In Part 1, our roundup of some of the most notable law enforcement actions against computer crime in the first quarter of 2018 will focus on arrests and charges involving suspected cyber-crooks.
Compared to combating conventional crime, efforts to bring computer criminals to justice involves a host of specific challenges for law enforcement. The difficulties reside on many levels and concern, for example, the attribution of such crimes, their borderless nature, the (relative) anonymity afforded by cyberspace, or the challenge in gathering bulletproof evidence. All told, cyberattackers often perpetrate their crimes because they view them as a low-risk, high-reward proposition.
Notwithstanding the varied challenges, law enforcement hit back in a number of cases. The first three months of this year saw dozens of success stories for law enforcement, both in clamping down on ‘lone wolves’ and in unraveling the tangle of large cybercriminal schemes. We reported on several such cases, including on a jail sentence for a man involved in a ‘hacker-for-hire’ service and on a crackdown on a global fraud enterprise.
However, news reports of cases when authorities – often aided by security researchers – throw a wrench in the works of cybercriminal operations may sometimes get ‘lost in the shuffle’ of constant news streams. This is where this roundup of notable arrests, indictments and rulings comes in.
Arresting and charging
Fourth ‘Celebgate’ suspect agrees to plead guilty
Early this year, a fourth suspect agreed to plead guilty to charges in connection with the notorious “Celebgate” nude photo hack in 2013 and 2014, according to The Register. George Garofano admitted to using phishing scams in order to break into more than 250 iCloud accounts, including those belonging to Hollywood A-listers. He may now face up to five years in prison. We reported on previous court actions in the case back in July and October 2016.
Canadian charged over operating bazaar with stolen details
Also in early January, journalist Brian Krebs wrote about charges against a Canadian national in connection with his alleged administering of LeakedSource.com, a repository of three billion stolen or leaked online credentials. Jordan Evan Bloom may face up to ten years in prison for trafficking in personal identity records between 2015 and early 2017. According to an investigation that spanned over 18 months, Bloom is believed to have made US$200,000 from his shady business.
Russia breaks up ring suspected of hacking gas pumps
Russian authorities broke up a massive fraud ring that is believed to have installed malicious software on the IT systems of dozens of gasoline stations in the country, ripping off countless customers in the process. The scheme, as reported by Bleeping Computer, worked along these lines – when car owners came to refuel, the malware redirected up to 7 percent of the amount of fuel into a hidden tank that rogue gas station employees had placed for that very purpose. The unsuspecting customers were charged the full amount, of course. Once the tank filled up, the gang re-sold the stolen fuel and pocketed the money, while additional malware cloaked the transactions. The scheme’s alleged mastermind was arrested and charged.
Australian charged with hack of car-sharing startup
Speaking of cars, Australian police arrested a Nik Cubrilovic on accusations that, among other things, he had broken into the network of a car sharing service, GoGet, to take his girlfriend on dozens of free joyrides in luxury cars. In a notable twist, the man – described by the website of the SBS TV network as a “prominent hacker, entrepreneur and IT security consultant” – had reportedly advised GoGet on flaws in its software system that could expose it to a cyberattack. There’s no indication if this is what made him the prime suspect in the hack.
Two men charged over jackpotting heists
In early February, ArsTechnica reported that US authorities had pressed charges against two men who had allegedly stolen huge amounts of cash in ATM ‘jackpotting’, a type of attack that involves using software or hardware to manipulate cash machines into ejecting all their cash reserves. This was only a week after security journalist Brian Krebs wrote about a U.S. Secret Service warning that this kind of attack had found its way into the US.
Alleged Avalanche mastermind arrested – again
Remember what happened in November 2016? Never mind, neither do we. A little clue, though – a law enforcement operation involving authorities from some 30 countries dismantled a criminal network that had provided infrastructure for large malware campaigns. The network, called Avalanche, was responsible for utilizing up to half a million compromised computers every day. Around 15 months after the crackdown, one of the ring’s alleged dons, Gennadiy Kapkanov, was arrested in Ukraine, according to ZDNet. Or rather, he was re-arrested after being first nabbed back in the sting in 2016. Then he was released by the court and disappeared.
Poland indicts alleged prolific purveyor of ransomware
Polish authorities arrested a man who is suspected of having authored the Polski, Vortex and Flotera ransomware strains, according to Bleeping Computer. The Polish national, identified only as Tomasz T., is believed to have made over $145,000 from his criminal endeavors. In fact, in addition to ransomware, he allegedly dedicated himself to banking Trojans. His ransomware is said to have encrypted thousands of computers during a series of online attacks on various Polish companies between 2013 and 2018.
Nine Iranians charged with hacking universities
Meanwhile, US prosecutors indicted nine Iranian nationals over cyberattacks targeting 144 universities in the US and 176 universities in 21 other countries, as well as 47 companies globally. During their alleged three-year campaign, the accused allegedly exfiltrated more than 31 terabytes of information, worth over US$3 billion in intellectual property. The network intrusions are believed to have begun with sophisticated spear-phishing campaigns.
Romania, Italy bust alleged spear-phishing ring
In late March, Europol reported that Romanian and Italian authorities arrested a total of 20 people suspected of being involved in a banking phishing scam that had defrauded hundreds of bank customers of the equivalent of US$1.24 million. This group, too, reportedly sent out spear-phishing emails, although this gang is thought to have impersonated tax authorities in order to harvest the online banking credentials of their victims.
Stay tuned for Part 2 on Monday, in which we will zero in on court rulings and extraditions.