Cybersecurity Wins: March 2017

Despite the media tendency to point the finger at “Russian spies” in seemingly every instance of hacking, cybercriminals come from all walks of life and corners of the globe. Thankfully, some are being caught. Here are some refreshing victories from the first few months of 2017.

FBI Captures Seizure-Inducing Cyberbully

Similar in vein to mailing an Anthrax-filled envelope, a Maryland man was arrested last week for sending a seizure-inducing strobing tweet to Newsweek reporter Kurt Eichenwald, who has publically disclosed his struggle with epilepsy.

According to Artstechnica, “The December 15 tweet at Eichenwald included a strobing image and said, ‘you deserve a seizure.’” The arrest is the first of its kind related to a cyberattack utilizing an epileptogenic image on the internet.

U.S. Indicts Russian Spies for 2014 Yahoo Hack

Last week, the U.S. announced the filing of charges against two Russian intelligence agents and two criminal hackers for orchestrating the 2014 Yahoo data breach, which affected over 500 million user accounts and was lauded as one of the largest breaches discovered in the history of the internet.

Reuters reports, “The 47-count Justice Department indictment includes charges of conspiracy, computer fraud and abuse, economic espionage, theft of trade secrets, wire fraud, access device fraud and aggravated identify theft.” Though unrelated to the 2016 U.S. presidential election Democratic Party email hacking believed to also stem from Russia, these convictions confirm Yahoo’s suspicion that the attack was state-sponsored.

Nine Suspects Held in Kenya Cybercrime Case

Nine suspects are being held for at least 20 days due to their alleged involvement with an international wire fraud ring that targeted the Kenya Revenue Authority and various banks, with millions of shillings said to be stolen. Suspects include American Larry Peckham II, a former police officer, and a former Kenya Revenue Authority officer. Due to the anonymity of the source, no additional information was made available at the time of this post.

Fake Whistleblower in Steubenville Scandal Sentenced

Deric Lostlutter, known in online circles as “KYAnonymous” will serve two years in prison for interfering with an investigation into a highly publicized 2012 Steubenville, Ohio, rape case.

Lostlutter, a North Carolina resident, became involved in the case months after the investigation began when he and a Virginia man, Noah McHugh, hacked into a fan website associated with Steubenville High School athletics. Lostlutter reportedly intimidated, threatened, and lied about individuals connected with the website, as well as a potential witness to his crime. In addition to violating the Computer Fraud and Abuse Act, he was charged with lying to an FBI agent who investigated his cyberattack.

Lostlutter was given the maximum sentence allowed by law for his crimes; McHugh was sentenced to eight months in prison. In discussing the case, Assistant U.S. Attorney Neeraj Gupta said, “Lostutter had portrayed himself as a white knight and whistleblower who stopped a government and media cover-up of the rape case,” and further stated that Lostlutter “has never accepted moral responsibility” for his actions.

German Forum “crimenetwork” Targeted by Police in 14 States

The German federal BKA criminal investigation bureau (similar to the U.S.’s FBI) sent more than 1,000 officials to raid 120 locations across all but two of Germany’s 16 states following their investigation of the now defunct crimenetwork.biz website. Of the 153 suspects, 11 site administrators were identified and are facing charges of forming a criminal organization. Other users of the site are being investigated for a variety of crimes, including computer fraud, money laundering, and the sale of stolen goods, narcotics, and weapons.

Florida Man Arrested for Attack on California Company’s Website

29-year-old Gerard “Jerry” McTear III was arrested in Florida on charges that his cyberattack shut down a San Diego-based software company’s website in June 2016. Though McTear attempted to extort cryptocurrency in exchange for bringing the site back online, the company refused to pay. Prosecutors are seeking his transfer to California so that he may face charges there.

We can help you reduce risks related to cybersecurity breaches in your organization.

British Cybercriminal Arrested at Louton Airport

A British suspect accused of being the mastermind behind a November 2016 attack that hacked 900,000 Deutshe Telekom routers was apprehended in London’s Louton Airport in February. Germany’s BKA called the attack “particularly serious” and classified it as a threat to the country’s national communication infrastructure.

