FROM: U.S. JUSTICE DEPARTMENT
Friday, March 6, 2015
Three Defendants Charged with One of the Largest Reported Data Breaches in U.S. History
One Of The Defendants Has Already Pleaded Guilty
An indictment was unsealed yesterday against two Vietnamese citizens who resided in the Netherlands, for their roles in hacking email service providers throughout the United States. The guilty plea of one of the defendants was also unsealed at the same time. In addition, a federal grand jury returned an indictment this week against a Canadian citizen for conspiring to launder the proceeds obtained as a result of the massive data breach.
Assistant Attorney General Leslie R. Caldwell of the Criminal Division, Acting U.S. Attorney John A. Horn of the Northern District of Georgia, Special Agent in Charge J. Britt Johnson of the FBI’s Atlanta Field Office, Special Agent in Charge Reginald Moore of the United States Secret Service’s (USSS) Atlanta Field Office and Special Agent in Charge Veronica F. Hyman-Pillot with the Internal Revenue Service-Criminal Investigation’s (IRS-CI) made the announcement.
“These men — operating from Vietnam, the Netherlands, and Canada — are accused of carrying out the largest data breach of names and email addresses in the history of the Internet,” said Assistant Attorney General Caldwell. “The defendants allegedly made millions of dollars by stealing over a billion email addresses from email service providers. This case again demonstrates the resolve of the Department of Justice to bring accused cyber hackers from overseas to face justice in the United States.”
“This case reflects the cutting-edge problems posed by today’s cybercrime cases, where the hackers didn’t target just a single company; they infiltrated most of the country’s email distribution firms,” said Acting U.S. Attorney Horn. “And the scope of the intrusion is unnerving, in that the hackers didn’t stop after stealing the companies’ proprietary data—they then hijacked the companies’ own distribution platforms to send out bulk emails and reaped the profits from email traffic directed to specific websites.”
“Large scale and sophisticated international cyber hacking rings are becoming more problematic for both the law enforcement community that is faced with the challenges of identifying them and laying hands on them, but also the fortune 500 companies that are so often their targets,” said Special Agent in Charge Johnson. “The federal indictments, apprehensions and extraditions in this case represents several years of hard work as the FBI and its cadre of cyber trained agents and technical experts acted quickly to stop the ongoing damage to the numerous victim companies as a result of these individuals’ hacking activities. In August 2012, the FBI, with the assistance of its legal attaches stationed abroad and in conjunction with Dutch law enforcement officials, executed a search warrant in the Netherlands that disrupted continued compromises of those companies while allowing U.S. authorities to advance its investigation. That investigation targeted not only the hackers but the businesses that helped monetize the data that was stolen from those victim companies. This case further reflects the productive partnership of the FBI and the U.S. Secret Service in aggressively addressing this 21st century crime problem.”
“Our success in this case and other similar investigations is a result of our close work with our law enforcement partners,” said Special Agent in Charge Moore. “The Secret Service worked closely with the Department of Justice and the FBI to share information and resources that ultimately brought these cyber criminals to justice. This case demonstrates there is no such thing as anonymity for those engaging in data theft and fraudulent schemes.”
“Those individuals who line their pockets with money gained through deceiving others should know they will not go undetected and will be held accountable,” said Special Agent in Charge Hyman-Pillot. “IRS Criminal Investigation is committed to unraveling financial transactions to ensure that those who engage in these illegal activities are vigorously investigated and brought to justice.”
According to allegations in the indictments, between February 2009 and June 2012, Viet Quoc Nguyen, 28, a citizen of Vietnam, allegedly hacked into at least eight email service providers (ESPs) throughout the United States and stole confidential information, including proprietary marketing data containing over one billion email addresses. Nguyen, along with Giang Hoang Vu, 25, also a citizen of Vietnam, then allegedly used the data to send “spam” to tens of millions of email recipients. The data breach was the largest in U.S. history and was the subject of a Congressional inquiry in June 2011.
