A Turkish mastermind of $55 million cyber spree handed over to the U.S.

A Turkish man, a mastermind behind three hacks that resulted in $55 million loss to the global financial system, has been extradited to the United States to face charges, the U.S. authorities announced on Wednesday.    

According to a news report published on Reuters, the prosecutors confirmed Ercan Findikoglu, 33, as the mastermind behind an organization whose hacks resulted in stolen debit card data being distributed worldwide and used to make fraudulent ATM withdrawals.

The prosecutors said that Findikoglu along with his friend hacked into the computer networks of three credit and debit card payment processors: Fidelity National Information Services Inc, ElectraCard Services, now owned by MasterCard Inc, and enStage.

After tapping into those networks, he hacked Visa and MasterCard prepaid debit cards that the processors serviced and caused the cards' account balances to be increased to allow large excess withdrawals.

Then the hackers group disseminated the stolen debit card information to heads of "cashing crews" around the world who in turn conducted tens of thousands of fraudulent ATM withdrawals.

The report says that the prosecutors said in February 2011 operation targeting cards issued by JPMorgan Chase & Co and used by the American Red Cross to provide relief to disaster victims noticed $10 million withdrawn across the globe.

A second operation compromised cards issued by National Bank of Ras Al-Khaimah in the United Arab Emirates, resulting in $5 million in losses in December 2012, court documents said.

Then the hackers compromised cards issued by Bank Muscat in Oman, allowing crews operating in 24 countries to execute 36,000 transactions over a two-day period in February 2013 and withdraw $40 million from ATMs, prosecutors said.

Authorities said that a New York cashing crew alone withdrew $2.8 million in the 2012 and 2013 operations. Thirteen of the crew's members have pleaded guilty.

According to the news report, the prosecutors said that Findikoglu and other high-ranking members of the scheme received proceeds in various forms, including by wire transfer, electronic currency or personal deliveries of cash.

The case is U.S. v. Findikoglu, U.S. District Court, Eastern District of New York, No. 13-0440.

The report says that Findikoglu pleaded not guilty during a hearing in federal court in Brooklyn, New York, after being extradited on Tuesday from Germany, where he was arrested in December 2013, the U.S. Justice Department said.

An indictment unsealed on Wednesday charged Findikoglu, who authorities say went by the online aliases "Segate" and "Predator," with 18 counts including computer intrusion conspiracy, bank fraud and money laundering.

Mexican teenagers charged with cyberattack on Enfamil website

Three teenagers in Rio Rancho, New Mexico, have been charged with cyber attack on the Enfamil baby formula website.

Sylvain Jones, 16, Sergio Velasquez, 15, and Joshua Van Gilder, 17; students of V. Sue Cleveland High School attracted the interest of the FBI and Secret Service. Police have filed cases of criminal acts of computer abuse and conspiracy.

Police said the boys used a school computer shortly before the summer break for the purpose.  The high school authorities launched an investigation on May 20 after they came to know about the cyber attack from the Secret Service.

According to the school reports submitted to the police, the three students sent vulgar messages on the Enfamil website during their robotics class.

They told the school officials that they decided to harass people on the Enfamil live chat site, as in hopes of getting a reaction or weird reply. According to the school report, the harassment started from May 13 and continued till May 18.

Enfamil, then, blocked their access to the website. In retaliation, the boys asked other hackers to bombard the site with messages by hacking the hacker website with a personal device.

According to the district report, the students were identified by their login information.

Think before you share your photos via Internet, someone can misuse them

Sometimes, we, especially teenagers, are so much in ‘love’ that they do not even hesitate to share their personal photos and details with our ‘loved ones’ via Internet. That time, they are not aware of the consequences that they are going to face in future.

A recent case might be an eyeopener to all of those teenagers where a man tried to blackmail a teenage girl in Auckland by threatening to post her naked photos images and videos, which were obtained during their online relationship, to the web.

Martin Cocker, executive director at Netsafe, told New Zealand Herald that while cases of teenagers sharing images unwisely was not uncommon, the lengths the perpetrator was going to were very aggressive.

"The man is a very determined character. The majority wouldn't continue to harass and attack any party they can find in the way that he has."

According to the NHerald, the relationship between the girl and the man began through Online gaming. The girl shared her explicit images, and then Skype calls where she undressed in front of a camera.

"I am always concerned they are going to feel like they are the first person who has ever been in this situation and feel isolated. That's not the case. Cases of sexual exploitation were a growing challenge,” he said.

The man stole her information by hacking her family's home computers and then launched a denial-of-service attack on the servers of her high school. Then, he uploaded the explicit images and videos of the girl to pornography websites and on her school's Facebook page with links to the sites.

