Crime Files Network

Archive for the ‘COMPUTER CRIMES’ Category

Ross Ulbricht, 31, who has been sentenced to life in prison image

Ross Ulbricht, 31, who has been sentenced to life in prison.

The American convicted of masterminding the criminal website Silk Road has been sentenced in court to life in prison over the online enterprise that sold $US200 million ($261 million) in drugs to customers worldwide.

It was the maximum possible punishment for Ross Ulbricht, who was convicted in February by a jury on seven counts of narcotics trafficking, criminal enterprise, computer hacking and money laundering.

The 31-year-old with a graduate degree displayed no emotion on Friday as he stood in dark prison scrubs to hear his fate read by US Federal Judge Katherine Forrest, as his devoted parents sat in the packed gallery.

Lyn Ulbricht, mother of Ross Ulbricht, speaks to journalists outside court image
Lyn Ulbricht, mother of Ross Ulbricht, speaks to journalists outside court. Photo: ReutersUlbricht, who ran Silk Road under the alias “Dread Pirate Roberts” and was alleged to have commissioned five murders at a cost of $US650,000 ($850,000) but never charged for them, was sentenced to two life sentences for narcotics distribution and criminal enterprise.
AdvertisementHe also received the maximum sentence of five, 15 and 20 years for hacking, trafficking in false documents and money laundering convictions.

In the gallery, his mother put her head in her hand.
Silk Road website shows thumbnails for products allegedly available through the site.image

This frame grab from the Silk Road website shows thumbnails for products allegedly available through the site.

It was a stunning fall from privilege for Ulbricht, who the government said amassed $US13 million ($17 million) in commissions by making the purchase of heroin, cocaine and crystal meth as easy as shopping online at eBay or Amazon.

Prosecutors said the narcotics-trafficking enterprise resulted in at least six drug-related deaths.

Crimes were ‘unprecedented’

“You should serve your life in prison,” Forrest told Ulbricht, saying there was no parole in the US federal system.

“What you did was unprecedented,” she said. “You have to pay the consequences of this.”

Forrest said the court also sought the forfeiture of more than $US183.9 million ($240 million) in Silk Road drug profits.

The parents of a 25-year-old Boston man and a 16-year-old Australian schoolboy, who both died after ingesting drugs obtained from Silk Road, spoke of their devastating loss.

“I strongly believe my son would be here today if Ross Ulbricht had never created Silk Road,” said one of the parents, identified only as Richard.

But Ulbricht made little mention of their anguish, sniffing and sobbing his way through a self-pitying statement before the court.

He told Forrest that he wanted to “tell you about myself from my perspective”, and denied that he was greedy and vain.

He also promised that he now respected the law and would never break it again if released.

“I’m not a self-centered, sociopathic person… I just made some very serious mistakes.”

His four-week trial had been considered a landmark case in the murky world of online crime and government surveillance.

Given the significant public interest in the case, Forrest said his sentence had to serve as a deterrent to anyone looking to step into his shoes, and must reflect the severity of his crimes and protect society.

Right to appeal

The defence had requested the mandatory minimum sentence of 20 years and Ulbricht has the right to appeal.

The sentence was the maximum possible under US federal law on each count – tougher even more than the lengthy sentence sought by government prosecutors.

Forrest read from chilling online messages and journal entries that she said showed Ulbricht had displayed “arrogance”, knew exactly what he was doing and had an escape plan to flee the country.

“I’m running a goddamn multimillion-dollar criminal enterprise,” she read out.

His own writings proved that he was “callous as to the consequences and the harm and suffering it may cause others”, she said.

The government said Silk Road conducted 50,000 sales of heroin, 80,000 sales of cocaine and 30,000 of methamphetamine – highly addictive and dangerous drugs.

Forrest said Ulbricht was no better than a common drug dealer and blind to the collateral damage to society caused by expanding the drugs market.

“I don’t know you feel a lot of remorse for the people you hurt. I don’t know you know you hurt a lot of people.”

She said she found “profoundly moving” the nearly 100 letters written from family and friends testifying to a kind, intelligent and loved friend, saying that he was a “very complex” person.

Ulbricht created the Silk Road in January 2011, and owned and operated the underground site until it was shut down by the FBI in October 2013, when he was arrested in a San Francisco library.

The government called it “the most sophisticated and extensive criminal marketplace on the internet” used by vendors in more than 10 countries in North America and Europe.

Correction: An earlier version of this article stated that Ulbricht commissioned five murders at a cost of $US650,000 ($850,000). He was accused of these murders by law-enforcement but was never charged for them.




