Canadian Used Phishing to Crack Gmail Passwords for Russia’s FSB
In November, Karim Baratov pleaded guilty to US federal conspiracy and identity theft charges, admitting that he cracked Gmail passwords of government officials on behalf of a person who turned out to be an officer with Russia’s Federal Security Service (FSB).
According to the Daily Beast, Canadian citizen Baratov “primarily used phishing attacks that tricked users into entering their passwords into a fake password reset page, and he maintained a fleet of look-alike web addresses for Gmail, Russia’s Mail.Ru, and other webmail providers.”
Baratov is also accused of working with three Russian nationals to compromise 500 million Yahoo accounts in 2014.
Maryland Hacker-for-Hire Pleads Guilty
Zachary Buchta faces up to 2.5 years in prison after pleading guilty in December to one count of conspiracy to damage protected computers, according to the Chicago Tribune. Arrested in 2016, Buchta has been charged with shutting down the networks of gaming companies and “phone-bombing” victims as part of hacker groups Lizard Squad and PoodleCorp.
Buchta’s plea deal includes paying $350,000 in restitution to two online gambling companies he helped victimize.
Russian Carding Kingpin Receives Second Sentence
Roman Seleznev, already serving a 27-year sentence for cybercrime, has received an additional 14-year sentence for credit card and identity theft conspiracy, according to KrebsOnSecurity. The two sentences will be served concurrently.
Seleznev is known by his hacker nicknames “nCux” and “Bulba,” and enjoyed a lavish lifestyle prior to his 2014 arrest. The laptop found with him contained more than 1.7 million stolen credit card numbers, according to the US Department of Justice. Seleznev is thought to have earned tens of millions of dollars from his fraudulent activities.
Student Hacked School System to Change Grades
Trevor Graves, a former University of Iowa student, was arrested in October and charged with hacking into the school’s system to change grades. From 2015 to 2016, Graves allegedly used a keylogger to compromise the information of approximately 250 faculty, staff, and students, according to SC Magazine. The keylogger, which was discovered in 2017, is believed to have given Graves the access he needed to escalate his privileges and change grades within the school’s computer system.
Affiliates of Chinese Cybersecurity Firm Indicted
In November, three people were indicted for hacking into the networks of Siemens, Trimble, and Moodys Analytics, according to Reuters. The three defendants — Wu Yingzhuo, Dong Hao and Xia Lei — are allegedly “owners, employees, and associates” of a Chinese cybersecurity firm, Guangzhou Bo Yu Information Technology Company. The three used spear phishing emails and malware to gain access to “confidential business and commercial information, work product, and sensitive employee information.”
Romanians Arrested for Spreading Ransomware
Romanian authorities arrested five people in December in connection with CTB-Locker and Cerber file-encrypting ransomware. The CTB-Locker operators used a ransomware-as-a-service business model; they collected a 30% commission on the extortion but didn’t actually develop the software.
An international group of investigators is still searching for those responsible for building the software and others involved in spreading it.
IoT Botnet Co-Creators Plead Guilty
Two men have pleaded guilty for their roles in developing and using Mirai malware, which was created to enslave Internet of Things (IoT) devices for use in large-scale attacks against websites and networks. Paras Jha and Josiah White would target organizations with DDoS attacks and then either extort them or try to sell the companies services to help fend off the attacks.
Mirai “is responsible for coordinating some of the largest and most disruptive online attacks the internet has ever witnessed,” according to security blogger Brian Krebs. Jha and White also pleaded guilty to using the botnet to conduct click fraud.
Chinese National Charged with Providing Sakula Malware
In August, Yu Pingan of Shanghai was arrested in Los Angeles, accused of providing the Sakula malware linked to the theft of millions of American government security clearance records. The US Department of Justice claims Yu was part of a group that used Sakula to attack a series of American companies, according to Reuters and CNBC. The same malware was also involved in US Office of Personnel Management hacks discovered in 2014 and 2015.
Subscribe to the Proofpoint Blog