Search This Blog

Showing posts with label Hackers Arrested. Show all posts

Cyber police in Ukraine caught hackers who hacked tens of thousands of servers around the world


Cyber police in the Kharkiv region exposed members of a criminal hacker group who purposefully carried out attacks on private organizations and individuals to illegally gain access to their remote servers. It is established that in this way they managed to hack more than 20 thousand servers around the world.

According to employees of the Department for Combating Cybercrime, the attackers sold the hacked accesses to customers. In addition, law enforcement identified all members of this group. So, it included three Ukrainian and one foreigner. All of them were well-known participants of hacker forums and carried out orders hacking remote servers located in the territory of Ukraine, Europe and the USA.

Cyber police found that the criminal group had been operating since 2014. Its participants carried out bruteforce attacks on private enterprises and individuals. They used for attacks specialized software that exploited vulnerabilities of Windows-based servers.

It is known that attackers sold some hacked servers to other hackers who used the acquired information for their own purposes, for example, they demanded money from a victim or threatened to debit money from bank cards.

They also used part of the servers for their own purposes: creating botnets for mining, DDoS attacks, installing software command centers for viruses like Stealer, turning them into tools for conducting brute-force attacks on new network nodes.

Cybercriminals received income from their illegal activities on e-wallets. Almost $80,000 was found in some accounts.

To coordinate the actions of all members of the international hacker group, communication between them took place through hidden messengers.

Cyber police together with investigators of the Kharkiv region police conducted searches of the places of residence of the persons involved in the international hacker group. Computer equipment, additional media, draft records, mobile phones and bank cards that were used to commit crimes were seized.

Romanian cybercriminals sentenced to 20 years in prison for developing malware


Two Romanian citizens were sentenced to imprisonment for the development and operation of the Bayrob malware, which infected more than 400 thousand computers, and theft of confidential information.

Back in 2016, three members of the hacking group Bayrob were extradited to the US. Law enforcement officers told that citizens of Romania Bogdan Nicolesku aka Masterfraud, aka mf, Danet Tiberiu aka Amightysa, aka amy and dRadu Miclaus aka Minolta, aka min since 2007 engaged in fraud and development of malware, and then their business became a large botnet, which was also involved in cryptocurrency mining.

According to authorities, during the years of activity, the group stole more than four million dollars from its victims, but Symantec analysts, who helped law enforcement agencies to stop the group's activities, reported that in fact, the damage from the actions of Bayrob could be more than $35,000,000.

Bayrob malware was conceived as a tool to steal email addresses from the target computer and then send infected messages to users. Cybercriminals managed to infect and hack more than 400 thousand computers. The attackers registered more than 100 thousand email accounts to send 10 million letters to the collected addresses. The defendants also intercepted requests to Facebook, PayPal, eBay and other websites and redirected victims to similar domains in order to steal their data.

So, if in 2007 about 1000 cars were infected with Bayrob, by 2014 their number increased to 50,000, and by 2016 it exceeded 300,000 altogether.

All three suspects were charged in 2016, but the case came to court much later. At the end of last week, the website of the US Department of Justice reported that Nicolesku and Tiberiu were sentenced to 20 and 18 years in prison.

The Russian Embassy in Washington sent a note of protest to the State Department


The US Department of Justice has confirmed the extradition of Russian hacker Alexei Burkov from Israel. Accused by Americans of credit card fraud, a Russian citizen has already appeared before a federal judge in Virginia. Burkov faces up to 80 years in prison. The Russian Foreign Ministry sent a note of protest to the State Department, soon the consuls will be sent to the Russian citizen.

"In connection with the extradition of the Russian citizen Burkov from Israel to the United States, we have taken a decisive demarche regarding the “hunt” unleashed by Washington for our citizens around the world. In the note sent to the State Department, we demanded strict compliance by the American side with existing bilateral obligations," reported the press service of the Russian diplomatic mission.

The Embassy noted that Russian diplomats "will soon visit a compatriot in a pretrial detention center in Virginia."

