By Tomáš Foltýn
In Part 1, our roundup of some of the most
notable law enforcement actions against computer crime in the first quarter of
2018 will focus on arrests and charges involving suspected cyber-crooks.
Compared to combating conventional crime,
efforts to bring computer criminals to justice involves a host of specific
challenges for law enforcement. The difficulties reside on many levels and
concern, for example, the attribution of such crimes, their borderless nature,
the (relative) anonymity afforded by cyberspace, or the challenge in gathering
bulletproof evidence. All told, cyberattackers often perpetrate their crimes
because they view them as a low-risk, high-reward proposition.
Notwithstanding the varied challenges, law
enforcement hits back in a number of cases. The first three months of this year
saw dozens of success stories for law enforcement, both in clamping down on
‘lone wolves’ and in unraveling the tangle of large cybercriminal schemes. We
reported on several such cases, including on a jail sentence for a man involved in a ‘hacker-for-hire’
service and on a crackdown on a global fraud enterprise.
However, news reports of cases when
authorities – often aided by security researchers – throw a wrench in the works
of cybercriminal operations may sometimes get ‘lost in the shuffle’ of constant
news streams. This is where this roundup of notable arrests, indictments and
rulings comes in.
Arresting and charging
Fourth
‘Celebgate’ suspect agrees to plead guilty
Early this year, a fourth suspect agreed to
plead guilty to charges in connection with the notorious “Celebgate” nude photo
hack in 2013 and 2014, according to The Register. George Garofano admitted to using phishing
scams in order to break into more than 250 iCloud accounts, including those
belonging to Hollywood A-listers. He may now face up to five years in prison.
We reported on previous court actions in the case back in July and October 2016.
Canadian
charged over operating bazaar with stolen details
Also in early January, journalist Brian Krebs
wrote about charges against a Canadian national in connection with his
alleged administering of LeakedSource.com, a repository of three billion stolen
or leaked online credentials. Jordan Evan Bloom may face up to ten years in
prison for trafficking in personal identity records between 2015 and early 2017.
According to an investigation that spanned over 18 months, Bloom is believed to
have made US$200,000 from his shady business.
Russia breaks
up ring suspected of hacking gas pumps
Russian authorities broke up a massive fraud ring that is believed to have
installed malicious software on the IT systems of dozens of gasoline stations
in the country, ripping off countless customers in the process. The scheme, as
reported by Bleeping Computer, worked along these lines – when car owners came
to refuel, the malware redirected up to 7 percent of the amount of fuel into a
hidden tank that rogue gas station employees had placed for that very purpose.
The unsuspecting customers were charged the full amount, of course. Once the
tank filled up, the gang re-sold the stolen fuel and pocketed the money, while
additional malware cloaked the transactions. The scheme’s alleged mastermind
was arrested and charged.
Australian
charged with hack of car-sharing startup
Speaking of cars, Australian police arrested
a Nik Cubrilovic on accusations that, among other things, he had broken into
the network of a car sharing service, GoGet, to take his girlfriend on dozens
of free joyrides in luxury cars. In a notable twist, the man – described by the website of the SBS TV network as a
“prominent hacker, entrepreneur and IT security consultant” – had reportedly advised GoGet on flaws in its software system that could
expose it to a cyberattack. There’s no indication if this is what made him the
prime suspect in the hack.
Two men
charged over jackpotting heists
In early February, ArsTechnica reported that US authorities had pressed
charges against two men who had allegedly stolen huge amounts of cash in ATM
‘jackpotting’, a type of attack that involves using software or hardware to
manipulate cash machines into ejecting all their cash reserves. This was only a
week after security journalist Brian Krebs wrote about a secret service warning that this kind of
attack had found its way into the US.
Alleged
Avalanche mastermind arrested – again
Remember what happened in November 2016?
Never mind, neither do we. A little clue, though – a law enforcement operation
involving authorities from some 30 countries dismantled a criminal network that had provided
infrastructure for large malware campaigns. The network, called Avalanche, was
responsible for compromising up to half a million computers in the world daily.
Around 15 months after the crackdown, one of the ring’s alleged dons, Gennadiy
Kapkanov, was arrested in Ukraine, according to ZDNet. Or rather, he was re-arrested after being
first nabbed back in the sting in 2016. Then he was released by the court and
disappeared.
Poland
indicts alleged prolific purveyor of ransomware
Polish authorities arrested a man who is suspected of having authored the
Polski, Vortex and Flotera ransomware strains, according to Bleeping Computer.
The Polish national, identified only as Tomasz T., is believed to have made
over $145,000 from his criminal endeavors. In fact, in addition to ransomware,
he allegedly dedicated himself to banking Trojans. His ransomware is said to
have encrypted thousands of computers during a series of online attacks on
various Polish companies between 2013 and 2018.
Nine Iranians
charged with hacking universities
Meanwhile, US prosecutors indicted
nine Iranian nationals over cyberattacks targeting 144 universities in the US
and 176 universities in 21 other countries, as well as 47 companies globally.
During their alleged three-year campaign, the accused allegedly exfiltrated
more than 31 terabytes of information, worth over US$3 billion in intellectual
property. The network intrusions are believed to have begun with sophisticated spear-phishing
campaigns.
Romania,
Italy bust alleged spear-phishing ring
In late March, Europol reported that Romanian
and Italian authorities arrested a total of 20 people suspected of being involved
in a banking phishing scam that had defrauded hundreds of bank customers of the
equivalent of US$1.24 million. This group, too, reportedly sent out
spear-phishing emails, although this gang is thought to have impersonated tax
authorities in order to harvest the online banking credentials of their
victims.
Stay tuned for Part 2 on Monday, in which we
will zero in on court rulings and extraditions.