The third – and final – installment in our cybercrime digest zeroes in mainly on three high-profile cases involving extraditions. Also included are crackdowns on scams involving digital currencies, which show yet again that where there’s money – including the virtual kind – there’s often fraud, too. A ‘bonus’ tale that may show the long reach of the cryptocurrency mania then rounds off our quarterly roundup.
Alleged Kelihos bot-herder extradited to US
In April 2017, we reported that Spanish police had arrested an alleged spam kingpin on accusations of operating one of the longest-running and most pernicious botnets for years. Fast forward to February of this year and Spain turned over the Russian national, Pyotr Levashov, to authorities in the United States while refusing to honor Russia’s competing extradition request.
US prosecutors believe that Levashov ran a botnet called Kelihos that was made up of around 100,000 compromised devices. The botnet foisted untold numbers of malware-infected messages on internet users, including password-stealers and ransomware, as well as phishing emails, and advertisements for counterfeit drugs, make-money-fast schemes, and pump-and-dump stock scams. The authorities also believe that Levashov is also the man behind the online moniker ‘Severa’, a pivotal figure in many Russian-language cybercrime forums.
Levashov was on the radar of US cybercrime investigators for years, having actually been charged back in 2009 with operating “Storm”, a precursor to Kelihos and another spam behemoth, in the two years prior. ESET researchers have described some of the characteristics and campaigns wrought by the Storm/Kelihos botnet in this paper.
UK shows little love for US extradition request
Also in early February, US authorities had less success when seeking the extradition of another alleged hacker, Lauri Love, from the United Kingdom. After five years of legal wrangling, the UK’s High Court ruled against sending Love to the US, where he would have faced charges of breaching dozens of US government websites that he is said to have co-orchestrated as a member of the hacker collective Anonymous in 2012. Had he been extradited, Love could have faced up to 99 years in prison.
The BBC quoted the court as saying that “the fact of extradition would bring on severe depression, and that Mr Love would probably be determined to commit suicide, here or in America". Love, who has Asperger's and a history of severe mental health problems, may still be prosecuted in England, but with a maximum sentence of 18 months, wrote The Daily Telegraph.
Suspected LinkedIn and Dropbox hacker extradited to US
In late March, a Russian citizen was extradited from the Czech Republic to the US. Appearing in a court in San Francisco, Evgeny Nikulin pleaded not guilty to charges against him that involve compromising the personal information of up to 100 million users during breaches into LinkedIn, Dropbox and Formspring in 2016. Nikulin, who may face up to 30 years in prison, was arrested in Prague in October 2016 and became the center of another legal tussle between the US and Russia. Moscow requested Nikulin’s extradition on separate charges. Speaking prior to his extradition, Nikulin denied also charges by Russian authorities, having described himself as a “political pawn”.
Ukraine’s police shut down servers hosting some of the typo-squatted domains that had been used for a highly profitable Bitcoin phishing campaign, according to a Bleeping Computer report. The gang behind the operation made an estimated $50 million in virtual currency by exploiting Google AdWords. The scam artists bought legitimate ads and placed links to the phishing sites at the top of relevant Google search results, thus driving users to the phishing sites on these domains. When the unwitting users logged in on those pages, their credentials – and in short order also funds from their accounts – were snatched. No arrests were reported, however.
Meanwhile, the US Securities and Exchange Commission (SEC) dealt a blow to suspected scammers by shutting down another allegedly dodgy initial coin offering (ICO). Not even a celebrity endorsement – by boxing legend Evander Holyfield – was enough for the ICO of a cryptocurrency project called AriseBank to duck the knockout punch.
... And finally
Nuclear scientists in the grip of bitcoin rush?
Recently, the cryptocurrency bug is said to have bitten even Russian scientists, who may have wanted to jump on the bitcoin bandwagon in the most unlikely of (work) places. According to a BBC report, several engineers in a top-secret nuclear research facility in western Russia were detained after they attempted to connect one of the country’s most powerful – and strictly offline – supercomputers to the internet in order to mine bitcoin on it. [It’s not difficult to see the incentives behind it given that cryptocurrency mining requires a lot of processing power and consumes large amounts of electricity.] This tale may not tick the usual boxes of a cybercrime, but perhaps it exemplifies the long reach – and perils – of the cryptocurrency fever?
Cybercriminals view the online world as their oyster and rely on a dark cloak of anonymity to conceal their activities. However, as seen also from the previous two installments of our roundup, this veil can be lifted. Indeed, it shows that committing misdeeds in the virtual world can have some very real-life consequences. This sends an encouraging message to law-abiding netizens and hopefully discourages many of the criminally-inclined.