Search the Community
Showing results for tags 'arrest'.
mood posted a topic in Security & Privacy NewsGandCrab ransomware distributor arrested in South Korea South Korean national police have announced today the arrest of a 20-year-old suspect on charges of distributing and infecting victims with the GandCrab ransomware. The suspect, whose name was not released, operated as a customer of the GandCrab Ransomware-as-a-Service (RaaS) cybercrime operation. Known as an affiliate —or a distributor— police say the suspect operated by taking copies of the GandCrab ransomware and distributing them via email to victims across South Korea. Between February and June 2019, the suspect sent nearly 6,500 emails to South Koreans. The emails mimicked official communications from local police stations, the Constitutional Court, and the Bank of Korea. Phishing email sent in South Korea by a GandCrab affiliate However, when victims opened documents attached to emails they received, they infected themselves with the GandCrab ransomware, which then proceeded to encrypt their files and ask for a $1,300 payment in Bitcoin. South Korean national police say they tracked at least 120 users who fell victim to the suspect’s phishing campaigns. Despite the large number of victims, authorities said the suspect only made 12 million won, which stands to around $10,500, as he only received a 7% cut from the sum victims were paying on the GandCrab ransom portal. Suspect tracked via cryptocurrency transactions The suspect’s attacks stopped in June 2019 after the GandCrab group announced their retirement and moved on to create and run the REvil (Sodinokibi) RaaS instead, which focused on infecting companies rather than regular users. The South Korean individual marks the second GandCrab distributor arrested since the GandCrab shutdown. A 31-year-old suspect was previously arrested in Belarus in August 2020. South Korean national police said the recent arrest, which took place last month on February 25, was the result of an international investigation led by Interpol focused on tracking down the GandCrab gang and its network of distributors. Law enforcement agencies from ten countries are involved in the investigation. Authorities also said they tracked the suspect based on cryptocurrency transactions associated with the GandCrab operation, which led them to the suspect’s bank account, despite him using a cloak of servers and IP addresses to hide his real location. Source: GandCrab ransomware distributor arrested in South Korea
Karlston posted a topic in Security & Privacy NewsFlorida teen arrested, charged with being “mastermind” of Twitter hack The 17-year-old is facing 30 felony fraud charges. 52 with 46 posters participating A Florida teen has been arrested and charged with 30 felony counts related to the high-profile hijacking of more than 100 Twitter accounts earlier this month. Federal law enforcement arrested Graham Ivan Clark, 17, in Tampa earlier today, the Office of Hillsborough State Attorney Andrew Warren said. The arrest followed an investigation spearheaded by the Federal Bureau of Investigation and the Justice Department. "These crimes were perpetrated using the names of famous people and celebrities, but they're not the primary victims here," said Warren. "This 'Bit-Con' was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that." A security researcher who has been actively working with the FBI on the investigation into this month's breach told Ars that the hack was the result of painstaking research into Twitter employees, the social engineering of them by phone, and carefully timed phishing. Allison Nixon, chief research officer at security firm Unit 221B, said evidence collected to date shows that Clark and hackers he worked with started by scraping LinkedIn in search of Twitter employees who were likely to have access to the account tools. Using tools that LinkedIn makes available to recruiters, the attackers then obtained those employees’ cell phone numbers and other private contact information. The attackers then called the employees, and directed them to a phishing page that mimicked an internal Twitter VPN. Detailed work histories and other employee data the attackers obtained from public sources allowed the attackers to pose as people who were authorized Twitter personnel. Work at home arrangements cause by the COVID-19 pandemic also prevented the employees from using using normal procedures such as face-to-face contact, to verify the identities of co-workers. With the confidence of the targeted employees, the attackers directed them to a phishing page that mimicked an internal Twitter VPN. The attackers then obtained credentials as the targeted employees entered them. To bypass two-factor authentication protections Twitter has in place, the attackers entered the credentials into the real Twitter VPN portal within seconds of the employees entering them into the fake one. Once the employee entered the one-time password, the attackers were in. According to the charging document (PDF), Clark faces one count of organized fraud, 11 total counts of fraudulent use of personal information, one count of accessing a computer or electronic device without authority, and 17 counts of communications fraud. Clark's prosecution is taking place in Tampa, where he lives, "because Florida law allows minors to be charged as adults in financial fraud cases such as this when appropriate," Warren's office said. Two other young adults are also facing charges in relation to the hack, the DOJ announced. Mason Sheppard, a 19-year-old UK resident, and Nima Fazeli of Orlando, Florida, have both been charged in the Northern District of California. Sheppard faces counts of conspiracy to commit wire fraud, conspiracy to commit money laundering, and intentionally accessing a protected computer. Fazeli is charged with aiding and abetting the intentional access of a protected computer. This is a developing story and will be updated. Florida teen arrested, charged with being “mastermind” of Twitter hack
zanderthunder posted a topic in Security & Privacy NewsPolice in the Mongolian capital of Ulaanbaatar have apprehended 800 Chinese citizens and confiscated hundreds of computers and mobile phone SIM cards as part of an investigation into a cybercrime ring, local security authorities said. The arrests took place after police raided four locations, and followed two months of investigations, Gerel Dorjpalam, the head of the General Intelligence Agency of Mongolia, said at a media briefing. He did not go into specific details of the offences but said they involved illegal gambling, fraud, computer hacking, identity theft and money laundering. "As of this moment we suspect they are linked to money laundering," he said. "We are looking into the matter." All of the 800 Chinese citizens in detention came to Mongolia using 30-day tourist visas. The Chinese Embassy in Ulaanbaatar said in a statement that it would cooperate with the Mongolian police. "The police department of Mongolia has taken the necessary measures in this case and is currently in the process of investigating," it said. "China and Mongolia will have open law enforcement and security cooperation, and the two parties will be working closely together on this matter." A month ago, 324 undocumented Chinese citizens were arrested in the Philippines on charges of running illegal online gaming activities and engaging in cyberfraud, according to a notice by the country's immigration bureau. Mongolia saw about 480,000 foreign tourists enter in the first three quarters of this year, up 10.7%, with Chinese citizens accounting for nearly a third of the total. The landlocked north Asian nation is trying to diversify its economy and ease its dependence on raw materials, but it has traditionally been wary of opening up its economy to China, its giant southern neighbour. Source: Mongolia arrests 800 Chinese citizens in cybercrime probe (via The Star Online)