David-Manuel Santos Da Silva, 33, of Montreal, Canada, was also indicted by a federal grand jury on March 4, 2015, for conspiracy to commit money laundering for helping Nguyen and Vu to generate revenue from the “spam” and launder the proceeds.
According to allegations in the indictments, Da Silva, the co-owner, president and a director of 21 Celsius Inc., a Canadian corporation that ran Marketbay.com, entered into an affiliate marketing arrangement with Nguyen that allowed the defendants to generate revenue from the computer intrusions and data thefts.
As an affiliate marketer, Nguyen allegedly received a commission on sales generated from Internet traffic that he directed to websites promoting specific products. Nguyen allegedly used the information stolen from the ESPs to send “spam” emails to tens of millions of customers and provided hyperlinks to allow the purchase of the products. These products were marketed by Da Silva’s Marketbay.com.
Between approximately May 2009 and October 2011, Nguyen and Da Silva received approximately $2 million for the sale of products derived from Nguyen’s affiliate marketing activities.
Vu was arrested by Dutch law enforcement in Deventer, Netherlands, in 2012 and extradited to the United States in March 2014. On Feb. 5, 2015, Vu pleaded guilty to conspiracy to commit computer fraud. He is scheduled to be sentenced on April 21, 2015, before U.S. District Judge Timothy C. Batten Sr. of the Northern District of Georgia. Nguyen is a fugitive.
Da Silva was arrested based upon charges set forth in a criminal complaint at Ft. Lauderdale International Airport on Feb. 12, 2015, and is scheduled to be arraigned today in Atlanta before Magistrate Judge E. Clayton Scofield III.
The charges contained in an indictment are merely accusations, and defendants are presumed innocent unless and until proven guilty.
This case is being investigated by the FBI with the assistance of the USSS and IRS-CI. Law enforcement in the Netherlands and the Criminal Division’s Office of International Affairs also provided valuable assistance. This case is being prosecuted by Trial Attorney Peter Roman of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Steven D. Grimberg of the Northern District of Georgia.
Showing posts with label CYBER CRIME. Show all posts
Showing posts with label CYBER CRIME. Show all posts
Saturday, March 7, 2015
Wednesday, January 29, 2014
SPYEYE MALWARE DISTRIBUTOR PLEADS GUILTY TO FRAUD CHARGES
FROM: JUSTICE DEPARTMENT
Tuesday, January 28, 2014
Cyber Criminal Pleads Guilty to Developing and Distributing Notorious Spyeye Malware
Aleksandr Andreevich Panin, a Russian national also known as “Gribodemon” and “Harderman,” has pleaded guilty to conspiracy to commit wire and bank fraud for his role as the primary developer and distributor of the malicious software known as “SpyEye,” which, according to industry estimates, has infected over 1.4 million computers in the United States and abroad.
Acting Assistant Attorney General Mythili Raman of the Department of Justice’s Criminal Division, U.S. Attorney Sally Quillian Yates of the Northern District of Georgia and Acting Special Agent in Charge Ricky Maxwell of the FBI’s Atlanta Field Office made the announcement.
“Given the recent revelations of massive thefts of financial information from large retail stores across the country, Americans do not need to be reminded how devastating it is when cyber criminals surreptitiously install malicious codes on computer networks and then siphon away private information from unsuspecting consumers,” said Acting Assistant Attorney General Raman. “Today, thanks to the tireless work of prosecutors and law enforcement agents, Aleksandr Panin has admitted to his orchestration of this criminal scheme to use ‘SpyEye’ to invade the privacy of Americans by infecting their computers through a dangerous botnet. As this prosecution shows, cyber criminals – even when they sit on the other side of the world and attempt to hide behind online aliases – are never outside the reach of U.S. law enforcement.”
“As several recent and widely reported data breaches have shown, cyber-attacks pose a critical threat to our nation’s economic security,” said U.S. Attorney Yates. “Today’s plea is a great leap forward in our campaign against those attacks. Panin was the architect of a pernicious malware known as ‘SpyEye’ that infected computers worldwide. He commercialized the wholesale theft of financial and personal information. And now he is being held to account for his actions. Cyber criminals be forewarned: you cannot hide in the shadows of the Internet. We will find you and bring you to justice.”