Earlier, the US Department of Justice said that according to court documents, Burkov allegedly ran a website called Cardplanet that sold payment card numbers, many of which belonged to US citizens.
"Stolen data from more than 150,000 payment cards were allegedly sold on Burkov's website and led to fraudulent purchases made from US credit cards worth more than $20 million," stated the US Department of Justice.

It is noted that if Burkov is found guilty on all counts, he faces up to 80 years in prison.
Earlier, Russian President Vladimir Putin proposed to exchange the Israeli woman, who has dual citizenship — Israel and the United States. She was sentenced to 7.5 years in prison for smuggling hashish. Putin discussed the case with the Prime Minister of the Jewish state, Benjamin Netanyahu. However, he refused to make such an exchange.

Recall that Burkov was detained at the airport in Tel Aviv in 2015 when he came to Israel on vacation. He was later charged with crimes in the sphere of cybersecurity. He calls himself an information security specialist and denies the charges of committing the crimes imputed to him. All the time since the arrest he spent in Israeli prisons.

It is worth noting that Alexei Burkov will not be the first Russian convicted in the United States, whose return will be required by the Russian Foreign Ministry.

The Russian security guard arrested for stealing login credentials of Gamers and selling them


The court began consideration of the case of a hacker from Novosibirsk, who was engaged in the theft of credentials gaming accounts right at the workplace in the Novosibirsk State Agrarian University, where he worked as a security guard. Data was subsequently sold over the Internet. The security guard was engaged in this activity not less than half a year.

31-year-old former employee of a private security company for six months combined his hacker activity with work as a university security guard, this continued until January 2019. According to the materials of the case, the man downloaded hacker programs for stealing logins and passwords for popular gaming platforms, including Steam and the Rockstar Games and Electronic Arts services.

The hacker sold the received data through the FunPay electronic exchange. The investigation was unable to establish the exact number of hacked accounts, but tracked the payment received by the hacker on the site. However, the business did not have high profitability, since in six months the hacker was able to earn only about 1.7 thousand rubles ($26).

The security guard was caught by the FSB officers, calculating the origin of computer attacks by IP-address. The accused has fully admitted his guilt. Prosecutor's office demands for him two years suspended sentence, without payment of a fine.

It is worth noting that this is not the first time in recent years, when a hacker appears in court in the case of hacking accounts with special software. For example, in June 2019, a hacker from Chelyabinsk was sentenced to 10 months in prison for hacking personal accounts of users in payment systems and accounts in social networks with the help of malware. But the hacker did not manage to steal money from the victims.

Hacker from Samara city sentenced for Creating and Selling Malware


Sergei Materov, a 42-year old hacker from Samara, the sixth largest city in Russia, has been sentenced at the Prikubansky District Court of Krasnodar for creating and distributing malicious computer programs , under part 2 of article 273 of the Criminal Code of Russian Federation.

According to the local news report, the malware created by him were capable of neutralizing security solutions installed and steal, modify, block and destroy information on the infected computer.

The convict came to Kuban to earn money. He started to do freelance software development from home. He also posted advertisements on the Internet in which he offered software development for computers.

An unnamed person responded to his ads and paid him 6800 Rubles for developing two malicious programs.

Materov was detained by the FSB officers and later sentenced to one year and three months imprisonment.

- Christina
 

Russian Citizen suspected of cybercrime was arrested in Estonia



A 20-year-old Russian IT programmer is suspected of cyber espionage. He was traveling from Estonia to Russia and was detained at the border crossing in Narva.

According to the local media, the Estonian Security Police(KaPo) allowed the suspect to work for some time unhindered, as a result of which he was linked to the Security Service of Russian Federation.

Authorities said that he is a member of the FSB and was preparing a mass cyber attack on the computer systems of the Estonian State Institutions. According to them, the Russians was trying to make some device or computer program with which he can get access to local computer systems.

Elena Vladimirovna, mother of the suspect, told media that it is completely unexpected for her since her son was never seen in any unlawful actions.

