British Cybercriminal Arrested at Louton Airport
A British suspect accused of being the mastermind behind a November 2016 attack that hacked 900,000 Deutshe Telekom routers was apprehended in London’s Louton Airport in February. Germany’s BKA called the attack “particularly serious” and classified it as a threat to the country’s national communication infrastructure.
According to a BBC report, “The attack is believed to have been based on a malicious program called Mirai — this crawls the net seeking out devices that are vulnerable to attack because owners have not changed their default settings.”
The attack was apparently an attempt to highjack the routers and create a botnet. Mirai has been at the root of a number of damaging botnets, including the massive October 2016 DDoS attack against domain name system (DNS) services supplier Dyn, which brought down major sites like Twitter, Netflix, and the Guardian.
Cybersecurity Reporter Brian Krebs Celebrates Two Victories
Back in February, noted cybersecurity investigator Brian Krebs announced justice was served to not one, but two criminals charged in separate attacks targeting the blogger and author.
The first win for Krebs was associated with Sergey Vovnenko — also known as “Fly,” “Flycracker,” and “MUXACC1” — who operated a Russian cybercrime forum dedicated to financial fraud. After Krebs gained access to the hacker’s secret forum back in 2013, he learned Vovnenko was plotting to send heroin to Krebs’s home and notify police after its arrival. Vovnenko was caught in 2015 and eventually extradited to the U.S., where he pleaded guilty to unrelated charges of aggravated identity theft and conspiracy to commit wire fraud. He was recently sentenced to 41 months in an American prison and three years of supervised release; he was also ordered to pay more than $80,000 in restitution.
Win number two involved the sentencing of three years’ probation to 19-year-old American hacker Eric Taylor, known online as “Cosmo the God.” Taylor was reportedly part of a group of men who perpetuated a “swatting” hoax on Krebs; a fake report of a hostage situation ultimately resulting in sent a team, of heavily armed officers arriving at Krebs’s home back in 2013. His biggest claim to fame, however, was being part of a “doxing” group that published highly sensitive information (including Social Security numbers and other personal data) about public officials and celebrities, including Michelle Obama.
Interestingly, Krebs notes that both Vovnenko and Taylor reached out to apologize for their actions against him.
Secret Service Captures Russian Bank Hacker
Cybercriminal Alexander Tverdokhlebov was arrested in Los Angeles in early February for his alleged malware attacks on U.S. financial institutions in 2009 and 2010, which resulted in the theft of money from thousands of accounts. An article from The Daily Beast claims the Secret Service believes the 29-year-old Tverdokhlebov to be an “extremely sophisticated and well-connected cybercriminal.” The suspect was being held in Los Angeles pending a bail review in Alexandria, Virginia, where he’s facing charges.
$55M Cyber Mastermind Sentenced
Prolific Turkish hacker Ercan Findikoglu faces up to 14 years in federal prison after pleading guilty to conspiracy charges. His crimes include hacking into credit card processors, withdrawing thousands of dollars from ATMs, and other various schemes which netted upwards of $55 million.
Coverage on phys.org states that in one December 2012 attack, “5,000 cashers in 20 countries withdrew a total of $5 million — including $400,000 in 700 transactions from 140 New York ATMs — in less than three hours, according to court papers.”
Findikoglu had avoided authorities until a trip to Germany in 2013 resulted in his arrest at the request of U.S. authorities.
International ATM Attackers Taken Down
Five members of an organized cybercrime group operating in multiple countries have been arrested, with three of them being convicted, as the result of coordinated efforts by law enforcement agencies in Europe and Asia. According to ZDNet, “The group used a variety of different cyberattacks to infect ATMs and force them to dispense money.” Spear phishing emails with infected attachments were among the tools used by the group to compromise and control the network of ATMs.
Europol stated that cross-border cooperation of law enforcement was a primary reason for the investigation’s success.
Georgia Man Arrested After Impersonating CEO in Phishing Attack
George James of Brookhaven, Georgia, faces up to 20 years in federal prison and a maximum fine of $25,000 after sending a fraudulent email to county employees in Kansas that resulted in the transfer of more than $500,000 into his corporate bank account. The business email compromise (BEC) attack, sent in September 2016, was spoofed the email that appeared to come from the CEO of Cornejo & Sons, LLC, a Wichita construction company.
Subscribe to the Proofpoint Blog