Cyber Security Wins: May 2015

This rundown of cyber security wins includes recent arrests and indictments of individuals accused of committing acts of cyber theft, cyber espionage, and social engineering.

U.S. Charges Three Men Suspected of Committing Historic Email Data Breach

Two Vietnamese citizens — Viet Quoc Nguyen, 28, and Giang Hoang Vu, 25 — and Canadian David-Manuel Santos Da Silva, 33, have been charged in connection with a breach the U.S. Department of Justice called the “largest data breach of names and e-mail addresses in the history of the Internet.”

In March, an indictment was unsealed for Nguyen and Vu, who allegedly stole more than a billion email addresses from eight U.S.-based email service providers. The addresses were used to send spam marketing emails that reportedly generated $2 million in revenue. Vu is in custody, but Nguyen is a fugitive.

The same week the indictment was unsealed, a U.S. federal grand jury indicted Da Silva on charges of conspiracy to commit money laundering. Da Silva is accused of laundering the spam proceeds through a company called 21 Celsius Inc., which he co-owned.

24 Arrested Following Year-Long Vishing Scam

Earlier this month, 24 suspects were arrested by Vietnamese police and have been accused of participating in a lucrative year-long voice phishing (vishing) scam.

The crime ring was allegedly led by Chinese and Taiwanese nationals living in Ho Chi Minh City, and they reportedly targeted people in their home country. Chinese authorities sought help from the Vietnamese in tracking down the perpetrators, who are estimated to have extorted more than US$3.66 million (VND80 billion) from their victims.

Indictments for Five Men Suspected of Stealing Millions in Tax Refunds

Five U.S. residents — four from Georgia, one from Maryland — have been accused of filing more than 980 fake U.S. federal tax returns since 2013. According to reports, the group stole the personal data of 125,000 in a data breach and used the information to generate $2 million in tax refunds.

The U.S. Attorney’s Office indicated that the group sought $6.6 million in refunds but the IRS rejected $4.6 million in claims. The four Georgia men are in custody, but the Maryland man remains at large.

Indicted Twin Brothers Allegedly Hacked U.S. Government Systems

Twin brothers Muneeb and Sohaib Akhter of Virginia were indicted earlier this month on several charges, including theft of credit card data and hacking of government systems. According to reports, the 23-year-olds stole personal and credit card data from customers of a cosmetics company’s website and used that information to purchase items such as flights and hotel reservations.

A Business Insider story indicated the brothers are “renowned computer experts” who graduated from George Mason University at the age of 19. That report also claimed the two planned to hack into U.S. State Department systems in order to gain and sell passport and visa data.

Photobucket Hackers Face Felony Charges

Brandon Bourret, 39, of Colorado and Athanasios Andrianakis, 26, were arrested by the FBI in early May and face federal felony charges from the alleged hack of Photobucket.com, an image and video hosting website.

The two men reportedly used a technique known as “fusking,” which helped them gain access to the private images and videos of Photobucket customers. They’ve also been accused of creating and selling an app that bypassed privacy settings and allowed users to access personal account data and other password-protected content.

Former Federal Employee Charged in Spear Phishing Attack

A former employee of the U.S. federal government’s Energy Department and Nuclear Regulatory Commission (NRC) employee has been charged with targeting his former colleagues in a spear phishing attack.

Charles Harvey Eccleston, 62, was using the attack to install spyware and destructive malware on U.S. federal systems in hopes of obtaining nuclear secrets that he could then sell to a foreign country. Eccleston left the U.S. for the Philippines in 2011, a year after he was fired by the NRC. He was arrested in Manila in March and extradited to the U.S. following an FBI sting that intercepted his 80 attempted spear phishing messages.