Deceived: Tracee Douglas believed she was engaged to US soldier 'Robert Sigfrid', but was instead being wooed by a Nigerian scammer.

Deceived: Tracee Douglas believed she was engaged to US soldier ‘Robert Sigfrid’, but was instead being wooed by a Nigerian scammer. Photo: Edwina Pickles

There is something about men in uniform — and perhaps women in uniform — that is appealing and romantic. Hundreds, or perhaps thousands of scammers take advantage of military attraction to separate unsuspecting targets from their money.

Here’s how they work: Con artists working out of Internet cafés — often in Africa — troll through dating sites, Facebook and other websites, striking up acquaintances with lonely people, usually women. They talk about the dangerous but important work they do in Afghanistan, Iraq or other distant locations. They confess their feelings of love for their targets. Then they ask the targets for money to pay for “leave requests,” “communication fees,” “transportation costs” or some other financial need. Thousands of targets actually send money — sometimes a lot of money. It’s gone forever.

The problem has gotten so bad that last year the Army Criminal Investigation Command sent out a press release to warn the public, which is reprinted below.

I frequently hear from people who have been targeted by these scams. Some of them get suspicious and dump the con artists; others fall for the ruse and lose money. Why, exactly do people fall for romance scams? I addressed this in a previous article:

Why we fall for romance scams

Over the next few days, Lovefraud will publish a series of these military romance scams so you can see what they look like. The audacity of the perpetrators is mind-blowing.

U.S. Army CID Pleads with Public, Warns Against Romance Scams

Female victims being cyber-robbed daily by thugs claiming to be U.S. servicemen

QUANTICO, Va. Nov 26, 2012 – Special Agents from the U.S. Army Criminal Investigation Command are once again warning internet users worldwide, to be extra vigilant and not to fall prey to internet scams or impersonation fraud – especially scams promising true love, but only end up breaking hearts and bank accounts.

According to Army CID Special Agents, CID continues to receive hundreds of reports from people worldwide, of various scams involving persons pretending to be U.S. Soldiers serving in Afghanistan or somewhere else in the world.  The victims are most often unsuspecting women, 30 to 55 years old, who think they are romantically involved on the internet with an American Soldier, when in fact they are being cyber-robbed by perpetrators thousands of miles away.

“We cannot stress enough that people need to stop sending money to persons they meet on the internet and claim to be in the U.S. military,” said Chris Grey, Army CID’s spokesman. “It is heartbreaking to hear these stories over and over again of people who have sent thousands of dollars to someone they have never met and sometimes have never even spoken to on the phone.”

The majority of the “romance scams,” as they have been dubbed, are being perpetrated on social media, dating-type websites where unsuspecting females are the main target.

The criminals are pretending to be U.S. servicemen, routinely serving in a combat zone.  The perpetrators will often take the true rank and name of a U.S. Soldier who is honorably serving his country somewhere in the world, marry that up with some photographs of a Soldier off the internet, and then build a false identity to begin prowling the internet for victims.

“We have even seen instances where the Soldier was killed in action and the crooks have used that hero’s identity to perpetrate their twisted scam,” said CID Special Agent Matthew Ivanjack, who has fielded hundreds of calls and emails from victims.

The scams often involve carefully worded romantic requests for money from the victim to purchase special laptop computers, international telephones, military leave papers, and transportation fees to be used by the fictitious “deployed Soldier” so their false relationship can continue.  The scams include asking the victim to send money, often thousands of dollars at a time, to a third party address.

Once victims are hooked, the criminals continue their ruse.

“We’ve even seen instances where the perpetrators are asking the victims for money to purchase “leave papers” from the Army, help pay for medical expenses from combat wounds or help pay for their flight home so they can leave the war zone,” said Grey.

These scams are outright theft and are a grave misrepresentation of the U.S. Army and the tremendous amount of support programs and mechanisms that exist for Soldiers today, especially those serving overseas, said Grey.

Along with the romance type scams, CID has been receiving complaints from citizens worldwide that they have been the victims of other types of scams – once again where a cyber crook is impersonating a U.S. servicemember.  One version usually involves the sale of a vehicle; where the servicemember claims to be living overseas and has to quickly sell their vehicle because they are being sent to another duty station.  After sending bogus information regarding the vehicle, the seller requests the buyer do a wire transfer to a third party to complete the purchase. When in reality, the entire exchange is a ruse for the crook to get the wire transfer and leave the buyer high and dry, with no vehicle.


Army CID is warning people once again to be very suspicious if they begin a relationship on the internet with someone claiming to be an American Soldier and within a matter of weeks, the alleged Soldier is asking for money, as well as their hand in marriage.

