32 people charged in international hacking and insider trading ring

The Securities and Exchange Commission (SEC) of the United States announced on August 11 fraud charges against 32 people, among them two are Ukrainian men, after finding their involvement in an alleged international hacking and insider trading ring.

The SEC issued a press release informing that these people took part in a scheme to profit from stolen nonpublic information about corporate earnings announcements.

“Those charged include two Ukrainian men who allegedly hacked into newswire services to obtain the information and 30 other defendants in and outside the U.S. who allegedly traded on it, generating more than $100 million in illegal profits,” the press release read.

According to the press statement, the complaint against the people was filed under seal on August 10 in U.S. District Court in Newark, N.J.

The crooks used proxy servers to mask their identities and by posing as newswire service employees and customers.  The two allegedly recruited traders with a video showcasing their ability to steal the earnings information before its public release.

“The complaint charges that in return for the information, the traders sometimes paid the hackers a share of their profits, even going so far as to give the hackers access to their brokerage accounts to monitor the trading and ensure that they received the appropriate percentage of the profits,” the statement read.

Similarly, it also charges that the traders sought to conceal their illicit activity by establishing multiple accounts in a variety of names, funneling money to the hackers as supposed payments for construction and building equipment, and trading in products such as contracts for difference (CFDs).                                              

“This international scheme is unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated,” Mary Jo White, Chairperson of the SEC, said in the press release.

 “These hackers and traders are charged with reaping more than $100 million in illicit profits by stealing nonpublic information and trading based on that information. That deception ends today as we have exposed their fraudulent scheme and frozen their assets,” she added.

The SEC charged that Ivan Turchynov and Oleksandr Ieremenko created a secret web-based location to transmit the stolen data to traders in Russia, Ukraine, Malta, Cyprus, France, and three U.S. states, Georgia, New York, and Pennsylvania.

“This cyber hacking scheme is one of the most intricate and sophisticated trading rings that we have ever seen, spanning the globe and involving dozens of individuals and entities,” said Andrew Ceresney, Director of the SEC’s Division of Enforcement.  “Our use of innovative analytical tools to find suspicious trading patterns and expose misconduct demonstrates that no trading scheme is beyond our ability to unwind.”

Three Estonian men sentenced for internet fraud by US court

Manhattan federal court has sentenced over three years imprisonment to three Estonian men for their involvement in an Internet scheme that infected more than 4 million computers in over 100 countries.

U.S. District Judge Lewis A. Kaplan said that, "It's hard to pick up a newspaper this summer without reading about another one." Justifying his decision he said it was important to impose tough sentence.

Timur Gerassimenko, 35, was sentenced to four years, Dmitri Jegorov, 37, got 3 2/3 years and Konstantin Poltev, 31, received 3 1/3 years for their roles in an internet  fraud.

According to the government, Gerassimenko was the main culprit behind this fraud, he hired programmers, Jegorov as the lead network administrator while Poltev as the public face of the enterprise.

When the men were arrested in Estonia, Gerassimenko was ordered to forfeit $2.5 million while Jegorov and Poltev were each told to forfeit $1 million. All three of them  apologized for their crimes before they were sentenced.

The fraud has affected computers belonging to government agencies such as NASA, along with educational institutions, nonprofit organizations, businesses and individuals.

The malware scheme that was  carried out with co-conspirators in Russia and Ukraine, cost NASA more than $65,000 in repairs.

All three men sentenced Thursday are serving sentences in Estonia for similar crime.

Vietnamese Hacker who stole identities of 200 million American, sentenced to 13 years

After breaking into the computers of several business entities and stealing the personal identification information of over 200 million Americans, a Vietnamese hacker has finally been sentenced for 13 years in prison.

The Department of Justice on Tuesday, released a report announcing that Hieu Minh Ngo, 25, bagged $2 mn from hacking and stealing the personal identification and selling it to other cyber criminals.

A District Court in New Hampshire finally sentenced Ngo on Tuesday for various fradulent charges, as reported by the Financial Times. Ngo was arrested in february 2013, soon as he entered America.

Back in his home in Vietnam, Ngo was active from 2007 till 2013, for breaking into computer systems and stealing identifiable information like Social security numbers, credit card details, bank account, phone numbers, and advertising about the data on his websites, from where the fellow hackers used to buy the information.

