Search This Blog

Showing posts with label hacker arrested. Show all posts

This Aspiring Hacker was Caught in a Quite Embarrassing Manner


The US Department of Justice (DoJ) has arrested a Ukrainian citizen for using a botnet to hack people's passwords. He was caught by his alleged messages to vape shops in Ukraine, including an invoice with his home location. 

Glib Oleksandr Ivanov-Tolpintsev is accused by the Department of Justice of deploying a botnet to break passwords of targeted individuals, which he subsequently sold on the dark web. According to his indictment, Ivanov-Tolpintsev made over $80,000 from the operation. 

The press release from the DoJ reads, “During the course of the conspiracy, Ivanov-Tolpintsev stated that his botnet was capable of decrypting the login credentials of at least 2,000 computers every week...Once sold [on the dark web], credentials were used to facilitate a wide range of illegal activity, including tax fraud and ransomware attacks.” 

On October 3, 2020, Polish police arrested Ivanov-Tolpintsev in Korczowa, Poland, and he was extradited to the United States to stand prosecution for these offenses. 

Amateur Blunders 

According to an IRS affidavit, investigators tracked down Ivanov-Tolpintsev by looking at the contents of the Gmail accounts he used to conduct his dark web activities. 

Many digital receipts from online vape shops were sent to one of these accounts, revealing Ivanov Tolpintsev's name and contact information. 

Furthermore, Ivanov-normal Tolpintsev's email account was set as the recovery address for these accounts. Exploring the contents of his regular account showed a plethora of personally identifying information, including passport scans and Google Photos photos.

The government was able to assemble enough evidence to convince a court to order Ivanov Tolpintsev's arrest and extradition because of his carelessness in separating his criminal digital identity from his physical one. 

Although the investigators haven't revealed much about Ivanov Tolpintsev's botnet case but the case highlights the dangers of depending solely on a password to protect an account. 

Since breaking and auctioning passwords on the dark web may lead to significant attacks like the one on the United Nations, security experts have been urging to implement multi-factor authentication (MFA) systems.

Hacker ordered to pay back £922k

A hacker who carried out cyber attacks on more than 100 companies has been ordered to pay back £922,978.14 of cryptocurrency.

Grant West had been jailed for fraud after carrying out attacks on brands such as Sainsbury's, Uber and Argos.

A police investigation, codename "Operation Draba", uncovered West's activity on the dark web under the moniker of "Courvoisier".

The confiscation order was made during a hearing at Southwark Crown Court.

West, from Sheerness, Kent, used phishing email scams to obtain the financial data of tens of thousands of customers.

He would then sell this personal data in different market places on the dark web, convert the profit made from selling financial details online into cryptocurrency, and store these in multiple accounts.

West, of Ashcroft Caravan Park, was jailed in May at Southwark Crown Court for 10 years and eight months.

Detectives had discovered evidence of West conducting cyber attacks on the websites of 17 major firms.

Following West's arrest, approximately £1m in cryptocurrency was seized from a number of his accounts. Taking currency fluctuations into account the currency is today valued at £922, 978.14.

The cryptocurrency will now be sold and the victims will receive compensation.

As well as financial data, he also sold cannabis which he shipped to customers, and "how to" guides instructing others how to carry out cyber attacks.

West also regularly used stolen credit card details to pay for items for himself, including holidays, food, shopping and household goods. West admitted conspiracy to defraud, possession of criminal property, unauthorised modification of computer material and various drugs offences.

Bulgarian security expert arrested for demonstrating a vulnerability in software for kindergartens

Recently, the Bulgarian police detained an information security specialist Petko Petrov, who published a video about the vulnerability in the IT system of the municipality used in local kindergartens.

Bulgarian security researcher Petko Petkov discovered a vulnerability in the software used in local kindergartens. Petkov made a video demonstrating the vulnerability and posted it on Facebook about a week ago, on June 25. The video shows an automated attack on the portal of the local municipality, through which parents apply for admission of their child to kindergarten. The security expert was able to download the data of almost 236 thousand inhabitants of the Bulgarian city of Stara Zagora where more than 330 thousand people live using such vulnerability.

The specialist wrote a comment to the video that he tried to contact the software developer Information Services AD and the municipal authorities, but his reports about the vulnerability were ignored. Therefore, Petkov published a video to draw attention to the problem. Also, the man posted in the same comment a link to GitHub with PoC-code, opening access to it to everyone.

Even worse, the research explains that the same system is used in other Bulgarian cities, which means that hackers can freely obtain personal data of residents, including passport, information about their marital status, nationality, their relatives, etc.