Many of these cases have a distinct pattern to them, explained Grey.

“These are not Soldiers, they are outright thieves. If someone asked you out on a first date and before they picked you up they asked you for $3,000 to fix their car to come get you, many people would find that very suspicious and certainly would not give them the money.  This is the same thing, except over the internet.” said Grey.

The perpetrators often tell the victims that their units do not have telephones or they are not allowed to make calls or they need money to “help keep the Army internet running.”  They often say they are widowers and raising a young child on their own to pull on the heartstrings of their victims.

“We’ve even seen where the criminals said that the Army won’t allow the Soldier to access their personal bank accounts or credit cards,” said Grey.

All lies, according to CID officials.

“These perpetrators, often from other countries, most notably from West African countries are good at what they do and quite familiar with American culture, but the claims about the Army and its regulations are ridiculous,” said Grey.

The Army reports that numerous very senior officers and enlisted Soldiers throughout the Army have had their identities stolen to be used in these scams.

To date, there have been no reports to Army CID indicating any U.S. service members have suffered any financial loss as a result of these attacks.  Photographs and actual names of U.S. service members have been the only thing utilized.  On the contrary, the victims have lost thousands. In one extreme example, a woman from New York took out a second mortgage on her home to get money to help her “Soldier.”  She lost more than $60,000.  More recently, a woman from Great Britain told CID officials she had sent more than $75,000 to the con artists.

“The criminals are preying on the emotions and patriotism of their victims,” added Grey.

The U.S. has established numerous task force organizations to deal with this and other growing issues; unfortunately, the people committing these scams are using untraceable email addresses on “Gmail, Yahoo, Hotmail,” etc., routing accounts through numerous locations around the world, and utilizing pay-per-hour Internet cyber cafes, which often times maintain no accountability of use. The ability of law enforcement to identify these perpetrators is very limited, so individuals must stay on the alert and be personally responsible to protect themselves.

“Another critical issue is we don’t want victims who do not report this crime walking away and thinking that a U.S. serviceman has ripped them off when in fact that serviceman is honorably serving his country and often not even aware that his pictures or identity have been stolen,” said Grey.

What to look for:

  • DON’T EVER SEND MONEY! Be extremely suspicious if you are asked for money for transportation costs, communication fees or marriage processing and medical fees.
  • If you do start an internet-based relationship with someone, check them out, research what they are telling you with someone who would know, such as a current or former service member.
  • Be very suspicious if you never get to actually speak with the person on the phone or are told you cannot write or receive letters in the mail.  Servicemen and women serving overseas will often have an APO or FPO mailing address. Internet or not, service members always appreciate a letter in the mail.
  • Many of the negative claims made about the military and the supposed lack of support and services provided to troops overseas are far from reality – check the facts.
  • Be very suspicious if you are asked to send money or ship property to a third party or company. Often times the company exists, but has no idea or is not a part of the scam.
  • Be aware of common spelling, grammatical or language errors in the emails.

Where to go for help:

Report the theft to the Internet Crime Complaint Center (IC3) (FBI-NW3C Partnership).


Report the theft to the Federal Trade Commission. Your report helps law enforcement officials across the United States in their investigations.




A hand is silhouetted in front of a computer screen in this picture illustration taken in Berlin May 21, 2013.

Credit: Reuters/Pawel Kopczynski

(Reuters) – Community Health Systems Inc (CYH.N), one of the biggest U.S. hospital groups, said on Monday it was the victim of a cyber attack from China, resulting in the theft of Social Security numbers and other personal data belonging to 4.5 million patients.

That would make the attack the largest of its type involving patient information since a U.S. Department of Health and Human Services website started tracking such breaches in 2009. The previous record, an attack on a Montana Department of Public Health server, was disclosed in June and affected about 1 million people.

The attackers appear to be from a sophisticated hacking group in China that has breached other major U.S. companies across several industries, said Charles Carmakal, managing director with FireEye Inc’s (FEYE.O) Mandiant forensics unit, which led the investigation of the attack on Community Health in April and June.

“They have fairly advanced techniques for breaking into organizations as well as maintaining access for fairly long periods of times without getting detected,” he said.

Carmakal and officials with Community Health Systems declined to name the group or say if it was linked to the Chinese government, which U.S. businesses and officials have long accused of orchestrating cyber espionage campaigns around the globe.

In May, a U.S. grand jury indicted five Chinese military officers on charges they hacked into U.S. companies for sensitive manufacturing secrets, the toughest action to date taken by Washington to address cyber spying. China has denied the charges.

FBI spokesman Joshua Campbell said his agency was investigating the case, but declined to elaborate.