A press release by the Justice Department specified that 'Ngo admitted that he offered access to PII (personally identifiable information) for 200 million U.S. citizens, and that more than 1,300 customers from around the world conducted more than three million "queries" through the third-party databases maintained on his websites'.

The Internal Revenue Service stated that the information sold on Ngo's website to other hackers was used to file income tax returns for more than 13000 people, who saw $65 million returned on their behalf.

'Criminals buy and sell stolen identity information because they see it as a low-risk, high-reward proposition,' Assistant Attorney General Leslie Caldwell said a statement.
'Identifying and prosecuting cyber criminals like Ngo is one of the ways we're working to change that cost-benefit analysis.'

The US Office of Personnel Management revealed that the hackers have stolen more than 21.5 mn social security numbers till now, and out of them 1.1 mn include fingerprints.

Sentencing Ngo has finally taken an initiative for stopping cyber crimes that are breaching the personal identity of civilians.

FBI takedown biggest malware marketplace 'Darkode'

Federal Bureau of Investigation  announced the takedown of ‘Darkode’, an international malware marketplace, on Wednesday.

Darkode was a secretive, password protected society of elite hackers, and this forum was used as a meeting place, and place to purchase and trade of hacking tools since 2008.

FBI arrested people from  20 countries and indictments for 70 individuals, including 12 in the U.S., from Wisconsin to Louisiana.

U.S. Attorney David J. Hickton said, “The FBI has effectively smashed the hornets' nest and we are in the process of rounding up and charging the hornets."

Adding to this Hickton explained how Darkode was one of the greatest threats to online security, mentioning one forum member who put up software (for a price of $65,000) that can take over cellphones. He said that how a user offered the ability to steal and sell lists of friends on Facebook.

According to the FBI’s Special Agent in Charge Scott S. Smith the arrests came after a two-year of undercover operation that infiltrated the forum.

The Pittsburgh Post-Gazette explains how the investigation started: "Following a lead generated in Pittsburgh around 18 months ago, the FBI cybersquad here launched Operation Shrouded Horizon. The bureau's local office assembled a coalition that started domestically with the bureau's offices in Washington, D.C., San Diego, New Orleans and San Francisco, and extended to online enforcement teams in 20 countries, including numerous European countries, Israel, Australia, Colombia, Brazil and Nigeria."

Federal officials say the investigation into Darkode is continuing.

Hacker who sold Madonna song sentenced to 14 months in prison

Adi Lederman has been sentenced to 14 months in prison in Israel after being found guilty of selling and stealing singer Madonna's unreleased songs.

He was also fined 5,000 shekels, which comprehends to about $3900. The court has sad that an appropriate punishment will deter this kind of incidents in the future.

Madonna's latest album Rebel Heart was leaked on the internet last year. At the time she said' “I have been violated as a human and an artist.”

Later she later six songs, calling it an “early Christmas gift” for her fans.

Lederman was arrested earlier this year and agreed to a plea deal after confessing the crime.

Schoolboy hacker who 'launched DDOS attacks against worldwide organizations' walks free

In 2001, several global organisations including BBC, faced cyber attacks by a teenage geek named as 'Narko', who "almost broke the internet" just sitting in his bedroom and was walking free on the streets after such a felony.

Seth Nolan-Mcdonagh was introduced to the world of hacking at the age of 13, by a group of online hackers who were at that time breaking the integrity of websites using a technique called 'Distributed Denial of Service' or DDOS for short.

The scam bagged £70,000 for Narko, who then quit school and joined the hacking fraternity after losing contact with the 'real world'.

Narko came back into limelight in 2013, when he successfully attacked Spamhaus, a spammer database for email service providers. He then chose a bigger target; CloudFlare, a service that prevents online assaults, which was considered as the biggest DDOS attack of that time.

In 2015, Seth was finally produced in front of the Southwark Crown court for the sentencing of the young felon.

The young hacker has already been pleaded guilty to two counts of unauthorized modification of computer material and one count of possessing articles for use in fraud.

In addition to these charges, he has also admitted that he transferred criminal property and possessed 924 indecent photos of children.