Shortly after the public disclosure of information about the vulnerability, Bulgarian law enforcement officers arrested Petkov. He was arrested for 24 hours, but the researcher was later released.

According to the Bulgarian Media, the Prosecutor's office intends to charge the man under the article "illegal access to computer information protected by law". Petkov faces from one to three years in prison and a fine of about $ 2,900.

Although the man is now in trouble with the law, he achieved his goal - the problem was noticed, and after the incident the municipality refused to use vulnerable software, as they also failed to contact its developers and get official comments. The Mayor of Stara Zagora Zhivko Todorov told the media that the developer will eliminate the vulnerability at their own expense.

Author of Three Critical Ransomware Families Arrested in Poland

A well-known cyber-criminal believed to be the author of the Polski, Vortex, and Flotera ransomware strains, Tomasz T. was arrested in Poland on Wednesday, but the announcement was made by the Polish Law Enforcement on Friday.

They had been tracking him for quite some time and were ready this time to go ahead with the arrest.
Tomasz T. a.k.a. Thomas or Armaged0n - a Polish citizen who lives permanently in Belgium is responsible for conducting cybercrime such as DDOS attacks, sending malicious software to compromise several computers and using ransomware to encrypt the files.

While working through Europol, the Polish police had alerted their Belgium counterparts, who thusly searched his house and seized the computer equipment, laptop and remote servers also including encryption keys.

 “Apparently, the suspect has been active since 2013, when he first started targeting users via a banking trojan that would replace bank account numbers in users' clipboards with one of his own, so to receive undeserved bank transfers.”
-          according to the Prosecutors.

He was able to spread this ransomware through the means of email by pretending to impersonate official correspondence from well-known companies such as DHL, Zara, Cinema City, PAY U, WizzAir and many more. While utilizing the Online portal, Tomasz operated under the epithet "Armaged0n," which he used on the infamous Hack Forums cybercrime portal too.

The Polish tech news site Zaufana Trzecia Strona (ZTS) was the first to draw the lines between the three ransomware strains to the Armaged0n persona and later tracked down an extensive email spear-phishing operation.

Armaged0n Hack forum profile

The police suspects that Tomasz infected thousands of users with ransomware and made over $145,000 from his criminal undertakings. ZTS, CERT Poland, security analysts, police, and the impersonated companies all worked together to track him down.

Polish Cybercriminal has been accused with various complaints such as accepting and transferring funds from crimes, infecting computer systems with malware such as the Polish Ransomware, Vortex or Floter and for influencing automatic data processing for financial benefits. All these ransomware’s Decryption keys have likewise been collected from his system.

The suspect, questioned by the prosecutor, conceded to the 181 different crimes that he was charged with.

Nonetheless, after performing the procedural steps, the prosecutor filed a motion to apply to him a temporary detention for a period of three months.

Creator of 'Mariposa botnet' sentenced to 58 months

A Slovenia hacker accused of writing code of one of the largest known botnet "Mariposa botnet" and sentenced to 58 months by Slovenia court, BBC reports.

Mariposa(Spanish word for 'Butterfly') botnet is notorious botnet discovered in 2008 designed to steal sensitive information.

The botnet reportedly infected more than 12 million computers, used for Denial of service attacks, email spamming.

Matjaz Skorjanc, a 27-year-old, known with online name "Iserdo", was arrested in 2010 and found guilty of creating the malicious program and assisting others in wrongdoings and money laundering.

The court also ordered him to pay 3,000 euro($4,100) fine and give up a flat and a car that he bought with money earned by selling malicious program to a Spanish criminals.

His girlfriend "Nusa Coh", known with her IRC nickname "L0La" was also sentenced to 8 months probation for doing money laundering.

Hacker sentenced to 18 months for hacking US government systems

A Pennsylvania hacker has been sentenced to 18 months for hacking into and selling the access to various computer networks, also fined $25,000.

According to the Boston Globe, Andrew James Miller, 24 year old, who lives with his parents in Pennsylvania, hacked into the computers of various law enforcement agencies, academic institutions, corporations and government agencies including the Dept. of Energy.

He is said to be part of the part of a underground hacker group called "
Underground Intelligence Agency" with online moniker "Green.

The man asked sorry for his actions and said "wish to do anything I can to correct the situation".

Assistant US Attorney Adam J. Bookbinder highlighted that Miller was fully aware that his actions are illegal. But because of making money, he was willing to do it.

12 Year old Anonymous hacker hacks websites for Video Games

A 12 year old school boy from Quebec has admitted hacking several government and police websites as part of Anonymous operations  in spring 2012.

