Sign up to our newsletter
The latest security news direct to your inbox
The FBI has announced several arrests in a worldwide coordinated effort to break up a gang of email ‘hackers for hire’. Two men were arrested in Arkansas: Mark Anthony Townsend, 45, from Cedarville, and Joshua Alan Tabor, 29, from Prairie Grove.
Townsend and Tabor had been running the ‘needapassword.com’ website, which advertised their ability to illegally obtain passwords to email accounts. Nearly 6,000 people’s accounts had been affected by the site, according to the FBI. Three further arrests were made for hiring hackers: John Ross Jesensky, 30, from Northridge, California; Laith Nona, 31, from Troy, Michigan, and Arthur Drake, 55, from New York. Jesensky had paid $21,675 to a Chinese website in return for email passwords.
Overseas agencies made further arrests, in an operation controlled by the FBI. In China, police arrested the owner of ‘hiretohack.net’, Ying Liu. Liu had been responsible for stealing 300 passwords between January 2012 and March 2013. In India, Amrit Tiwari, 32, was arrested for carrying out email password hacks on behalf of ‘www.hirehacker.net’ and ‘www.anonymiti.com’. Four arrests were also made in Romania by the Directorate for Combating Organised Crime, connected to six further email hacking sites which had been linked to breaches of 1,600 email accounts.
According to ZDnet.com, prosecutors in the US have filed four separate cases against the five US-based defendants. Townsend and Tabor are charged with a felony violation, and could face up to five years in prison if convicted. All five are expected to plead guilty.
Customers of the websites involved would submit email addresses they wanted hacked, and make deposits via Paypal to the hackers once the passwords had been obtained. Those who paid hackers for their services are charged with misdemeanour offences, and face maximum sentences of 12 months in prison.
No details have been released by the FBI concerning the methods used by the hackers to break into email accounts, but Mother Jones reports that the schemes used spear-phishing attacks to trick owners into providing access to their email accounts. Townsend and Tabor advertised their site as a service to find out if your spouse was cheating. Yahoo and Gmail accounts were both hacked, and one bank account associated with the site had reportedly received approximately $150,000 in eighteen months.
Author Alan Martin, ESET