Seth was sentenced guilty by Judge Jeffrey Pegden, who stated that he had committed serious crime and that too at the tender age of 13. And all the attacks caused by him were committed at the time when he hadn't been of age. Thus, his sentence was announced while taking him into consideration as a youth.

Judge Pegden also notified the fact that his age while committing the offenses as well as the evidences showing that he was suffering from a mental illness, played a significant role.

Though, it has been said that he has 'improved' a lot ever since he has been sent to rehab, a question still arises about the assurance of a hacker who has seen the lavishside of hacking.

A Turkish mastermind of $55 million cyber spree handed over to the U.S.

A Turkish man, a mastermind behind three hacks that resulted in $55 million loss to the global financial system, has been extradited to the United States to face charges, the U.S. authorities announced on Wednesday.    

According to a news report published on Reuters, the prosecutors confirmed Ercan Findikoglu, 33, as the mastermind behind an organization whose hacks resulted in stolen debit card data being distributed worldwide and used to make fraudulent ATM withdrawals.

The prosecutors said that Findikoglu along with his friend hacked into the computer networks of three credit and debit card payment processors: Fidelity National Information Services Inc, ElectraCard Services, now owned by MasterCard Inc, and enStage.

After tapping into those networks, he hacked Visa and MasterCard prepaid debit cards that the processors serviced and caused the cards' account balances to be increased to allow large excess withdrawals.

Then the hackers group disseminated the stolen debit card information to heads of "cashing crews" around the world who in turn conducted tens of thousands of fraudulent ATM withdrawals.

The report says that the prosecutors said in February 2011 operation targeting cards issued by JPMorgan Chase & Co and used by the American Red Cross to provide relief to disaster victims noticed $10 million withdrawn across the globe.

A second operation compromised cards issued by National Bank of Ras Al-Khaimah in the United Arab Emirates, resulting in $5 million in losses in December 2012, court documents said.

Then the hackers compromised cards issued by Bank Muscat in Oman, allowing crews operating in 24 countries to execute 36,000 transactions over a two-day period in February 2013 and withdraw $40 million from ATMs, prosecutors said.

Authorities said that a New York cashing crew alone withdrew $2.8 million in the 2012 and 2013 operations. Thirteen of the crew's members have pleaded guilty.

According to the news report, the prosecutors said that Findikoglu and other high-ranking members of the scheme received proceeds in various forms, including by wire transfer, electronic currency or personal deliveries of cash.

The case is U.S. v. Findikoglu, U.S. District Court, Eastern District of New York, No. 13-0440.

The report says that Findikoglu pleaded not guilty during a hearing in federal court in Brooklyn, New York, after being extradited on Tuesday from Germany, where he was arrested in December 2013, the U.S. Justice Department said.

An indictment unsealed on Wednesday charged Findikoglu, who authorities say went by the online aliases "Segate" and "Predator," with 18 counts including computer intrusion conspiracy, bank fraud and money laundering.

Mexican teenagers charged with cyberattack on Enfamil website

Three teenagers in Rio Rancho, New Mexico, have been charged with cyber attack on the Enfamil baby formula website.

Sylvain Jones, 16, Sergio Velasquez, 15, and Joshua Van Gilder, 17; students of V. Sue Cleveland High School attracted the interest of the FBI and Secret Service. Police have filed cases of criminal acts of computer abuse and conspiracy.

Police said the boys used a school computer shortly before the summer break for the purpose.  The high school authorities launched an investigation on May 20 after they came to know about the cyber attack from the Secret Service.

According to the school reports submitted to the police, the three students sent vulgar messages on the Enfamil website during their robotics class.

They told the school officials that they decided to harass people on the Enfamil live chat site, as in hopes of getting a reaction or weird reply. According to the school report, the harassment started from May 13 and continued till May 18.

Enfamil, then, blocked their access to the website. In retaliation, the boys asked other hackers to bombard the site with messages by hacking the hacker website with a personal device.

According to the district report, the students were identified by their login information.

Think before you share your photos via Internet, someone can misuse them

Sometimes, we, especially teenagers, are so much in ‘love’ that they do not even hesitate to share their personal photos and details with our ‘loved ones’ via Internet. That time, they are not aware of the consequences that they are going to face in future.