"Of course, I hope that everything will end well and we will be able to prove his innocence." Elena was quoted as saying by Local Media Sputnik. "However, the services of a good lawyer cost a lot of money, which I do not have. Perhaps, the Russian embassy will be able to help us in some way, but I will not let my son to Estonia again never"

The Russian Embassy in Estonia is ready to help. The Embassy asked Estonian Foreign Ministry to give permission to meet the arrested person.

A criminal case has been instituted against the suspect under article 233 of the Penal Code of the Republic of Estonia "Non-violent acts of an alien directed against the Republic of Estonia" and article 216 "Preparing a computer crime". He faces up to 15 years in prison, if convicted.

- Christina

Russian hackers stole 60.5 million rubles using malware

According to the Ministry of International Affairs of Russian Federation, two natives of the Sverdlovsk region stole more than 60.5 million rubles from Petropavlovsk-Kamchatsky (center of Kamchatka Krai) Bank and another commercial organizations.

Irina Volk, official representative of the MIA, said that hackers were able to access the computers of the affected organizations using Malware.  Stolen money was transferred to the Bank accounts of front organizations and cashed.

Criminal cases of illegal access to computer information and cybercrime will be heard soon. According to the first case, hackers can face up to five years imprisonment. According to second, they can face up to ten years with a fine up to one million rubles.

It is known that they have another partners. The investigation against hacker group continues.

According to Ilya Sachkov (CEO and founder of Group-IB), 100% effective safeguards against cyber attacks does not exist, but every organization can reduce the risks and improve protection of banks. The most important thing for organizations is creation their own Information Systems and Security Division.

- Christina

Trial Of a Group Accused Of Hacking Transport Card System "Troika" To Resume On September 12



Trial of Russian hackers who are accused of hacking transport card system "Troika" and other transport cards is postponed from 31 August to September 12. The accused are Denis Kazmin, Yury Putin and Pavel Andryushin.

The group bought the details of the Turnstiles (like in metro) for the creation of malicious software. After studying the working process of Turnstiles, they developed a program in Object Pascal Programming language, namely "Terminal.exe" "ATMega128_BackDoorBootLoader.asm".

The program allowed them to get information of the carrier, memory dumps and access keys from the Turnstiles located at one of the Moscow station. The information were used for adding money to transport card and sold the card.

The hackers may receive 3 to 4 years of imprisonment

Experts were surprised, according to them, transport card fraud is a rare, because in this way you can not earn big money. The whole damage amounted to 2 million rubles.

It's interesting to note that in May 2016 another Russian researcher Igor Shevtsov did research and wrote an article(https://habrahabr.ru/post/301832/) about a critical vulnerability of transport card "TROIKA".

He explained how to fake balance of the card and how travel on public transport for free.  It took him 15 days, he used Android smartphone with NFC chip. He also created an android application TroikaDumper to exploit the vulnerability. The Representatives of Moscow metro contacted with the researcher and fixed the vulnerability after few days. The article written by Shevtsov is now removed.

- Christina
 

Two Israeli Teenagers arrested and charged for selling DDOS Service


Two Israeli teenagers from Sharon region were formerly arrested after eighteen months of investigation.

The Israelis are responsible for thousands of cyber attacks around the world, causing damage estimated in more than million dollars.

According to local news report, they have created a Shell company in England and sold Distributed Denial of Service (DD, OS) attack as service.

"In January of 2016, a covert investigation was opened against the suspects who set up and managed a website called vdos-s[dot]com, which sold packages created to cause the servers to crash," police told local news report.

The DDOS attack is used for disrupting access to the victims' websites. Price of the "attack pacakge" offered by them was ranged from 19.99 $ to $ 499,99.

More than two million cyber attacks were conducted in the United States, England, Holland and Sweden, causing multi million-dollar losses. Suspects earned above 613 thousand dollars. The money was seized after Bank accounts were identified and frozen.

- Christina

Gozi Banking Trojan Creator pleads guilty

Creator of Banking Trojan 'Gozi' admitted his crime and is now awaiting sentencing.

