Once again we look back to last year in cybercrime and those we lost… to the law. This year was no different to last: We’ve seen another round of high-profile busts, arrests, fines and prison terms for some of the most prolific cybercriminals of recent years.
Here’s our look back at who was arrested or otherwise destroyed, featuring: why a Russian ransomware suspect burned his passport, which notorious malware gang reared its ugly head, and why one country’s hackers targeted an unsuspecting phone maker.
For a time, Joseph James O’Connor was one of the Internet’s most wanted hackers, not only by the feds investigating the breach, but also by the curious public who watched his hack play out in real time.
O’Connor was part of the hacker group that broke into Twitter to abuse access to an internal management tool they used to steal high-profile Twitter accounts, including Apple, Joe Biden and Elon Musk (who bought the site) spread of an encryption scam. Twitter took drastic measures to rid the hackers of its network, temporarily blocking all of the site’s 200 million-plus users from posting.
A New York judge sentenced the 24-year-old hacker to five years in prison, two of which O’Connor had already served.
A screenshot of a tweet from Joe Biden’s briefly hacked Twitter account showing an encryption scam. Image Credits: TechCrunch
Federal prosecutors this year charged a former Amazon employee with breaking into a cryptocurrency exchange and stealing millions of customers’ worth of cryptocurrency. The case initially appeared as an ethical hacker turned con artist apparently offering to return funds in exchange for a bug bonus. But Shakeeb Ahmed was ultimately arrested in part by Google for his own crimes that prosecutors say are related to “his own criminal responsibility.”
In the end, Ahmed pleaded guilty earlier in December, according to the Ministry of Justiceand faces up to five years in prison — and $5 million in restitution to victims.
Why did a Russian accused by US prosecutors of ransomware attacks burn his passport? According to accused hacker Mikhail Matveev, it’s because US government charges would follow him wherever he went, and most countries would extradite him for the crimes he’s accused of — crimes he hasn’t denied, per se, but rather embraced externally. In an interview with TechCrunch, Matveev said that the last time he traveled was to Thailand in 2014, but not since then.
Federal prosecutors say Matveev is a “central figure” in the development and deployment of the Hive, LockBit and Babuk ransomware variants, which have led to millions of dollars worth of ransom payments. Matveev is believed to be living in the Russian enclave of Kaliningrad, where he remains tantalizingly close but far from the authorities.
The FBI wanted poster for Mikhail Matveev. Image Credits: F.B.I
Hackers for the hermit kingdom have been busier than ever this year, racking up hacks on popular crypto wallets and major crypto projects aiming to make as much money for the regime from anywhere he can make it fund the nuclear weapons program he has approved.
Some of the cyberattacks linked to North Korea may not have made much sense at first glance, but breaking into software companies gave hackers access to the targets they were looking for. Enterprise phone provider 3CX said North Korean hackers broke into its systems and planted malware in an infected software update released to customers in a long-running effort to target 3CX’s encryption customers. Software company JumpCloud said it was also breached by North Korean hackers, likely in an attempt to harvest crypto-related data for some of its customers.
The FBI warned earlier this year that North Korean hackers were ready to cash in on some of their recent cryptocurrency heists.
It took the feds about a decade, but their persistence paid off when they finally tracked down the mastermind behind Try2Check, a credit card verification business that allowed criminals who buy credit card numbers in bulk to identify which cards are still active. The scheme earned Russian national Denis Gennadievich Kulkov more than $18 million in illegal proceeds – and a spot on the US Secret Service’s most wanted list with $10 million for information leading to Kulkov’s conviction. That may not be anytime soon, given that Kulkov remains in Russia and is completely out of the hands of US prosecutors.
A prolific hacker and seller of stolen data, the administrator of the BreachForums cybercrime forum known as Pompompurin, was arrested at home by the FBI in a leafy upstate New York town. BreachForums for a time was involved in selling the data of millions of people with more than 340,000 active members, to the point where the Department of Justice tried to “disrupt” the site to disable it. Conor Brian Fitzpatrick, 20, was arrested in the operation following an extensive surveillance operation. Ultimately it wasn’t just charges of computer hacking and wire fraud that brought down the infamous hacking forum administrator, but also possession of child abuse images. Fitzpatrick next pleaded guilty and will be sentenced later.
Qakbot was one of the longest-running and high-profile hacking groups of the past decade and once the malware of choice for delivering ransomware to companies, organizations and governments around the world, generating tens of millions of dollars in ransom payments. At its peak, the FBI said Qakbot had compromised more than 700,000 devices as of June 2023, with at least 200,000 compromised devices located in the United States. In a bold attempt to knock malware offline once and for all, the FBI launched Operation Duck Hunt (don’t tell that very fast), which tricked Qakbot-infected computers into downloading an FBI-made uninstaller, ridding the infected device of the malware. The operation was hailed as a success. But recent Qakbot infections suggest that the removal it was more than a brief setback.
In what may be the last cyber-related conviction of the year: A hacker accused of involvement with the prolific hacking group Lapsus$ will be held in custody until doctors determine he no longer poses a threat to the public. Arion Kurtaj, a teenager from Oxford, was given an indefinite hospital order in December. reports the BBC. Kurtaj is one of several hackers who have carried out raids on Rockstar Games, Uber, Nvidia and telecom giant EE who used social engineering and threats to gain access to corporate networks. The judge said the teenager’s skills and desire to continue to commit cybercrime meant he remained a high risk to the public.
Read more at TechCrunch:
