Alleged "NullCrew" Hacker arrested by FBI

FBI has arrested a 20-year-old Tennessee man for allegedly conspiring to launch cyber attacks on a number of businesses and educational organizations.

Timothy Justin French, known online as 'Orbit', is believed to be part of the famous hacking group "NullCrew".  The group is best known for its hacking attacks against World Health Organization and PBS.  Earlier this year, the group also hacked into Bell Canada website.

According to the DOJ, the FBI with the help of 'confidential witness' approached members of the Nullcrew Team on Skype, Twitter and CryptoCat.

After gaining their trust, Fed's inside man engaged them in conversations that includes discussions on past,present and future attacks and their hacking techniques.

The FBI used the information gathered by witness to track the IP address of one of the computers used in some of the NullCrew attacks.

"The computer hacking charge in this case carries a maximum sentence of 10 years in prison and a $250,000 fine. If convicted, the court must impose a reasonable sentence under federal statutes and the advisory United States Sentencing Guidelines."

Two Anonymous hackers arrested by Australian Police

After a lengthy investigation, two people believed to be members of Anonymous hacker group have been arrested for allegedly hacking into government and corporate websites.

Police says a 40-year-old man from Western Australia has been charged with hacking into Melbourne IT Ltd's computer network in Brisbane and Indonesian government web servers, Australian Broadcasting Corporation reports.

The 18-year-old man from Penrith was charged with hacking into NetSpeed ISP located in Canberra and ACT Long Service Leave Authority.

These two were reportedly involved in several cyber attacks which includes modifying the content of websites and disrupting access to many websites by launching Distributed Denial of service(DDoS) attacks.  These attacks date back to 2012.

A number of computer hard drives and other computer equipments from the suspects' house have been seized by Police.  

Two Students arrested for hacking into School System to change Score

Two students from a college in Shanghai's Songjiang District have been arrested for allegedly breaking into their school's computer systems to change their grades.

The college students named Chen and Zhang didn't attend the morning physical education class regularly.  So, they decided to break into the college's system and change their scores in December 2013.

After students heard about their successful effort, other students turned to them for help.

According to Shanghai Daily report, they charged 15 yuan to 20 yuan for each change they made in school's database.

They earned more than 80,000 yuan(more than $12,000) by helping over 200 students.

The school noticed the false records in March and fixed the vulnerability that allowed them to change the scores. 

18-year-old Miami Student arrested for hacking school computer to change grades


Hacking School's computer network and changing the Grade is not the right way to get good Grades

A 18-year-old Miami High School student was arrested after he allegedly hacking into the Miami-Dade Public Schools database to his grades and grades of four other students.

Jose Bautista, was charged with multiple counts including intellectual property offence and offense against computer users, after he reportedly gave Princiapal a written confession.

He was released on a $20,000 bond.  Judge ordered him to place him under house arrest and wear a GPS tracking device.

"It's not fair to the people that really try," said Mayan Dehry, a senior student at the school."I don't know, if you're just going to be lazy and then change your grades, that's not what learning is about."

Hacker arrested for exploiting HeartBleed vulnerability to steal information

A 19-year-old computer science student has been arrested by the Royal Canadian Mounted Police (RCMP) and accused of stealing personal data by exploiting the "HeartBleed" vulnerability.

HeartBleed, the bug that left the Internet vulnerable, is a recently uncovered security flaw in the popular open-source encryption library(OpenSSL) which allows attackers to read memory of the server running vulnerable OpenSSL - means attacker can steal sensitive information.

Stephen Arthuro Solis-Reyes from London, Ontario, accused of exploiting HeartBleed bug to steal sensitive information from servers of the Canadian Revenue Agency(CRA), according to RCMP.

During the Police raid, his computer was seized by Canadian police.  He is scheduled to appear in court in Ottawa on July 17.

The arrest came after CRA announced that someone exploited the HeartBleed bug to steal 900 Social Insurance numbers of taxpayers.  The agency had shut down its site temporarily to prevent further attacks.

"The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible." Assistant Commissioner Gilles Michaud said in a statement.

"Investigators from National Division, along with our counterparts in “O” Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners".

9 charged for stealing millions of dollars with Zeus Malware

The Zeus malware is one of the most damaging pieces of financial malware that has helped the culprits to infect thousands of business computers and capture passwords, account numbers and other information necessary to log into online banking accounts.

U.S. Department of Justice unsealed charges against nine alleged cyber criminals for distributing notorious Zeus malware to steal millions of dollars from bank accounts.