The Department of Homeland Security said it believed the incident was isolated to Community Health Systems, although it shared technical details about the attack with other healthcare providers.

An agency official told Reuters it was too soon to confirm who was behind the attack.

“While attribution of this incident is still being determined by a range of partners, we caution against leaping to premature conclusions about who or how many actors are behind these activities,” said the official, who was not authorized to discuss the investigation publicly.

The stolen information included patient names, addresses, birth dates, telephone numbers and Social Security numbers of people who were referred or received services from doctors affiliated with the hospital group in the last five years, the company said in a regulatory filing. It did not include medical or clinical information.



Cybersecurity has come under increased scrutiny at healthcare providers this year, both by law enforcement and attackers.

The FBI warned the industry in April that its protections were lax compared with other sectors, making it vulnerable to hackers looking for details that could be used to access bank accounts or obtain prescriptions.

Over the past six months Mandiant has seen a spike in cyber attacks on healthcare providers, although this was the first case it had seen in which a sophisticated Chinese group has stolen personal data, according to Carmakal.

Chinese hacking groups are known for seeking out intellectual property such as product design or information that might be of use in business or political negotiations.

Social Security numbers and other personal data are typically stolen by cybercriminals to sell on underground exchanges for use by others in identity theft.

“It’s hard to tell why these guys took the data or what they plan to do with it,” said Carmakal, whose firm monitors about 20 hacking groups in China.

Dmitri Alperovitch, chief technology officer with cybersecurity firm CrowdStrike, said Chinese hackers sometimes attack healthcare providers to obtain medical records of government officials and even potential intelligence assets.

“Maybe they were trying to get at the medical data, but for some reason they couldn’t, so they exfiltrated everything else, figuring that it might somehow be helpful,” Alperovitch said.

The company said the stolen data did not include credit card numbers, or any intellectual property such as data on medical device development.

Community Health, which has 206 hospitals in 29 states, said it has removed malicious software used by the attackers from its systems and completed other remediation steps. It is now notifying patients and regulatory agencies, as required by law.

It also said it is insured against such losses and does not at this time expect a material adverse effect on financial results.

Community Health’s stock was up 62 cents at $51.62 in midday trading on the New York Stock Exchange.

(Reporting by Caroline Humer, Jim Finkle and Shailesh Kuber; Editing by Joyjeet Das, Lisa Von Ahn, Chizu Nomiyama, Dan Grebler and Andre Grenon)


bleeding heart red on black image

Lonely and unfamiliar with the world of internet dating, Peter* was “just looking for a nice lady” when an attractive woman introduced herself via an online dating site.

“She sounded genuine and the photos looked good. I thought everything was alright – the way she spoke, the things she used to say,” says the 66-year-old pensioner and retired tyre-fitter from Dubbo.

The pair exchanged phone numbers and spoke nearly every day. A few weeks later, the woman began asking for money.

“It started off, could I lend her $500? … She had me believe there was going to be a relationship and she was going to move in here with me,” he says. “It ended up to about $9500.”

Peter is one of thousands of Australians whom fraudsters have left not just broken-hearted, but also broke.

Nearly one-third of the $90 million swindled from Australians last year was swiped from people searching for love, a new report into targeting scams shows.

Dating and romance-related fraud netted $25.2 million last year, up 8 per cent on the previous year, making it the top scam by total losses, according to the latest report by the Australian Competition and Consumer Commission.

Romance-related scams also yielded some of the highest returns per victim, accounting for nearly 30 per cent of money lost but only 3 per cent of reported scams. Those who fell for romance-related scams lost an average of $21,200 each – more than three times the $7000 average loss across all reported scams.

ACCC deputy chairwoman Delia Rickard said relationship scams caused the most emotional and economic harm to victims, with fraudsters investing substantial effort into researching their victims.

“They’re very good at tapping into people’s emotions. They will spend weeks, months, even years, really building a trust relationship,” she said.

That an increasing number of people are meeting genuine partners online has made others more vulnerable to victimisation through internet dating sites. She said the ACCC was working with dating and romance sites to implement proper security.

“People want to find love … and a lot of people are in a very vulnerable state when they do fall for [these scams]. We often see that people are recently divorced, recently widowed, lonely.”

She said that many fraudsters combined strategies such as romance and business opportunity scams or advance fee fraud and identity theft. “They’ll get personal information or bank account information that will enable them to commit further fraud down the line.”

Advanced fee/upfront payment schemes reaped the second biggest cash haul, with just under $25 million pinched last year. This was followed by computer prediction software and investment scams.