"He is trying to punish the child or the family. It's a jilted relationship. He wants revenge," the school principal told New Zealand Herald. We just want the whole of New Zealand to realize that this is serious and scary and we need to do something about it."

A police spokesman said that the National Cyber Crime Centre was investigating the unauthorized access and postings on the website and social media pages of the school. The investigation was in its early stages. There were a number of technical matters relating to the inquiry.

Cyber Criminals stole Rs. 7 Lakh from Delhi's CP store

As cyber security experts say, banks websites, mobile apps are on the hackers’ hit list. Two recent net-banking fraud cases have shown how the hacking attack has been increasing in India-based banks’ websites, mobile applications and online services.

Recently, hackers transferred the money Rs. 7 lakh from the account of a retail outlet in Connaught Place to accounts which belong to Salman Khurshid and Rebecca Estees. Similarly, in the other incident, the salary accounts of more than 23 employees of software major, Infosys, in several cities across the country were hacked and money siphoned off.

According to the both of the organizations, many of their customers had complained about the online fraud.

In the first case,  victim, Archna Haksar,  whose account has been hacked and money transferred to accounts, received four missed calls from a number (971100****) after which her SIM was deactivated. When she activated her SIM again, she received the messages informing her about the transactions from her account.

It is believed that the hacker first hacked her SIM to get into her net banking account and created two beneficiaries to transfer the money.

In another case with Infosys, the every salary accounts have shown that several online transactions that were fraudulent and in most cases police refused to entertain complaints.

“Most of the employees who faced the problem were recruited in the August, 2011 batch of the company’s Hyderabad office to be later deputed to other places,” an employee told The Hindu. "While in some cases the fraudulent transactions took place in close succession, in a span of a few minutes, in other cases money was drained out over 24 hours. In my case, the first transaction took place in the third week of May and I reported the same. My account was drained of cash within the next 24 hours.”

Both of the cases of bank fraud were done through online transactions. And fraud cases are increasing.

High School students arrested for hacking school network

The principal of San Dimas High School in southern California said that two students studying in the school had been arrested for hacking the school network and changing grades of around 120 people.

The Cyber Crimes bureau of the Los Angeles Sheriff's Department is working closely with the school to investigate how the unauthorized access of the school network could have taken place.

 "We are very confident that we have the ability to restore all of the impacted scores. Teachers have been contacted and will be reviewing their student's grades for accuracy," said Principal Michael Kelly.

This is not the first recent incident in California after a student of Dixon High School in north California was also arrested earlier for unauthorized access to his school network.

Students whose grades were changed were interviewed by the authorities and some of them were suspended while the grades of all are being reverted back.

The teachers will be reviewing the grades again to make sure that the original grade is given to each student.

Two men, who developed Photobucket hacking software, charged with conspiracy and fraud

Two men were arrested on April 8 in the charge of conspiracy and fraud after breaching computer services of Colorado-based Photobucket, a company that runs an image and video hosting website, according to a statement by U.S Department of Justice (DoJ).

Brandon Bourret (39), from Colorado Springs, and Athanasios Andrianakis (26), from Sunnyvale, California, were arrested at their homes for hacking the system and sold passwords and access to private information on a photo-sharing website.

U.S. Attorney John Walsh for the District of Colorado (DoC) and Thomas Ravenelle, special agent in-charge for the Denver Division of the Federal Bureau of Investigations (FBI) announced that the two persons developed and sold a software application that allowed users to get through the privacy settings on Photobucket, which has more than 100 million registered users.

According to the statement, application users could secretly access and copy password-protected information and images without any permission from Photobucket's users.

“It is not safe to hide behind your computer, breach corporate servers and line your own pockets by victimizing those who have a right to protect privacy on the internet,” said U.S. Attorney Walsh in the statement.  The U.S. Attorney’s Office is keenly focused on prosecuting those people for their theft -- and for the wanton harm they do to innocent internet users.”      

“Unauthorized access into a secure computer system is a serious federal crime,” said Ravenelle in the statement.  The arrest of Brandon Bourret and his co-conspirator reflects the FBI’s commitment to investigate those who undertake activities such as this with the intent to harm a company and its customers.”

According to the statement, Bourret and Andrianakis both face one count of conspiracy, which carries a penalty of up to five years in federal prison and a fine of up to $250,000. They also face one count of computer fraud, which carries the same maximum penalty and less than five years in federal prison.

Similarly, they face two counts of access device fraud, which carries a fine of up to $250,000 and not more than ten years in federal prison, per count.

In addition, the U.S. Attorney’s Office and the FBI appreciated Photobucket for its cooperation from the inception of the investigation and thanked for its continued assistance as both the investigation and prosecution moves forward.


This case is being prosecuted by Assistant U.S. Attorney David Tonini.