The long arm of the law caught up with a number of cybercriminals in the first three months of this year.
Picking up where we left off in Part 1, we continue to comb through headlines in order to bring another instalment in our rundown of some of the recent law enforcement actions in its struggle against cybercrime. As the old adage goes, the wheels of justice turn slowly (perhaps sometimes too slowly?), but grind exceedingly fine.
Man sent to prison over giant credit card info theft
A New Jersey court sentenced a Russian national, Vladimir Drinkman, to 12 years in prison for his role in what US authorities described as the “largest known data breach conspiracy ever prosecuted” by the country. Drinkman’s accomplice, Dmitriy Smilianets, was also sentenced, albeit “only” to 51 months. Having already served his time, Smilianets was released.
Between 2005 and 2012, the ring caused losses worth hundreds of millions of US dollars after selling 160 million credit card numbers that they had stolen from a number of payment processors, banks, and retailers. This includes some of the worst known breaches, including the hack in Heartland in 2009, which was the very largest breach reported at the time. Drinkman was nabbed in the Netherlands in 2012 and extradited to the US three years later.
Another member of the ring, Albert Gonzalez, of the US, is already serving a sentence of 20 years. Three more suspected members of the gang – two Russians and one Ukrainian national – are at large.
Ringleader of credit card fraud ring jailed
An American was sent to prison for nine years after he led a 12-member gang that had, for two-and-a-half years, purchased large amounts of stolen credit card details on the dark web and used the information to manufacture fake credit cards, according to an announcement by the US Department of Justice. They used the fake cards to purchase various merchandise, ranging from gift cards to large quantities of cigarettes, which they then resold for cash. Just like all of the other 11 members of the ring, Travon Williams also pleaded guilty to the charges.
UK academic who tormented victims online jailed for 32 years
Those with malicious intent often flock to the dark web. But even in the context of all manner of illicit activity that occurs in the internet’s seedy underbelly, one recent case stands out. In the middle of February, a British court sent a 29-year-old university researcher to jail for 32 years for engaging in particularly depraved acts that he had perpetrated via the dark web, according to a BBC report. The details are too appalling to describe here, so let us just say that Matthew Falder, a former excellent Cambridge student, confessed to 137 charges against 46 people – all over a span of almost 10 years. Tracking Falder down and arresting him took four years. Sometimes those wheels of justice seem to turn way too slowly.
Disgruntled ex-employee jailed
A Welsh man was sentenced to 10 months in jail for launching a revenge cyberattack on his former employer, reads a report by The Daily Post. In fact, Gavin Prince’s former boss at a tenant referencing firm called ‘LetsXL’ said that the IT expert had been causing trouble even during his tenure with the company – by deliberately crashing its systems to justify his job. As if earning himself the sack weren’t enough, Prince went on to launch a four-day attack at the company. He changed passwords to mailboxes, accessed the e-mails of other employees, and even set the emails of one employee to delete.
Hacker who DDoS-ed Google and Skype put behind bars
A prolific British hacker was jailed in January for two years after he admitted to various computer-related offences, the BBC reported. Among other offences, Alex Bessell, 21, used 9,000 bots, or zombie computers, to carry out more than 100 distributed denial-of-service (DDoS) attacks at various firms, including Google, Skype and Pokemon. Having started his malicious campaigns at the age of 14, Bessell also went on to operate his own Darknet business that sold malicious wares, both of his own and others’ making. No less than 9,000 such items recorded 34,000 purchases between them.
Ukraine convicts two DDoS extortionists
Meanwhile, a court in Ukraine sentenced a woman and a man to suspended jail times of five years each for orchestrating powerful DDoS attacks and running a DDoS extortion scheme in 2015 and 2016. According to a BankInfoSecurity report citing court documents, Inna Yatsenko and Gayk Grishkyan disrupted hundreds of websites, including those belonging to a number of international firms. Their first target – a popular dating service called AnastasiaDate that connects men in North America with women from Eastern Europe – sustained persistent attacks over the span of two years. Yatsenko, who was reportedly the leader of the ring that included more than the pair, owned a local marriage agency and had previously collaborated with AnastasiaDate, reads a Bleeping Computer report.
ATM skimming gang ringleader sentenced – in absentia
In another notable case, however, justice has yet to be served. A UK court handed down a prison term of 11 years on a Romanian national after convicting him of leading a notorious cybercriminal ring that had designed and sold ATM skimming devices, reads a Daily Mail report. So far, so good, where’s the catch, then? Alexandru Sovu was let out on bail and then absconded during his trial – reportedly on board a private plane during flying lessons. The fugitive was reportedly soon back at it again, hawking his wares on his website, albeit since shut down again. Sovu’s gang had pocketed over US$4.2 million by designing ATM skimmers and fronts and selling them to fraudsters in a number of countries.
written by Tomas Foltyn, ESET We Live Security