Gozi is a trojan seen in action for quite some years now, and was first reported in 2007. It is a genuine threat to bankers and online banking in general as it has been separating people from their fortune.

In 2013, few men were arrested under the charges of operating the Gozi. Finally one of them, Deniss Calovskis, 30, has admitted committing the felon and pleaded guilty. Calovskis was held responsible for writing some of the codes for the trojan, according to a statement put out by the FBI in 2013. The agency said that the Latvian coder user the moniker 'Miami' in the web world, was arrested on suspicion of authorship for the code in his country in November 2012.

It was said and confirmed, that his codes misled people into thinking that they were on official banking sites.The US authorities were quite flabbergasted with the gang and the malware that provided the dark economy with "tens of millions of dollars". The rest of the gang are Russian Nikita Kuzmin and Romanian Mihai Ionut Paunescu. Reuters reported that the former admitted her crime in 2011, and that the latter is subject to extradition attention.

"This long-term investigation uncovered an alleged international cybercrime ring whose far-reaching schemes infected at least one million computers worldwide and 40,000 in the US, and resulted in the theft or loss of tens of millions of dollars," said FBI assistant director in charge George Venizelos."Banking trojans are to cyber criminals what safe-cracking or acetylene torches are to traditional bank burglars, but far more effective and less detectable. The investigation put an end to the Gozi virus."

Six teenagers arrested for using Lizard Squad's DDoS service


(PC- google images)
Six teenagers were recently arrested and later bailed on account of using the hacking tools of a certain Lizard Squad to breach softwares and websites, which included gaming companies, school servers and even newspapers.


The teenagers, aged between 15 to 18 and all male, were arrested during an operation by the UK police in search of hackers using the Lizard Stresser tool that allows the user to send spam to system and facilitate the denial of service (ddos) attack, which makes the website unavailable to the real time visitors.

In the past, such ddos attacks have caused both reputational and financial damage to services provided by big business giants like Sony to even government websites, while these attacks interrupt the smooth functioning for a time interval that starts from a few hours and can last till weeks.

This tool was effectively used by the Lizard Squad in December 2014, to interrupt the online gaming services of Microsoft’s Xbox Live and Sony’s PlayStation Network. The tool is available in the market and can acquiring it can make a normal person into a potential hacker who can then select their targets according to their will.
The UK police arrested the teenagers with the help of the National Crime Agency(NCA), while they were trying to pay anonymously for the tool using BitCoin. However, none of the six teenagers have been confirmed to be a member of the Lizard Squad.

Tony Adams of NCA’s cybercrime unit, explained that by a small amount, a person can acquire the Lizard Stresser that can ruin big businesses and make access to information a deliria for the public. He further added that the arrest was made under an operation named ‘Vivarium’, and that the teenagers were operating from all across UK.


A member of Lizard Squad was arrested in Twickenham in December for their involvement in cyber attacks, while a further member was arrested in May for pranking armed police. However, the hacking group’s tool remains available, despite its site being hacked revealing customers’ details.

20-year-old student pleads to making spy app for Android phone



A 20-year-old student of Carnegie Mellon University has pleaded guilty to developing and selling malicious software that allowed others to remotely control Google Android phones, including using the phones' cameras to spy on their owners.

Morgan Culbertson, a resident of Churchill, could face up to 10 years in prison and $250,000 in fines when he is sentenced Dec. 2.

However, it is unclear that how many phones were actually infected by malicious software after his court appearance before a federal judge in Pittsburgh.

It is said that if anyone’s phone gets infected from the app, it can remotely control by others and used to spy and secretly take pictures without the phone owner's knowledge. It also records calls, intercept text messages and otherwise steal information the owners downloaded on the devices.

According to a news report published in IndiaToday, he is one of 12 people charged by U.S. authorities, and the fourth to plead guilty so far, in the worldwide takedown of the Darkode.com cybercriminal marketplace.

Almost 70 other people have been targeted for allegedly using the cybercriminal marketplace where hackers bought and sold malicious software.

"I committed the crime, so I am responsible," Culbertson said after pleading guilty, according to the Pittsburgh Tribune-Review. "I understand what I did was wrong and I take full responsibility. I would like in the future to use may skills to help protect people."