Phishing and identity theft showed the largest increase in number, leaping 73 per cent from 2012 to become the second-most common type of scam.

People were most likely to fall for health and medical scams, with more than one in two people reporting this kind of scam losing money. Online shopping and psychic/clairvoyant schemes were the next most convincing, according to the report.

One in three victims lost between $100 and $499, suggesting scammers continued to favour high-volume scams such as those asking victims for a small upfront payment to secure a larger sum of money “owed” to them by an organisation.

One in 10 lost more than $10,000. Only two of losses more than $1 million were reported to the consumer watchdog last year, with losses of several million dollars linked to sports betting schemes.

More than 91,000 complaints were made to the consumer watchdog last year, a four-fold increase from 2009. In a positive sign however, scammers raked in 5 per cent less money than the year before, although the ACCC said many scams go unreported.

The most recent Australian Bureau of Statistics personal fraud survey estimates Australians lost $1.4 billion to fraud – more than 15 times the loss reported to the ACCC last year.

* Name changed

Top 5 ways to identify scammers online

You’ve never met or seen them: Scammers will say anything to avoid a face-to-face meeting, whether in person or over the internet via a video chat.

They’re not who they appear to be: Scammers steal photos and profiles from real people to create an appealing facade. Run a Google Image search on photos and search words in their description to check if they are the real deal.

They ask to chat with you privately: Scammers will try to move the conversation away from the scrutiny of community platforms.

You don’t know a lot about them: Scammers are keen to get to know you as much as possible but are less forthcoming about themselves.

They ask you for money: Don’t fall for a tall tale, no matter how plausible it sounds.



Two men arrested in Macau for allegedly planting malware on local ATMs (shown with equipment reportedly seized from their hotel room). Photo KrebsOnSecurity image

A recent skimming attack in which thieves used a specialised device to physically insert malicious software into a cash machine may be a harbinger of more sophisticated scams to come.

Authorities in the Chinese territory of Macau, last week announced the arrest of two Ukrainian men accused of participating in a skimming ring that stole approximately $100,000 from at least seven ATMs.

Local police said the men insert a device that was connected to a small laptop into the card acceptance slot on the ATMs. Armed with this toolset, the authorities said, the men were able to install malware capable of siphoning the customer’s card data and PINs. The device appears to be a rigid green circuit board that is approximately four or five times the length of an ATM card.

According to Hong Kong press reports (and supplemented by an interview with an employee at one of the local banks who asked not to be named), the insertion of the circuit board caused the software running on the ATMs to crash, temporarily leaving the cash machine with a black, empty screen. The thieves would then remove the device. Soon after, the machine would restart, and begin recording the card and PINs entered by customers who used the compromised machines.

The Macau government alleges that the accused would return a few days after infecting the ATMs to collect the stolen card numbers and PINs. To do this, the thieves would reinsert the specialised chip card to retrieve the purloined data, and then a separate chip card to destroy evidence of the malware.

ATM attacks that leverage external, physical access to install malware aren’t exactly new, but they’re far less common than skimming devices that are made to be affixed to the cash machine for the duration of the theft. It’s not clear how the malware was delivered in this case, but in previous attacks thieves have been able to connect directly to a USB port somewhere inside the ATMs.

Late last year, a pair of researchers at the Chaos Communication Congress (CCC) conference in Germany detailed a malware attack that drained ATMs at unnamed banks in Europe. In that case, the crooks cut a chunk out of the ATM’s chassis to expose its USB port, and then inserted a USB stick loaded with malware. The thieves would then replace the cut-out piece of chassis and come back a few days later, and enter a 12-digit code that launched a special interface that displayed the amount of money available in each denomination — along with options for dispensing each kind.

In December 2012, I wrote about an attack in Brazil in which thieves swapped an ATM’s USB-based security camera with a portable keyboard that let them hack the cash machine. In that attack, the crook caused a reboot of the ATM software by punching in a special combination of keys. The thieves then were able to reboot into a custom version of Debian Linux designed to troubleshoot locked or corrupted ATM equipment.




Bogachev, accused Russian hacker faces US charges over his suspected development of malware used by criminals to steal $108 million worldwide

An accused Russian hacker faces US charges over his suspected development of malicious computer software that cybercriminals used to steal more than $US100 million ($108 million) from businesses and consumers since 2011.

Evgeniy Mikhailovich Bogachev, 30, ran a criminal ring responsible for Gameover Zeus and Cryptolocker, a form of malware known as ransomware, the US Justice Department said in papers unsealed today in Pittsburgh federal court. Zeus infected hundreds of thousands of computers worldwide, the US said.