A recent case might be an eyeopener to all of those teenagers where a man tried to blackmail a teenage girl in Auckland by threatening to post her naked photos images and videos, which were obtained during their online relationship, to the web.

Martin Cocker, executive director at Netsafe, told New Zealand Herald that while cases of teenagers sharing images unwisely was not uncommon, the lengths the perpetrator was going to were very aggressive.

"The man is a very determined character. The majority wouldn't continue to harass and attack any party they can find in the way that he has."

According to the NHerald, the relationship between the girl and the man began through Online gaming. The girl shared her explicit images, and then Skype calls where she undressed in front of a camera.

"I am always concerned they are going to feel like they are the first person who has ever been in this situation and feel isolated. That's not the case. Cases of sexual exploitation were a growing challenge,” he said.

The man stole her information by hacking her family's home computers and then launched a denial-of-service attack on the servers of her high school. Then, he uploaded the explicit images and videos of the girl to pornography websites and on her school's Facebook page with links to the sites.

"He is trying to punish the child or the family. It's a jilted relationship. He wants revenge," the school principal told New Zealand Herald. We just want the whole of New Zealand to realize that this is serious and scary and we need to do something about it."

A police spokesman said that the National Cyber Crime Centre was investigating the unauthorized access and postings on the website and social media pages of the school. The investigation was in its early stages. There were a number of technical matters relating to the inquiry.

Cyber Criminals stole Rs. 7 Lakh from Delhi's CP store

As cyber security experts say, banks websites, mobile apps are on the hackers’ hit list. Two recent net-banking fraud cases have shown how the hacking attack has been increasing in India-based banks’ websites, mobile applications and online services.

Recently, hackers transferred the money Rs. 7 lakh from the account of a retail outlet in Connaught Place to accounts which belong to Salman Khurshid and Rebecca Estees. Similarly, in the other incident, the salary accounts of more than 23 employees of software major, Infosys, in several cities across the country were hacked and money siphoned off.

According to the both of the organizations, many of their customers had complained about the online fraud.

In the first case,  victim, Archna Haksar,  whose account has been hacked and money transferred to accounts, received four missed calls from a number (971100****) after which her SIM was deactivated. When she activated her SIM again, she received the messages informing her about the transactions from her account.

It is believed that the hacker first hacked her SIM to get into her net banking account and created two beneficiaries to transfer the money.

In another case with Infosys, the every salary accounts have shown that several online transactions that were fraudulent and in most cases police refused to entertain complaints.

“Most of the employees who faced the problem were recruited in the August, 2011 batch of the company’s Hyderabad office to be later deputed to other places,” an employee told The Hindu. "While in some cases the fraudulent transactions took place in close succession, in a span of a few minutes, in other cases money was drained out over 24 hours. In my case, the first transaction took place in the third week of May and I reported the same. My account was drained of cash within the next 24 hours.”

Both of the cases of bank fraud were done through online transactions. And fraud cases are increasing.

High School students arrested for hacking school network

The principal of San Dimas High School in southern California said that two students studying in the school had been arrested for hacking the school network and changing grades of around 120 people.

The Cyber Crimes bureau of the Los Angeles Sheriff's Department is working closely with the school to investigate how the unauthorized access of the school network could have taken place.

 "We are very confident that we have the ability to restore all of the impacted scores. Teachers have been contacted and will be reviewing their student's grades for accuracy," said Principal Michael Kelly.

This is not the first recent incident in California after a student of Dixon High School in north California was also arrested earlier for unauthorized access to his school network.

Students whose grades were changed were interviewed by the authorities and some of them were suspended while the grades of all are being reverted back.

The teachers will be reviewing the grades again to make sure that the original grade is given to each student.

Two men, who developed Photobucket hacking software, charged with conspiracy and fraud

Two men were arrested on April 8 in the charge of conspiracy and fraud after breaching computer services of Colorado-based Photobucket, a company that runs an image and video hosting website, according to a statement by U.S Department of Justice (DoJ).

Brandon Bourret (39), from Colorado Springs, and Athanasios Andrianakis (26), from Sunnyvale, California, were arrested at their homes for hacking the system and sold passwords and access to private information on a photo-sharing website.