Assistant U.S. Attorney Jimmy Kitchen said that Culbertson worked online with a man identified only as "Mike from the Netherlands" to create Dendroid, the malware that was secretly linked to Android phone apps available for purchase through Google Play.

Russian hacker's profit frozen after manipulating Australian stockmarket


The New South Wales Supreme Court has restrained more than $77,000 of a suspected Russian hacker, who manipulated penny stocks on the Australian share market.

The joint operation by the Australian Securities and Investments Commission (ASIC) and Australian Federal Police (AFP) investigated a series of suspicious trades in cheap “penny stocks”.

After the operation, “Operation Emerald”, the investigators targeted the suspected Russian hacker , who manipulated market through an overseas account that traded through Morgan Stanley Australia.

ASIC’s surveillance team  spotted the suspicious trades in between August and October last year.

According to the ASIC,the trades were made through hacked retail clients account, and they targeted 13 penny stocks.

ASIC commissioner Cathie Armour said that they will continue to “help smash” any criminal activity targeting the Australian market.

“[ASIC] staff continue to monitor and detect suspicious trading activity and work with market participants to ensure account hacking is swiftly identified and stopped,” Ms Armour said.

Penalty of up to 10 years in jail for manipulating the market.

Three Estonian men sentenced for internet fraud by US court

Manhattan federal court has sentenced over three years imprisonment to three Estonian men for their involvement in an Internet scheme that infected more than 4 million computers in over 100 countries.

U.S. District Judge Lewis A. Kaplan said that, "It's hard to pick up a newspaper this summer without reading about another one." Justifying his decision he said it was important to impose tough sentence.

Timur Gerassimenko, 35, was sentenced to four years, Dmitri Jegorov, 37, got 3 2/3 years and Konstantin Poltev, 31, received 3 1/3 years for their roles in an internet  fraud.

According to the government, Gerassimenko was the main culprit behind this fraud, he hired programmers, Jegorov as the lead network administrator while Poltev as the public face of the enterprise.

When the men were arrested in Estonia, Gerassimenko was ordered to forfeit $2.5 million while Jegorov and Poltev were each told to forfeit $1 million. All three of them  apologized for their crimes before they were sentenced.

The fraud has affected computers belonging to government agencies such as NASA, along with educational institutions, nonprofit organizations, businesses and individuals.

The malware scheme that was  carried out with co-conspirators in Russia and Ukraine, cost NASA more than $65,000 in repairs.

All three men sentenced Thursday are serving sentences in Estonia for similar crime.

Vietnamese Hacker who stole identities of 200 million American, sentenced to 13 years

After breaking into the computers of several business entities and stealing the personal identification information of over 200 million Americans, a Vietnamese hacker has finally been sentenced for 13 years in prison.

The Department of Justice on Tuesday, released a report announcing that Hieu Minh Ngo, 25, bagged $2 mn from hacking and stealing the personal identification and selling it to other cyber criminals.

A District Court in New Hampshire finally sentenced Ngo on Tuesday for various fradulent charges, as reported by the Financial Times. Ngo was arrested in february 2013, soon as he entered America.

Back in his home in Vietnam, Ngo was active from 2007 till 2013, for breaking into computer systems and stealing identifiable information like Social security numbers, credit card details, bank account, phone numbers, and advertising about the data on his websites, from where the fellow hackers used to buy the information.

A press release by the Justice Department specified that 'Ngo admitted that he offered access to PII (personally identifiable information) for 200 million U.S. citizens, and that more than 1,300 customers from around the world conducted more than three million "queries" through the third-party databases maintained on his websites'.

The Internal Revenue Service stated that the information sold on Ngo's website to other hackers was used to file income tax returns for more than 13000 people, who saw $65 million returned on their behalf.

'Criminals buy and sell stolen identity information because they see it as a low-risk, high-reward proposition,' Assistant Attorney General Leslie Caldwell said a statement.
'Identifying and prosecuting cyber criminals like Ngo is one of the ways we're working to change that cost-benefit analysis.'