According to Toronto sun report, the boy whose name can't be published is said to have involved with computer since he was 9 year old.

His actions were not politically motivated.  He traded the pirated information for video games.

The hacker is said to have hacked websites including government sites of Chile, Montreal Police sites, , the Quebec Institute of Public Health and some other websites.

Court heard he used different cyber attacks including defacing websites, compromising data from servers and Denial of service attacks.

Silk Road taken down by FBI

Notorious online marketplace "Silk Road" has been taken down by the FBI and the owner "Ross Ulbricht" a.k.a (Dread Pirate Roberts) has been arrested . Proving that "Perfect security is impossible"

He has been charged with  conspiracy to traffic narcotics, conspiracy to hack computers, and conspiracy to launder money.

The website now shows a "This Hidden Site Has Been Seized" message

Silk Road was the drug dealing website in the world .It used the "TOR hidden network" to hide itself and its users.It seems Ross Ulbricht was caught due to his own mistakes and NOT due to a vulnerability in the TOR network.

This site had been a major point used lawmakers and politicians to try to curtail the growth of the TOR
 network.And now the recent actions by the FBI against many hidden sites in the TOR network is indeed a very big setback for it.

All the transactions in silkroad were done using Bitcoins and since the news of Ross Ulbricht's arrest bitcoin value has dropped quite a bit (Due to paranoid selling). But this is just the currency stabilizing itself, when it stabilizes BTC value will rise again. And the removal of association from such illigal market places might actually be a good thing for bitcoins.

Ross Ulbricht's LinkedIn Profile:
Full Arrest Warrant:
Full Details on how he was caught:

Note: I Will update as the story develops . You can tweet me at @SuriyaME   if you have something to add to this article. 

Scammer who stole financial info arrested by CIB

An alleged scammer who is responsible for stealing personal data of more than 10,000k people through a spam mail pretending to be from the Bureau of National Health Insurance has been arrested in China.

Surnamed Pan, tricks victims into download and open the attachment that contained a malicious software allowing him to steal the personal data from the affected computers.

According to China Post report, he used few techniques to avoid the antivirus detection and tested his malware numerous time before launching the real attack.

Criminal Investigation Bureau (CIB) said he had stolen "vast amounts of classified financial information from location companies".  He then used those details for accessing the online banking accounts and committed credit card fraud.

Hacker arrested by Taiwan Police for hacking classic music website

The China Posts reports that Taiwan police has arrested an individual suspect surnamed Shih on May 1 for hacking into a popular local classic music website.

The police raided the apartment of Shih and seized his computer which is found to be used in his hacking attempts.

The hacker admitted that he hacked into the website's customer database and made unauthorized changes to customer data by exploiting the SQL Injection vulnerability.

Criminal Investigation Bureau (CIB) stated the investigation was launched after it received a report from the web site's operator who said their site had been been hacked in March.

Accused SpyEye Virus creator extradited from Thailand to US

An Algerian man who is believed to be the creator of the infamous Banking Trojan "SpyEye" was extradited from Thailand to the United States to face charges.

Hamza Bendelladj, 24-year-old, also known as Bx1, will face charges for allegedly playing a role in developing, marketing ,distributing and controlling the SpyEye virus, according to FBI report.

SpyEye is a Banking Trojan(similar to Zeus virus) that steals confidential personal data and finance information such as online banking credentials , credit card information.

He was arrested at Suvarnabhumi Airport in Bangkok, Thailand, on Jan 5, while he was in transit from Malaysia to Egypt.

If convicted, he will face a maximum sentence of up to 30 years in prison for conspiracy to commit wire and bank fraud; up to 20 years for each wire fraud count; up to five years for conspiracy to commit computer fraud; up to five or 10 years for each count of computer fraud; and fines of up to $14 million.

Ex-employee arrested for hacking into High-voltage power manufacturer's network

A Software programmer who was employed at the High-voltage power manufacturer company arrested for hacking into the computer network of the company.

According to the FBI report, Michael Meneses, was employed at the victim company as a software programmer and system manager specializing in developing and customizing the software that the company used to run its business operations.

He was one of two employees who were primarily responsible for ensuring that the software that drove the company’s manufacturing business. His responsibilities gave him high-level access to the company’s computer network.

He had voiced displeasure at having been passed over for promotions, tendered his resignation in late December 2011.  Then, he allegedly launched cyber attack against the company and steal employee's security credentials.  He then used those credentials for accessing the network remotely via VPN.  The complaint says the company suffered over $90,000 in damages as a result of Meneses’s intrusions.