Vyachesla V Igorevich Penchukov, Ivan Viktorvich Klepikov, Alexey Dmitrievich Bron, Alexey Tikonov, Yevhen Kulibaba, Yuriy Konov Alenko, And John Does are charged to devise and execute a scheme and artifice to defraud Bank Of America, First Federal Savings Bank, First National Bank Of Omaha, Key Bank, Salisbury Bank & Trust, Union Bank And Trust, And United Bankshares Corporation, all of which were depository institutions insured by the Federal Deposit Insurance Corporation.

They are also accused to use Zeus, or Zbot, computer intrusion, malicious software, and fraud to steal or attempt to steal millions of dollars from several bank accounts in the United States, and elsewhere.

It has also been reported that defendants and their co-conspirators infected thousands of business computers with software that captured passwords, account numbers, and other information necessary to log into online banking accounts, and then used the captured information to steal millions of dollars from account-holding victims' bank accounts.

Account holding victims include Bullitt County Fiscal Court, Doll Distributing, Franciscan Sisters Of Chicago, Husker Ag, Llc, Parago, Inc., Town Of Egremont, And United Dairy...


They have also been given notice by the United States of America, that upon conviction of any defendant, a money judgment may be imposed on that defendant equal to the total value of the property subject to forfeiture, which is at least $70,000,000.00.

The United States of America has also requested that trial of the case be held at Lincoln, Nebraska, pursuant to the rules of this Court. The Metropolitan Police Service in the U.K., the National Police of the Netherlands’ National High Tech Crime Unit and the Security Service of Ukraine are assisting the investigation.

Black Hat hacker Farid Essebar arrested in Thailand


An infamous international computer hacker Farid Essebar has been arrested on Tuesday in Thailand, at the request of Swiss authorities.

Essebar, also known as Diabl0, 27 year old, who has dual Morocco-Russia nationality, was detained in Bangkok, according to the local news report.

He has been arrested on suspicion of taking part in a cyber crime which involves cracking banking systems and hacking online banking websites.  The breach was resulted in damage of $4 billion to customers in Europe in 2011.

Thailand will send the suspect to Switzerland within next 90 days.  Police are reportedly searching for two other gang members who involved in the breach.

This is not the first time he is being arrested.  In 2006, he was sentenced to two years in prison.  He was accused of spreading Zotob computer worm.  CNN, ABC News, United Parcel service, NY Times and US Depart. of Homeland Security were among those affected by this worm.

Two Students hacked Data InfoSys website to recharge mobile phones worth Rs.8 Lakh

Two Information Technology(IT) students have been arrested by Jaipur cyber crime police for hacking Data InfoSys e-processing system and fraudulently recharging BSNL mobile phones.

Kulshrestha Varma and Hardik Sud, both 19-years-old, students of APG University in Shimla, managed to recharge more than 500 mobile phones, causing loss of Rs.8 Lakh for the Data infosys.

According to Times of India, the students have used a public Internet cafe to breach the Data InfoSys' website.  These two kids might have thought that police can't catch them, if they use a cyber cafe.

The company became aware of fraudulent recharges at the end of last year and filed a complaint in cyber police station back in December 3rd.  Police took 75 days to crack the case.

Police has arrested and brought them to Jaipur on a transit remand.  The police suspect involvement of several other people in this cyber crime.   

Russian Hacker Rinat Shabayev admits to be creator of BlackPOS Malware



Last week, cyber security firm IntelCrawler named the 17-year-old Russian "Sergey Taraspov" as creator of the BlackPOS Malware which was used in the Target data breach.

After further investigation, the company update its report saying that 23-year-old Russian hacker named "Rinat Shibaev" is the original author of this malware and Sergey is member of technical support team.

In an interview with Russian news channel LifeNews, Shibaev has admitted that he had developed the BlackPOS(also referred as Kaptoxa) malware.

The hacker says he just took readily available program and developed it with additional features.

He allegedly got help in developing the malware from an unknown person whom he had met online.  However, he said that he doesn't even know in which country the person lives.

The hacker also said that he created it for selling it to others, not to use the application by himself.

Former Natwest Bank clerk jailed for helping fraudsters


A former NatWest Bank clerk has been sentenced to four years in jail for helping fraudsters to gain access to the Bank computers in an attempt to steal over £1 million.

Hans Patterson-Mensah, 24 year old, allowed fraudsters to enter into customer interview room at one of Natwest Branches in Sep. 2012.

The fraudsters managed to install KVM("keyboard, video and mouse) switch into a computer.  The device gave the criminal access to the bank's internal system.