Bogachev remains at large. He was last known to live in Anapa, Russia, and also owns property in Krasnodar, according to a Federal Bureau of Investigations wanted poster.

“This operation disrupted a global botnet that had stolen millions from businesses and demanded payments for giving users access to their own files and data,” Deputy Attorney General James Cole said today at a news conference in Washington.

The charges follow the arrests of about 90 people in more than a dozen countries last month in a US-led crackdown on the makers and users of software designed to steal identities and remotely control computers. Authorities worked with private security companies to wrest control of the network of infected machines

Gameover Zeus allowed Bogachev to remotely turn infected computers into a botnet, a global network that silently siphoned financial and other valuable information, prosecutors said. A system infected by the program can be used to send spam, take part in denial-of-service attacks and harvest users’ credentials for online services, including banking, according to the US Computer Emergency Readiness Team website.

Million infections

Early versions of Zeus software began appearing in 2007, the Justice Department said in its statement. Gameover Zeus, which first emerged in September 2011, has infected about 1 million computers worldwide, about 25 per cent of which are located in the US resulting in financial losses in the hundreds of millions of dollars.

Victims included a composite-materials company in western Pennsylvania, an American Indian tribe in Washington and an assisted-living facility in eastern Pennsylvania, prosecutors said. A regional bank in northern Florida lost almost $US7 million after an unauthorised wire transfer was initiated with credentials stolen by Bogachev’s group, according to court documents.

An arrest warrant has been issued for Bogachev, also known by the online nicknames Slavik and Pollingsoon, according to court papers. He faces charges including conspiracy, money laundering, bank fraud and wire fraud.

Cryptolocker Servers

Separately, US and foreign law enforcement officials seized computer servers central to Cryptolocker in a joint operation in 10 countries including Canada, Germany, the Netherlands and the UK, the Justice Department said in a statement.

Bogachev was indicted by a federal grand jury in Omaha in 2012 under the nickname Lucky12345. A criminal complaint issued there on May 30 ties the nickname to Bogachev and charges him with conspiracy to commit bank fraud related to his alleged involvement in the operation of a version of Zeus malware known as Jabber Zeus, the FBI said.

Gameover Zeus is a common distribution mechanism for Cryptolocker, which first emerged late last year and has infected more than 230,000 computers worldwide, according to court documents.

While Gameover Zeus worked secretly to steal information, Cyrptolocker was blunt: a victim opened an infected e-mail and soon the “ransomware” took over the computer, encrypting everything from family photographs to work projects.

New Australian infections

Australian security firm The missing Link told Fairfax Media a new wave of Cryptolocker infections arrived in the country as late as last Friday, with highly targeted emails directing recipients to open a power bill from Energy Australia, then follow prompts, including passing a Captcha test, to download the full bill from a fake website resembling the retailer’s.

Missing Link security manager Aaron Bailey, said the emails appeared to have been part of a well-crafted mailing list targeting senior managers and executives in small and large businesses.

“The virus seems to deploy Cryptolocker which encrypts files and holds [the clients] to ransom.

“The most distressing thing for me on this later one was that it was customised to a distribution list. Maybe 30 or 40 single recipients and very senior contacts in each company [were sent] an Energy Australia bill – something an Australian would trust, essentially,” Mr Bailey said.

Police ransom

US victims were charged as much as $US700 to unlock their files. The malware infected personal computers and those at businesses. A Massachusetts police department had to pay a ransom to unlock its files, Cole said.

More than $US27 million in ransom payments were made in the first two months after Cryptolocker’s debut, the Justice Department said.

FBI and Ukranian officials seized and copied key command centers in Kiev and Donetsk starting on May 7, Leslie Caldwell, the assistant attorney general in charge of the Justice Department’s criminal division, said today.

Prosecutors obtained sealed charges against Bogachev on May 19 and by May 28 got court orders allowing prosecutors to stop infected computers from communicating with Gameover Zeus’s command centers, Caldwell said.

A coordinated weekend operation seized servers around the globe resulting in more than 300 computers being freed from the botnet, Caldwell said.

The European Cybercrime Centre also participated in the operation, along with Australia, Canada, France, Germany, Italy, Japan, Luxembourg, New Zealand, Ukraine.

Intel, Microsoft, security software companies F-Secure, Symantec, Trend Micro and Carnegie Mellon University supported the operation.

Bloomberg, with Reuters, Fairfax Media




SALT LAKE CITY (AP) — An Ohio man linked to the hacker collective Anonymous plans to plead guilty to charges that he breached police-agency websites, under an agreement with the federal government that calls for prison time and nearly $230,000 in restitution.