According to a BBC report, “The attack is believed to have been based on a malicious program called Mirai — this crawls the net seeking out devices that are vulnerable to attack because owners have not changed their default settings.”

The attack was apparently an attempt to highjack the routers and create a botnet. Mirai has been at the root of a number of damaging botnets, including the massive October 2016 DDoS attack against domain name system (DNS) services supplier Dyn, which brought down major sites like Twitter, Netflix, and the Guardian.

Cybersecurity Reporter Brian Krebs Celebrates Two Victories

Back in February, noted cybersecurity investigator Brian Krebs announced justice was served to not one, but two criminals charged in separate attacks targeting the blogger and author.

The first win for Krebs was associated with Sergey Vovnenko — also known as “Fly,” “Flycracker,” and “MUXACC1” — who operated a Russian cybercrime forum dedicated to financial fraud. After Krebs gained access to the hacker’s secret forum back in 2013, he learned Vovnenko was plotting to send heroin to Krebs’s home and notify police after its arrival. Vovnenko was caught in 2015 and eventually extradited to the U.S., where he pleaded guilty to unrelated charges of aggravated identity theft and conspiracy to commit wire fraud. He was recently sentenced to 41 months in an American prison and three years of supervised release; he was also ordered to pay more than $80,000 in restitution.

Win number two involved the sentencing of three years’ probation to 19-year-old American hacker Eric Taylor, known online as “Cosmo the God.” Taylor was reportedly part of a group of men who perpetuated a “swatting” hoax on Krebs; a fake report of a hostage situation ultimately resulting in sent a team, of heavily armed officers arriving at Krebs’s home back in 2013. His biggest claim to fame, however, was being part of a “doxing” group that published highly sensitive information (including Social Security numbers and other personal data) about public officials and celebrities, including Michelle Obama.

Interestingly, Krebs notes that both Vovnenko and Taylor reached out to apologize for their actions against him.

Secret Service Captures Russian Bank Hacker

Cybercriminal Alexander Tverdokhlebov was arrested in Los Angeles in early February for his alleged malware attacks on U.S. financial institutions in 2009 and 2010, which resulted in the theft of money from thousands of accounts. An article from The Daily Beast claims the Secret Service believes the 29-year-old Tverdokhlebov to be an “extremely sophisticated and well-connected cybercriminal.” The suspect was being held in Los Angeles pending a bail review in Alexandria, Virginia, where he’s facing charges.

$55M Cyber Mastermind Sentenced

Prolific Turkish hacker Ercan Findikoglu faces up to 14 years in federal prison after pleading guilty to conspiracy charges. His crimes include hacking into credit card processors, withdrawing thousands of dollars from ATMs, and other various schemes which netted upwards of $55 million.

Coverage on phys.org states that in one December 2012 attack, “5,000 cashers in 20 countries withdrew a total of $5 million — including $400,000 in 700 transactions from 140 New York ATMs — in less than three hours, according to court papers.”

Findikoglu had avoided authorities until a trip to Germany in 2013 resulted in his arrest at the request of U.S. authorities.

International ATM Attackers Taken Down

Five members of an organized cybercrime group operating in multiple countries have been arrested, with three of them being convicted, as the result of coordinated efforts by law enforcement agencies in Europe and Asia. According to ZDNet, “The group used a variety of different cyberattacks to infect ATMs and force them to dispense money.” Spear phishing emails with infected attachments were among the tools used by the group to compromise and control the network of ATMs.

Europol stated that cross-border cooperation of law enforcement was a primary reason for the investigation’s success.

Georgia Man Arrested After Impersonating CEO in Phishing Attack

George James of Brookhaven, Georgia, faces up to 20 years in federal prison and a maximum fine of $25,000 after sending a fraudulent email to county employees in Kansas that resulted in the transfer of more than $500,000 into his corporate bank account. The business email compromise (BEC) attack, sent in September 2016, was spoofed the email that appeared to come from the CEO of Cornejo & Sons, LLC, a Wichita construction company.