The US Office of Personnel Management revealed that the hackers have stolen more than 21.5 mn social security numbers till now, and out of them 1.1 mn include fingerprints.

Sentencing Ngo has finally taken an initiative for stopping cyber crimes that are breaching the personal identity of civilians.

Hacker who sold Madonna song sentenced to 14 months in prison

Adi Lederman has been sentenced to 14 months in prison in Israel after being found guilty of selling and stealing singer Madonna's unreleased songs.

He was also fined 5,000 shekels, which comprehends to about $3900. The court has sad that an appropriate punishment will deter this kind of incidents in the future.

Madonna's latest album Rebel Heart was leaked on the internet last year. At the time she said' “I have been violated as a human and an artist.”

Later she later six songs, calling it an “early Christmas gift” for her fans.

Lederman was arrested earlier this year and agreed to a plea deal after confessing the crime.

U.S. court sentences a Swedish Blackshades malware maker to 57 months in prison

The United State District Judge P. Kevin Castel has sentenced one of the creators of a malware dubbed ‘Blackshades RAT’(a dangerous threat that can take over computers and steal personal and financial information), Alex Yücel to 57 months in prison.

The Swedish national has been found guilty of computer hacking on February 18, 2015 by the Judge. Along with the 57 months imprisonment, the Judge ordered him to forfeit $200,000.

According to Preet Bharara, United States Attorney for the Southern District of New York, Yucel created, marketed and sold software that was designed to accomplish only to gain control of a computer along with a victim's identity and other important information.

Blackshade RAT was distributed as a $40 download to thousands of online criminals since his operations began in 2010

"This malware victimized thousands of people across the globe and invaded their lives. But Yucel's computer hacking days are now over," Bharara said.

An international effort coordinating with UK National Crime Agency (NCA) shut down the Blackshades attacks in 2014.

During that time, more than 80 people were arrested in raids in the Netherlands, Belgium, France, Germany, the UK, Finland, Austria, Estonia, Denmark, the U.S., Canada, Chile, Croatia, Italy, Moldova and Switzerland.

Over 1,000 storage devices were confiscated, and the whole cyber criminal fraternity was warned that they are running out of hiding places.

"Criminals are finding out that committing crimes remotely offers no protection from arrest," Andy Archibald, deputy director of the NCA's National Cyber Crime Unit at the time, told V3.co.uk.


"The unique scale of this cyber operation shows what can happen when law enforcement agencies at local, national and international level work together to tackle the perpetrators and help keep people safe. Cyber crime is one of the most significant criminal threats to the UK. The NCA is helping to build the capacity of its partners across the country and co-ordinating the UK's collective efforts as part of the response," he added.

A Turkish mastermind of $55 million cyber spree handed over to the U.S.

A Turkish man, a mastermind behind three hacks that resulted in $55 million loss to the global financial system, has been extradited to the United States to face charges, the U.S. authorities announced on Wednesday.    

According to a news report published on Reuters, the prosecutors confirmed Ercan Findikoglu, 33, as the mastermind behind an organization whose hacks resulted in stolen debit card data being distributed worldwide and used to make fraudulent ATM withdrawals.

The prosecutors said that Findikoglu along with his friend hacked into the computer networks of three credit and debit card payment processors: Fidelity National Information Services Inc, ElectraCard Services, now owned by MasterCard Inc, and enStage.

After tapping into those networks, he hacked Visa and MasterCard prepaid debit cards that the processors serviced and caused the cards' account balances to be increased to allow large excess withdrawals.

Then the hackers group disseminated the stolen debit card information to heads of "cashing crews" around the world who in turn conducted tens of thousands of fraudulent ATM withdrawals.

The report says that the prosecutors said in February 2011 operation targeting cards issued by JPMorgan Chase & Co and used by the American Red Cross to provide relief to disaster victims noticed $10 million withdrawn across the globe.

A second operation compromised cards issued by National Bank of Ras Al-Khaimah in the United Arab Emirates, resulting in $5 million in losses in December 2012, court documents said.