Court documents filed April 15 show 22-year-old John Anthony Borell III agreed to plead guilty to five charges related to the hacking of law enforcement websites in Utah, California, New York and Missouri.


The Toledo, Ohio, man would receive three years in prison and have to pay restitution under the agreement, which still needs court approval.

Borell is scheduled to appear before a judge at an Aug. 21 hearing for approval of the plea deal, and sentencing.

A spokeswoman for the U.S. Attorney’s Office in Utah declined to comment on the agreement. Messages left with Borell’s attorney Jamie Zenger were not immediately returned Tuesday.

As part of the deal, Borell would admit to hacking into the websites for Salt Lake City police; the Utah Chiefs of Police Association; police in Syracuse, N.Y.; the city of Springfield, Mo.; and the Los Angeles County Canine Police Association. He also would admit to hacking into a local community website in Illinois called “Pendleton Underground.”

The attacks all occurred between September 2011 and February 2012.

Borell was arrested in March of that year after he took credit for taking down the websites on his Twitter account.


“Regarding all of these hacks, I knew that what I was doing was illegal,” Borell states in court records. “I admit that I intentionally caused damage to protected computers by my conduct.”

Borell had been detained in a halfway house but was granted a court-approved release to live with his girlfriend in Toledo until his sentencing in August.

FBI officials have said the hacking gained access to citizen complaints about drugs and other crimes, including phone numbers, addresses and other personal data of informants. It also exposed some personal information on police officers.

The Utah police chiefs’ website was compromised on Jan. 19, 2012, and was back online after a few days. But the Salt Lake City police site wasn’t relaunched until four months after it went down on Jan. 31. Officials said the city spent $33,000 to repair damage to their website and beef up security.

The attacks on the servers came around the same time that a spate of Internet attacks attributed to Anonymous occurred around the country.

FBI investigators traced Borell through his Internet address associated with the Twitter account.

Anonymous is a group of loosely organized Internet enthusiasts, pranksters and activists whose targets have included financial institutions such as Visa and MasterCard, the Church of Scientology and law enforcement agencies.




Hamza Bendelladj of Algeria, centre, a suspect on the US Federal Bureau of Investigation’s top 10 wanted list for allegedly hacking private accounts in 217 banks and financial companies worldwide, is escorted by Thai police officers in Bangkok on January 7, 2013. Photo: Bloomberg
An Algerian national who is allegedly part of the cybercrime consortium behind a powerful hacking software known as SpyEye appeared in an Atlanta courtroom in the US after a three-year manhunt ended with his extradition from Thailand.

Hamza Bendelladj, known for years in underground computer forums simply as Bx1, was accused in a 23-count indictment of crimes including computer and bank fraud. The charges, unsealed yesterday, stem from his role in selling and supporting customised components for SpyEye, a banking Trojan that allows hackers to hijack victims’ bank accounts as they logged on from their own computers.

“Bendelladj’s alleged criminal reach extended across international borders, directly into victims’ homes,” US Attorney Sally Quillian Yates in Atlanta said in a statement before his arraignment.

SpyEye, which can be purchased for as little as $US2000 in the underground, helped turn hacking into an easy and lucrative occupation and drove a cybercrime boom that has drained tens of millions of dollars from bank accounts in the US and Europe, according to Brett Stone-Gross, a security expert at Dell SecureWorks in Atlanta.

The use of SpyEye has fallen off in the past year as law enforcement operations against the group have intensified, Stone-Gross said in an e-mail.


Thailand arrest

Bendelladj, 24, was extradited from Thailand at the request of US authorities after his arrest there on January 5. Wearing a dress shirt and black athletic pants, he smiled frequently and chatted in the courtroom. He said he didn’t need an interpreter because he spoke fluent English.

Bendelladj was unable to enter a plea because his attorney, Damian Martinez, hasn’t been approved yet to practice in Georgia. Martinez said after the hearing that his client would plead not guilty when he returns to court next week.

Prosecutors said Bendelladj is a flight risk and requested that he be held without bail.

Bendelladj, who according to the indictment also helped support hacking operations by providing servers to control the hijacked computers, is a close associate of SpyEye’s creator, a shadowy hacker known by the nickname ‘gribodemon,’ according to security experts who helped track the group.

One expert who aided in the investigation said that Bendelladj’s real identity was uncovered through a series of mistakes made by the hacker, including the use of two email addresses that led to his Facebook account. The researcher recorded a 2011 conversation with Bendelladj in Asia, which helped the FBI confirm his identity. The security expert asked not to be named because Bendelladj’s associates are still at large.