U.S. Attorney John Walsh for the District of Colorado (DoC) and Thomas Ravenelle, special agent in-charge for the Denver Division of the Federal Bureau of Investigations (FBI) announced that the two persons developed and sold a software application that allowed users to get through the privacy settings on Photobucket, which has more than 100 million registered users.

According to the statement, application users could secretly access and copy password-protected information and images without any permission from Photobucket's users.

“It is not safe to hide behind your computer, breach corporate servers and line your own pockets by victimizing those who have a right to protect privacy on the internet,” said U.S. Attorney Walsh in the statement.  The U.S. Attorney’s Office is keenly focused on prosecuting those people for their theft -- and for the wanton harm they do to innocent internet users.”      

“Unauthorized access into a secure computer system is a serious federal crime,” said Ravenelle in the statement.  The arrest of Brandon Bourret and his co-conspirator reflects the FBI’s commitment to investigate those who undertake activities such as this with the intent to harm a company and its customers.”

According to the statement, Bourret and Andrianakis both face one count of conspiracy, which carries a penalty of up to five years in federal prison and a fine of up to $250,000. They also face one count of computer fraud, which carries the same maximum penalty and less than five years in federal prison.

Similarly, they face two counts of access device fraud, which carries a fine of up to $250,000 and not more than ten years in federal prison, per count.

In addition, the U.S. Attorney’s Office and the FBI appreciated Photobucket for its cooperation from the inception of the investigation and thanked for its continued assistance as both the investigation and prosecution moves forward.


This case is being prosecuted by Assistant U.S. Attorney David Tonini. 

Two Anonymous hackers arrested by Australian Police

After a lengthy investigation, two people believed to be members of Anonymous hacker group have been arrested for allegedly hacking into government and corporate websites.

Police says a 40-year-old man from Western Australia has been charged with hacking into Melbourne IT Ltd's computer network in Brisbane and Indonesian government web servers, Australian Broadcasting Corporation reports.

The 18-year-old man from Penrith was charged with hacking into NetSpeed ISP located in Canberra and ACT Long Service Leave Authority.

These two were reportedly involved in several cyber attacks which includes modifying the content of websites and disrupting access to many websites by launching Distributed Denial of service(DDoS) attacks.  These attacks date back to 2012.

A number of computer hard drives and other computer equipments from the suspects' house have been seized by Police.  

Two Students arrested for hacking into School System to change Score

Two students from a college in Shanghai's Songjiang District have been arrested for allegedly breaking into their school's computer systems to change their grades.

The college students named Chen and Zhang didn't attend the morning physical education class regularly.  So, they decided to break into the college's system and change their scores in December 2013.

After students heard about their successful effort, other students turned to them for help.

According to Shanghai Daily report, they charged 15 yuan to 20 yuan for each change they made in school's database.

They earned more than 80,000 yuan(more than $12,000) by helping over 200 students.

The school noticed the false records in March and fixed the vulnerability that allowed them to change the scores. 

Black Hat hacker Farid Essebar arrested in Thailand


An infamous international computer hacker Farid Essebar has been arrested on Tuesday in Thailand, at the request of Swiss authorities.

Essebar, also known as Diabl0, 27 year old, who has dual Morocco-Russia nationality, was detained in Bangkok, according to the local news report.

He has been arrested on suspicion of taking part in a cyber crime which involves cracking banking systems and hacking online banking websites.  The breach was resulted in damage of $4 billion to customers in Europe in 2011.

Thailand will send the suspect to Switzerland within next 90 days.  Police are reportedly searching for two other gang members who involved in the breach.

This is not the first time he is being arrested.  In 2006, he was sentenced to two years in prison.  He was accused of spreading Zotob computer worm.  CNN, ABC News, United Parcel service, NY Times and US Depart. of Homeland Security were among those affected by this worm.

Two Students hacked Data InfoSys website to recharge mobile phones worth Rs.8 Lakh

Two Information Technology(IT) students have been arrested by Jaipur cyber crime police for hacking Data InfoSys e-processing system and fraudulently recharging BSNL mobile phones.

Kulshrestha Varma and Hardik Sud, both 19-years-old, students of APG University in Shimla, managed to recharge more than 500 mobile phones, causing loss of Rs.8 Lakh for the Data infosys.

According to Times of India, the students have used a public Internet cafe to breach the Data InfoSys' website.  These two kids might have thought that police can't catch them, if they use a cyber cafe.

