pleaded guilty to 39 of 161 charges made against him and was ultimately sentenced to 56 months in prison for computer misuse and drug consumption. The Singapore native was accused of hacking into web servers of Fuji Xerox, Standard Chartered Bank, pop singer Sun Ho, and several government agencies.

In addition to the charges, Arokiasamy — who identified himself a member of hactivist group Anonymous — posted an online video in October 2013 in which he claimed the group would “go to war” with the Singapore government.
 

Japanese Hacker Sentenced for Hijacking Computers, Framing Users

Former IT professional Yusuke Katayama, 32, was sentenced to an eight-year prison term for hijacking a number of personal computers and subsequently sending malicious messages, including death threats, a false report of a bomb on a Japan Airlines flight, and the promise of a mass-killing spree.

His actions led to the wrongful arrest of four of the unsuspecting owners of the hijacked computers, two of whom were reportedly coerced into giving false confessions. The case, which dated back to 2012, cast a negative light on Japanese authorities’ handling of the incidents as well as their ability to investigate cybercrimes. 
 

19-Year-Old Nevada Hacker Arrested on Swatting Charges

Las Vegas police arrested 19-year-old Nevada resident Brandon Wilson following a swatting incident during which the teen allegedly made a false 911 report of a murder at a home in Naperville, Illinois, a suburb of Chicago.

Wilson, who uses the moniker “Famed God” in his online exploits, faces extradition to Illinois on felony charges related to the phony report. Wilson has reportedly been tied to a series of computer-related crimes.
 

Five Men Sentenced for Vishing Fraud

Five men have been collectively sentenced to more than 17.5 years in jail in the UK for a series of vishing frauds. The individuals posed as bank personnel and police officers in order to trick eleven unsuspecting people into turning over their bank cards and PIN numbers. It’s estimated the men placed more than 1,200 cold calls during this social engineering scam, which netted them more than £40,000.
 

Florida Man Faces 31 Charges from Facebook, Email Hacks 

Michael Rubens, 30, of Tallahassee, Florida, was arrested in January and faces 31 charges related to hacking of multiple social media and email accounts. Most of the victims were women, and Rubens reportedly stalked and harassed them after accessing their accounts. In several cases he solicited or improperly posted risqué photos on Facebook.
 

Trial Pending Over Alleged Breach of Task Force Investigation Files

Jacob James Nicholls is facing a felony criminal endangerment charge due to an alleged breach of security at a Missouri River Drug Task Force office. Nicholls is accused of accessing and removing drug task force investigation files while performing work on the office’s security system during the summer of 2014. He reportedly shared numerous files with an informant at his home, endangering the welfare of defendants, informants, and law enforcement officers.

Nicholls pleaded not guilty but faces up to 10 years in prison and $50,000 in fines if convicted.

 

We can help you reduce risks related to cyber security breaches in your organization. Our research with the Aberdeen Group proves that our Continuous Training Methodology can change user behavior and reduce business risk and impact by up to 50%.