Cyber Security Wins: December 2014

This is the first in a regular series of reports that will highlight wins in the war against cyber theft, cyber espionage, and social engineering scams. 

‘Operation Onymous’ Nets 17 Arrests in Dark Web Purge

Operation Onymous, a joint investigation by the FBI, U.S. Department of Homeland Security, and European agencies Europol and Eurojust, resulted in 17 arrests in 17 countries and the seizure of more than 400 Dark Web domains linked to a variety of illicit and black market operations. Authorities also recovered more than $1 million in Bitcoin and $250,000 in cash, gold, and silver, as well as drugs, guns, and computers.

The seized domains were part of the Tor project, a web browsing service that anonymizes online activities. Targeted operations included Silk Road 2.0, a marketplace that facilitated anonymous buying and selling of illegal drugs and other prohibited goods and services. 

Five Charged with Stealing $100M in U.S. Army and Microsoft IP

Four hackers, ranging in age from 18 to 28, have been charged in the U.S. with stealing $100M in intellectual property (IP) from the U.S. Army and Microsoft. A teenager in Perth, Australia, with ties to the hacking ring — known as “Xbox Underground” — is facing charges in that country.

Though youthful, the hackers’ alleged exploits are prolific. According to the U.S. Department of Justice, the group hacked into a number of high-profile sites between January 2011 and March 2014. They purportedly stole software and data for Microsoft’s Xbox One and Xbox Live, as well as a number of pre-release games. The group is also accused of stealing Apache helicopter simulation software and reportedly even built and sold a counterfeit Xbox One prior to Microsoft’s release of the gaming console.

77 Chinese Nationals Arrested in Kenya

Kenyan authorities arrested and charged 77 Chinese nationals who were allegedly planning to hack into the country’s communication systems. A sophisticated cyber command center was discovered by authorizes after police responded to reports of a fire in a rented house on a Nairobi estate located near U.N. headquarters and the U.S. embassy. The group is suspected of being involved in a number of cybercrimes.

Europol Arrests 15 in Anti-Spyware Crackdown

A cross-country anti-spyware raid headed by Europol led to the arrest of four UK residents and eleven others in Estonia, France, Romania, Latvia, Italy, and Norway. All suspects have allegedly used remote access trojans (RATs) to access digital data. 

20-Year-Old Who Hacked 100+ Sites Arrested in Seoul

A 20-year-old college student suspected of hacking 104 websites in 24 countries between November 2013 and August 2014 was recently arrested by the Seoul Metropolitan Police Agency in South Korea. The student, whose surname is Jang, allegedly collected 280,000 pieces of data from the hacked sites as well as social media outlets like Facebook and Twitter.

Jang purportedly stored the stolen data in the cloud or posted it to his blog, and he detailed his exploits and techniques in YouTube videos and in posts to foreign community forums. In all, it’s estimated that Jang shared 13,000 pieces of stolen data on the Internet. He reportedly also attempted to use stolen credit card information to make online purchases.

Halifax Bank Blackmailer Jailed

Con artist Lewys Martin — who used phishing techniques to steal the personal information of 28,000 Halifax bank customers and then threatened to sell the data to UK’s The Sun newspaper — was sentenced to more than four years in prison. Martin attempted to blackmail Halifax’s parent company, Lloyds Banking Group, by demanding 2,800 Bitcoin valued at the time at more than £200,000. He had previously been jailed for committing a number of DOS attacks on corporate and government websites.

Arrested Radiologist Allegedly Stole PHI of 97,000 Patients

Dr. Richard Kessler, a radiologist in Long Island, NY, was arrested on December 3 following the alleged theft of protected health information (PHI) of almost 97,000 current and former patients at NRAD Medical Associates, Kessler’s employer.

Kessler has been charged with three misdemeanors under state statutes. Nassau County District Attorney Kathleen Rice is pressing for changes in states laws that will allow for tougher charges in similar cases. Federal charges for HIPAA violations may be also be forthcoming.

Two Arrested in London for Pre-Release Movie Leak

An investigation initiated by Los Angeles-based agents with the U.S. Immigration and Customs Enforcement’ (ICE) Homeland Security Investigations (HIS) led to the arrest of two men linked to the pre-release leak of the Lionsgate and Millenium Films movie The Expendables 3.

The two suspects were taken into custody in London on November 25 and are being charged by UK authorities. The men allegedly accessed the film on a cloud-based storage system and subsequently uploaded the high-quality file to the Internet on or about July 25, three weeks prior to the movie’s scheduled August 15 U.S. premiere.

We can help you defend against cyber security breaches in your organization. Wombat Security was named a Leader in the Gartner Magic Quadrant for Security Awareness Computer-Based Training Vendors.