The criminals managed to change some records to make it look like the target person has deposited £1m in their account.  The crooks then withdraw money from that account.

However, Bank staff spotted that something was amiss when they conducted an end-of-day audit.  They managed to recover most of the money(£6,000).

Former Purdue University Students plead guilty to hacking computers to change grades


Two Former Purdue University Students who were not smart enough to get good grades in exams chose a wrong way to change their grades.

The students have managed to place the Hardware Keylogger in the professor's computer in order to steal his account password.  The stolen credentials were later used for accessing professor account to change their grades.

Roy C. Sun changed nine F's and one incomplete to straight A's.  Sujay Sharma changed one grade from 'D' to an 'A', The Journal & Courier reports

Sun and Sharma are scheduled to be sentenced at the end of February.

One more student, Mitsutoshi Shirasaki, who is suspected of changing 24 grades between May 2010 and Dec. 2012 is still wanted and said to be in Japan.

Eight more arrested in Spain for role in the $45 million global ATM cyber heist

Six Romanians and Two Moroccans have been arrested in Spain for allegedly  participating in the massive global ATM cyber heist that stole $45 million from two banks.

The eight people are said to have stolen $392,000 in 446 withdrawls using the faked cards at ATMs in Madrid in February.  The Spanish authorities seized around $34,470(€25,000), jewelry, 1000 new cards and computers.

In February, the criminals managed to steal more than $45 million from a number of countries in just a few hours.

An individual said to be the leader of the network was arrested in Germany.  He is allegedly the one who hacked into the Credit card processing companies' database server and disabled security features such as the withdrawal limits.

Eight People were arrested and charged in New York in May and Six further people were arrested in New York last month.

Russian President website hacker sentenced to 18 months probation


A Russian hacker from Tomsk city has been sentenced to 18 months probation for hacking the Russian President website last year. 

The unnamed hacker carried out a cyber attack on the official website of the Russian President in May 2012.  The attack led to difficulty in accessing the website resources and information blocking.

"A criminal case was opened against the hacker, who was charged with the creation, use and dissemination of harmful computer programs"

According to the Voice of Russia report, the hacker admitted his guilt.  The court ordered him not to move from the city for next 18 months.

Anonymous hacker charged for hacking Singapore PM website


 A 27 year old Singaporean has been charged for hacking into the Singapore Prime minister's website and deface it.

Mohammad Azhar bin Tahir, charged for modifying the contents of PM's website (www.pmo.gov.sg) on Nov 7, causing it to display a message with an Anonymous mask picture.

The hacker also faces nine other unrelated-charges which includes hacking into and changing the Wireless network password belong to a person Nadia Binte Ali Khan.

In fact, the Prime Minister's website is not actually hacked; the hacker just exploited the 'Reflected' XSS vulnerability and managed to display the defacement message.  It is non-persistent that means visitors of the site won't be able to see the defacement, only those who visit crafted-link.

Defacement exploiting Reflected XSS vulnerability

Azhar's 21-year-old brother, Mohammad Asyiq Tahir, also faces 6 charges under Computer Misuse and Cybersecurity Act. One was for hacking Ridhwan's ex-girlfriend's facebook account.

Last month, James Raj Arokiasamy who is said to be the Anonymous hacker with handle "The Messiah", charged for hacking into Ang Mo Kio Town Council website.

14 alleged RedHack and Anonymous hackers referred to court


A total of 14 alleged members of Turkish hacktivist RedHack and Anonymous hacktivists have been detained.

The Word Bulletin reports that suspects were referred to the Ankara Courthouse on Monday.  The operation is against the RedHack group which is being labeled as a criminal organization by Turkish Government.

The Ankara Police Department's Cyber Crime Units arrested alleged hackers from various locations including Ankara, Kahramanmaraş, Bursa, Mersin.

The suspects are accused of being part of hacking attacks against Government and individuals and disclosing confidential information.

However, the RedHack group says none of the arrested people are part of their group.

"All those arrested are not known to us. Every single one in our team is safe. Fascist gov't of Turkey continues it's scaremongering to + "The tweets posted by the hacker group reads.

"they are trying new tactics to cut the support to RedHack. But what they don't realise is that #RedHack have become the RedPeople Now"

*UPDATE: The suspects released by court 
14 Turkish people including one actor "Barış Atay" who are accused of being member of Redhack hacker group have been released by the Ankara Court, according to the Turkish local news report.

Cyber criminals convicted of stealing more than £1 million using Fake job ads

Organized criminal network of five men and one woman have been convicted for stealing more than £1million from job hunters using fake job advertisements.