If convicted, he will face a statutory maximum sentence of years’ imprisonment, a $250,000 fine, and restitution.

Cybercriminals behind Carberp Trojan arrested in Ukraine

The masterminds allegedly behind one of the notorious banking Trojan Carberp that stoles millions of dollars and the developers have been arrested in Ukraine.

Carberp is a banking Trojan that first appeared in 2010 and started as a private malware used by a single group.  The gang in 2011 sold the malware's builder, a tool used to customize their Trojan program for $10,000 to a limited number of customers.

28-year-old Russian, the alleged leader of the group arrested along with about 20 individuals aged between 25 and 30 years old.

According to Kommersant Ukraine report, the cyber criminal ring is responsible for stealing more than $250 million in Ukraine and Russia alone.

5 CyberCriminals arrested for stealing 2 million Euros via e-banking hacks

Slovenian Police performed 12 house searches and arrested five cyber criminals who are believed to be responsible for the malware attacks that steals money from companies bank accounts.

It all started last year when the Slovenian national Computer Emergency Response Team(SI-CERT) started receive reports regarding a malware attacks.

The victims received emails pretending to be coming from a local bank and state tax authority with a Trojan horse attached.

The malware installs the Remote Administration tool that steals victim's e-banking credentials and send it to the cyber criminals.

"With stolen credentials and in the case where the victim did not remove the smart card containing the bank-issued certificate from the reader after use, the doors to the company's bank accounts were left open to the criminal gang." SI-CERT's report reads.

The attackers cleverly planned their attacks to happen on Fridays or the day before national holidays, so that the companies wouldn't immediately notice the theft.

According to the report, the criminal group used 25 money mules to transfer around 2 million Euros.

More than 1600 Indians were arrested in 2011 for CyberCrimes

cybercrime and law in india

More than 1,600 Indians were arrested in 2011 for Cyber Crimes registered under the Information Technology (IT) Act (2000) and under sections of Indian Penal Code (IPC), nearly 30% more than previous year.

According to Times of India report, Indian Minister of State for Communications Milind Deora said that a total 1,630 persons arrested in 2011 comprised 1,184 under Information Technology (IT) Act (2000) and 446 under sections of the Indian Penal Code (IPC) related to cybercrimes.

In 2010, the number of arrests for cybercrime under the IT Act (2000) was 799 and 394 under sections of the Indian Penal Code (IPC), making a total of 1,193.

Last year's cybercrime cases pertained to tampering computer source documents, hacking, obscene publication/transmission in electronic form and failure of compliance/order of certifying Authority, among other reasons.

Feds charge Anonymous spokesperson Barrett Brown for sharing link to stolen credit card data

Is it crime to share a link to data leaks? The Today indictment of Anonymous spokesperson shows sharing link to data leaks is crime.

Barrett Brown , the former spokesperson for the Anonymous hacktivist, has been charged of one count of trafficking stolen authentication features, one count of access device fraud, and ten counts of aggravated identity theft.

The charges are related to the Stratfor hack carried out by hacktivists at the end of 2011.

Brown isn’t charged with committing the stratfor hack but for posting links to file contains the 5,000 credit card details that were stolen in the incident.

" By transferring and posting the hyperlink, Brown caused the data to be made available to other persons online, without the knowledge and authorization of Stratfor and the card holders." The Feds says.

From the story, We can come to a conclusion that all Journalist who covers the hacking incident and links to data leaks are making crime.

At that time of stratfor hacking incident, links to the stolen credit card details were widely shared on twitter - are all the users who shared the links going to be rounded up and arrested, too?

Anonymous hacker convicted for attack on PayPal, Visa and MasterCard as part of Operation Payback

Anonymus hacker

A British Student hacker associated with the Anonymous hacktivist has been convicted in UK for his involvement in series of cyber attacks against the Paypal, Mastercard, Visa in 2010 as part of 'Operation Payback'

Christopher Weatherhead, 22 year-old, online handle 'Nerdo', was found guilty following the guilty pleas of three others — Jake Birchall, Ashley Rhodes and Peter Gibson.

The four hackers were arrested for orchestrating denial of service attacks against the companies because they had stopped processing payments for WikiLeaks. The attacks cost PayPal £3.5m.

The hacker also overwhelmed the servers of the British Recorded Music Industry and replaced with a message :

"You've tried to bite the Anonymous hand. You angered the hive and now you are being stung."

Weatherhead, who will be sentenced at a later date, could face up to 10 years in prison.