Then the hackers compromised cards issued by Bank Muscat in Oman, allowing crews operating in 24 countries to execute 36,000 transactions over a two-day period in February 2013 and withdraw $40 million from ATMs, prosecutors said.

Authorities said that a New York cashing crew alone withdrew $2.8 million in the 2012 and 2013 operations. Thirteen of the crew's members have pleaded guilty.

According to the news report, the prosecutors said that Findikoglu and other high-ranking members of the scheme received proceeds in various forms, including by wire transfer, electronic currency or personal deliveries of cash.

The case is U.S. v. Findikoglu, U.S. District Court, Eastern District of New York, No. 13-0440.

The report says that Findikoglu pleaded not guilty during a hearing in federal court in Brooklyn, New York, after being extradited on Tuesday from Germany, where he was arrested in December 2013, the U.S. Justice Department said.

An indictment unsealed on Wednesday charged Findikoglu, who authorities say went by the online aliases "Segate" and "Predator," with 18 counts including computer intrusion conspiracy, bank fraud and money laundering.

Group of cyber-criminals bases in different countries nabbed in joint international operation


A group of 49 cyber-criminals located in Italy, Spain, Poland, the United Kingdom, Belgium and Georgia were nabbed by the authorities in a joint international investigation.

From a total of 58 properties, authorities recovered and seized laptops, hard disks, telephones, tablets, credit cards and cash, SIM cards, memory sticks, forged documents and bank account documents.

The operation was headed by Europol's European Cybercrime Centre (EC3) and Eurojust, and was assisted by the Italian Polizia di Stato (Postal and Communications Police), the Spanish National Police, the Polish Police Central Bureau of Investigation, and supported by UK law enforcement bodies.

The arrested members are suspected of financial fraud to the tune of 6 million Euros. The group targeted medium and large European companies through malware and social engineering techniques.

The joint operation was coordinated from Europol's headquarters in The Hague.

Two men, who developed Photobucket hacking software, charged with conspiracy and fraud

Two men were arrested on April 8 in the charge of conspiracy and fraud after breaching computer services of Colorado-based Photobucket, a company that runs an image and video hosting website, according to a statement by U.S Department of Justice (DoJ).

Brandon Bourret (39), from Colorado Springs, and Athanasios Andrianakis (26), from Sunnyvale, California, were arrested at their homes for hacking the system and sold passwords and access to private information on a photo-sharing website.

U.S. Attorney John Walsh for the District of Colorado (DoC) and Thomas Ravenelle, special agent in-charge for the Denver Division of the Federal Bureau of Investigations (FBI) announced that the two persons developed and sold a software application that allowed users to get through the privacy settings on Photobucket, which has more than 100 million registered users.

According to the statement, application users could secretly access and copy password-protected information and images without any permission from Photobucket's users.

“It is not safe to hide behind your computer, breach corporate servers and line your own pockets by victimizing those who have a right to protect privacy on the internet,” said U.S. Attorney Walsh in the statement.  The U.S. Attorney’s Office is keenly focused on prosecuting those people for their theft -- and for the wanton harm they do to innocent internet users.”      

“Unauthorized access into a secure computer system is a serious federal crime,” said Ravenelle in the statement.  The arrest of Brandon Bourret and his co-conspirator reflects the FBI’s commitment to investigate those who undertake activities such as this with the intent to harm a company and its customers.”

According to the statement, Bourret and Andrianakis both face one count of conspiracy, which carries a penalty of up to five years in federal prison and a fine of up to $250,000. They also face one count of computer fraud, which carries the same maximum penalty and less than five years in federal prison.

Similarly, they face two counts of access device fraud, which carries a fine of up to $250,000 and not more than ten years in federal prison, per count.

In addition, the U.S. Attorney’s Office and the FBI appreciated Photobucket for its cooperation from the inception of the investigation and thanked for its continued assistance as both the investigation and prosecution moves forward.


This case is being prosecuted by Assistant U.S. Attorney David Tonini.