The company became aware of fraudulent recharges at the end of last year and filed a complaint in cyber police station back in December 3rd.  Police took 75 days to crack the case.

Police has arrested and brought them to Jaipur on a transit remand.  The police suspect involvement of several other people in this cyber crime.   

Russian Hacker Rinat Shabayev admits to be creator of BlackPOS Malware



Last week, cyber security firm IntelCrawler named the 17-year-old Russian "Sergey Taraspov" as creator of the BlackPOS Malware which was used in the Target data breach.

After further investigation, the company update its report saying that 23-year-old Russian hacker named "Rinat Shibaev" is the original author of this malware and Sergey is member of technical support team.

In an interview with Russian news channel LifeNews, Shibaev has admitted that he had developed the BlackPOS(also referred as Kaptoxa) malware.

The hacker says he just took readily available program and developed it with additional features.

He allegedly got help in developing the malware from an unknown person whom he had met online.  However, he said that he doesn't even know in which country the person lives.

The hacker also said that he created it for selling it to others, not to use the application by himself.

17 year old suspected to be creator of BlackPOS malware used in Target data breach


Security firm IntelCrawler has been analyzing the recent massive data breaches of Target and Neiman Marcus.  The company said that it has identified the creator of the malware used in these attacks.

According its report, Sergey Taraspov, a 17-year-old boy from Russia, with Online handle 'ree[4]', allegedly first created the sample of the BlackPos malware in March 2013.

Initially the malware is referred as "Kaptoxa"("potatoe" - in russian slang) which was later referred as "Dump memory grabber" in underground forums by the creator.  "BlackPOS" name came from the title used in C&C communications.

BlackPOS is a RAM scrapping malware totally written on VBScript which is designed to be installed on POS devices and steals all data from cards swiped through the infected system.

Based on its own sources, the organization determined that the first victim of the malware is Point of Sale(PoS) systems in Canada, US and Australia.

He has sold more than 40 builds of his creation to cyber criminals from Eastern Europe and other countries, for $2,000.

The hacker has created several hacking tools including a brute force attack and other malicious tools.  He has also made some money with the training for DDOS attacks and Social network accounts hacking.

However,  the organization said that the real cybercriminals behind the Target data breach were just customers of him.

Update: 
After further investigation, IntelCrawler determined that the original BlackPOS malware is Rinat Shibaev.  Sergey Taraspov is actually one of the technical support members.

Former Natwest Bank clerk jailed for helping fraudsters


A former NatWest Bank clerk has been sentenced to four years in jail for helping fraudsters to gain access to the Bank computers in an attempt to steal over £1 million.

Hans Patterson-Mensah, 24 year old, allowed fraudsters to enter into customer interview room at one of Natwest Branches in Sep. 2012.

The fraudsters managed to install KVM("keyboard, video and mouse) switch into a computer.  The device gave the criminal access to the bank's internal system.

The criminals managed to change some records to make it look like the target person has deposited £1m in their account.  The crooks then withdraw money from that account.

However, Bank staff spotted that something was amiss when they conducted an end-of-day audit.  They managed to recover most of the money(£6,000).

Power Locker - Cybercriminals attempt to sell New Ransomware called Prison Locker

MalwareMustDie(MMD) Team came across an advertisement in an underground forum where an Individual is trying to sell his new Ransomware, called Power Locker also known as Prison Locker.

The Cybercriminal goes by online moniker "gyx" coded the malware in C/C++ and advertizing the ransomware in various underground forums. 

The ransomware in question is said to have many features such as "detecting the Debugger and Virtual Machines in order to avoid being analyzed by security researchers", "Displaying warning window in a new desktop".

At the starting, "gyx" asked others to help him to code the GUI part of the malware and promised to pay them.  Member of MalwareMustDie Team disguised himself as malware coder and had an IRC chat with him. He also managed to get the source code of the malware.  You can find the full conversation here.

MMD Team has doxed the Gyx and collected some interesting info about the identity of the malware author.  The dox leads to a person claimed to be a security researcher who is blogging about security  ("wenhsl.blogspot.in/").  They also identified the twitter account of him(@wenhsl).


The fun fact is that he was also trying to communicate with MalwareMustdie from his twitter account.