The members of the criminal are Adjibola Akinlabi (aged 26), Damilare Oduwole (26), Michael Awosile (27), Nadine Windley (26) and Temitope Araoye (29) and a malware writer "Tyrone Ellis (27)".

The evidence gathered by authorities including phone and online chat records shows that they made more than £300,000 from their fraud scheme. However, the officers believe it could be much higher , possibly more than £1million ($1.6m).

According to the National Crime Agency report, the fraudsters targeted innocent job hunters with fake job ads. Those who responded to the ads were sent a link via email asking them to complete an application form. Once the user clicks the link , it inadvertently install malware in victim's system.

The malware is capable of recording keystrokes and capturing victim's financial and personal data.

The compromised information is used by the fraudsters to get a new credit and debit cards, pin numbers.

The crooks will remain in custody and expected to be sentenced on Thursday 14 November.

Paunch, creator of infamous BlackHole Exploit kit arrested in Russia


A man alleged to be the creator of infamous BlackHole exploit kit has been arrested by Russian authorities.

Maarten Boone, a security researcher at Fox-IT, was the first person who broke the news in his tweet saying " Blackhole exploit kit author 'Paunch' and his partners arrested in Russia".

However, there were no more information from Boone.  Jerome Segura at MalwareBytes pointed out that the encryption service used by Blackhole (crypt.am) is down.

Troels Oerting, head of the European Cybercrime Centre, an arm of Europol, has confirmed to TechWeekEurope an arrest had been made, the details of which were given to the organization.

“I know it is true, we got some information, but I cannot say anymore,” Oerting told TechWeek.

Hacker hijacked webcams to capture naked images of women

A 19 year old Hacker, Jared James Abrahams from Temecula charged with hacking webcams to capture nude photos of Miss teen USA Cassidy Wolf and several other women and then blackmailed them for more.

The hacker used 30 to 40 computers to carry out his crimes. He allegedly forced an Irish girl and a Canadian woman to strip,according to Los Angeles Times report.

He is accused of contacting the victims from two hacked AOL accounts and attempting to blackmail them by threatening to expose their nude photos across the internet.

The report says one of the victims is a minor who responded to his blackmail saying "Please remember I’m 17. Have a heart".

But, Abrahams allegedly responded saying " I'll tell you this right now! I do NOT have a heart. However, I do stick to my deals. Also age doesn’t mean a thing to me!!!"

Four men charged over Santander Bank Cyber Heist

Four men have been charged out of twelve suspects over cyber plot to steal money in Santander bank of London.

Eight men have been released on bail until mid-November pending further inquiries.  The charged suspects are Lanre Mullins-Abudu, 25, Dean Outram, 34, Akash Vaghela, 27, and Asad Ali Qureshi, 35, the Mirror reports.

Scotland Yard representative have reported that this was one of the most sophisticated case ever.

Police found a device fitted to a computer in a branch of the bank in Surrey Quays in London's Canary Wharf financial district.  They have reported that the device might have allowed them to download or access data from the computer.

Santander representative have affirmed that none of their employees are involved in the case.  The bank has also reported that the plot failed and that “no money was ever at risk.”

College Student Sentenced for stealing passwords to rig Campus Election

Matthew Weaver, a former Cal State San Marcos student was sentenced one year of prison for stealing almost 750 students password and using 630 of those accounts to cast the ballots.

22 years old Mr. Weaver was a third year business student when he planned to win election as president of the school's student council.

A month before the election Weaver bought three keyloggers.Authorities reports that Weaver installed keyloggers on 19 school computers to steal the passwords.

It has also been reported that he had done a bit of research with computer queries such as “how to rig an election” and “jail time for keylogger.” (utsandiego news reports)

According to a report, Weaver had planned the plot in early 2012. Authorities have found a PowerPoint presentation on his computer about the stipends for the president.

The plot unveiled when in March 2012, the last day of the four voting period, when computer analysts found anomalous activity on one of the college lab computers and they also received an email from a student complaining that the system didn't allow her to vote.

It was then that the technicians called campus police, who found Weaver at the school computer. He had keyloggers with him and was arrested.

After getting caught, Weaver with one of his friend created fake facebook ids for different students and indirectly mentioned a plot against him.
“He’s on fire for this crime, and then he pours gasoline on it to try to cover it up,” the judge reportedly said during Monday’s sentencing hearing.

The school held another election and cleaned security breach at a cost of more than $40,000, which the schools want back.

Meanwhile Mr. Weaver pleaded guilty to three federal charges, including wire fraud and unauthorized access to a computer and is under one year prison sentence.