Enhanced effectiveness

Prosecutors allege that Bendelladj sold the SpyEye hacking software as well as designed modules that enhanced its effectiveness

The software can be customised to get around the security of specific banks’ websites. Once a computer is infected with SpyEye, hackers can use it to take over online banking sessions and transfer money to accounts they control. It can also be programmed to automatically steal passwords to e-commerce sites and scrape credit card numbers and expiration dates.


The thief that is Nigerian-born Tobechi Onwuhara scammer image

He owned a hip hop record label and he lived the high life of luxury hotels, gambling, strippers and bling. But behind the glitz and the glamour Tobechi Enyinna Onwuhara was one of the FBI’s most wanted men, allegedly a fraudster who scammed at least $44 million through cyber crimes.

But the sophisticated con artist, who fled Florida in August 2008 amid an intense FBI investigation, has been caught in Sydney and sent back to the US to face a string of fraud charges.

Nigerian-born Tobechi Onwuhara, 33, was “provisionally arrested in response to a request from the United States Government” in December last year, according to a spokeswoman for the Australian Attorney-General’s department.

A spokeswoman for the AG’s department said Mr Onwuhara is to face prosecution in the US for fraud related offences, including identity fraud and computer fraud.

“On January 29, the Minister for Justice [Jason Clare] made a determination to surrender Mr Onwuhara to the US.

“As a matter of long standing practice, the Australian government does not comment on operational matters,” she said.

Fairfax Media understands Mr Onwuhara had been living it up in Sydney after disappearing in August 2008.

The FBI’s website now lists Mr Onwuhara as captured, but with scant detail of the arrest. They were offering a $25,000 reward for information leading to his arrest.

The source who tipped off Fairfax said Mr Onwuhara had been making regular trips to The Star casino as well as splashing cash at numerous popular nightclubs.

“He would bet at the Star under a different name, he was a regular, then one day he just disappeared and someone told us he wanted by the FBI,” a source said.

A spokeswoman for Echo entertainment, owner of The Star, did not return calls and emails. The US Consulate in Sydney also did not return calls.

An Australian Federal Police spokesman confirmed the AFP arrested Mr Onwuhara.

According to the FBI’s most wanted list. Mr Onwuhara is wanted for his alleged involvement in an elaborate scheme that defrauded the financial industry out of tens of millions of dollars.

“Onwuhara is a key member of a group of Nigerians who allegedly have been conducting fraudulent banking activities from Florida and Texas, since 2005,” the FBI’s most wanted website states.

“It is alleged that the group has been using online internet databases to steal victims’ identities.

“Once acquired, they allegedly use the victims’ information to gain access to the victims’ ‘Home Equity Line of Credit’ accounts and wire transfer the money to accounts mainly located overseas, some in the United States.”

Some of Onwuhara’s alleged co-conspirators have been arrested, inside and outside of the United States, the FBI’s website states.

Onwuhara was charged federally with conspiracy to commit bank fraud, and a federal warrant was issued for his arrest by the US District Court, Eastern District of Virginia, on August 1, 2008.
PCShowbuzz -> Proven on MSN/Yahoo. Top conversions


FBI Investigators and aided by Facebook, have busted an international criminal ring that infected 11 million computers  worldwide and caused more than $US850 million ($A806m) in total losses in one of the largest cyber crime hauls in history.
Telegram Stop

The FBI, working in concert with the world’s largest social network and several international law enforcement agencies, arrested 10 people it says infected computers with “Yahos” malicious software, then stole credit card, bank and other personal information.

Facebook’s security team assisted the FBI after “Yahos” targeted its users from 2010 to October 2012, the US federal agency said in a statement on its website. The social network helped identify the criminals and spot affected accounts, it said.

Its “security systems were able to detect infected accounts and provide tools to remove these threats”, the FBI said.

According to the agency, which worked also with the US Department of Justice, the accused hackers employed the “Butterfly Botnet”. Botnets are networks of compromised series of computers that can be used in a variety of cyber attacks on personal computers.

The FBI said it nabbed 10 people from Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, Peru, the United Kingdom, and the United States, executed numerous search warrants and conducted a raft of interviews.

It estimated the total losses from their activities at more than $US850 million, without going into details.

Hard data is tough to come by, but experts say & we see it everywhere that cyber crime is on the rise around the world as PC and mobile computing become more prevalent and as more and more financial transactions shift online, leaving law enforcement, cyber security professionals and targeted corporations increasingly hard-pressed to recognize  and ward off attacks.

Identity Direct - Personalised Gifts For Children.

Sourced & published by Henry Sapiecha
Subscribe to Crime Files Network