“This investigation highlights the importance of the FBI’s focus on the top echelon of cyber criminals,” said Acting FBI SAC Maxwell. “The apprehension of Mr. Panin means that one of the world’s top developers of malicious software is no longer in a position to create computer programs that can victimize people around the world. Botnets such as SpyEye represent one of the most dangerous types of malicious software on the Internet today, which can steal people’s identities and money from their bank accounts without their knowledge. The FBI will continue working with partners domestically and internationally to combat cyber-crime.”
According to the charges and other information presented in court, SpyEye is a sophisticated malicious computer code that is designed to automate the theft of confidential personal and financial information, such as online banking credentials, credit card information, usernames, passwords, PINs, and other personally identifying information. The SpyEye virus facilitates this theft of information by secretly infecting victims’ computers, enabling cyber criminals to remotely control the infected computers through command and control (C2) servers. Once a computer is infected and under their control, cyber criminals can remotely access the infected computers, without authorization, and steal victims’ personal and financial information through a variety of techniques, including “web injects,” “keystroke loggers,” and “credit card grabbers.” The victims’ stolen personal and financial data is then surreptitiously transmitted to the C2 servers, where it is used to steal money from the victims’ financial accounts.
Panin was the primary developer and distributor of the SpyEye virus. Operating from Russia from 2009 to 2011, Panin conspired with others, including codefendant Hamza Bendelladj, an Algerian national also known as “Bx1,” to develop, market and sell various versions of the SpyEye virus and component parts on the Internet. Panin allowed cyber criminals to customize their purchases to include tailor-made methods of obtaining victims’ personal and financial information, as well as marketed versions that specifically targeted designated financial institutions. Panin advertised the SpyEye virus on online, invitation-only criminal forums. He sold versions of the SpyEye virus for prices ranging from $1,000 to $8,500. Panin is believed to have sold the SpyEye virus to at least 150 “clients,” who, in turn, used them to set up their own C2 servers. One of Panin’s clients, “Soldier,” is reported to have made more than $3.2 million in a six-month period using the SpyEye virus.
According to industry estimates, the SpyEye virus has infected more than 1.4 million computers in the United States and abroad, and it was the preeminent malware toolkit used from approximately 2009 to 2011. Based on information received from the financial services industry, over 10,000 bank accounts have been compromised by SpyEye infections since 2013 alone. Some cyber criminals continue to use SpyEye today, although its effectiveness has been limited since software makers have added SpyEye to malicious software removal programs.
In February 2011, pursuant to a federal search warrant, the FBI searched and seized a SpyEye C2 server allegedly operated by Bendelladj in the Northern District of Georgia. That C2 server controlled over 200 computers infected with the SpyEye virus and contained information from numerous financial institutions.
In June and July 2011, FBI covert sources communicated directly with Panin, who was using his online nicknames “Gribodemon” and “Harderman,” about the SpyEye virus. FBI sources then purchased a version of SpyEye from Panin that contained features designed to steal confidential financial information, initiate fraudulent online banking transactions, install keystroke loggers, and initiate distributed denial of service (DDoS) attacks from computers infected with the malware.
On Dec. 20, 2011, a Northern District of Georgia grand jury returned a 23-count indictment against Panin, who had yet to be fully identified, and Bendelladj. The indictment charged one count of conspiracy to commit wire and bank fraud, 10 counts of wire fraud, one count of conspiracy to commit computer fraud, and 11 counts of computer fraud. A superseding indictment was subsequently returned identifying Panin by his true name.
Bendelladj was apprehended at Suvarnabhumi Airport in Bangkok, Thailand, on Jan. 5, 2013 and was extradited from Thailand to the United States on May 2, 2013. His charges are currently pending in the Northern District of Georgia.
Panin was arrested by U.S. authorities on July 1, 2013, when he flew through Hartsfield-Jackson Atlanta International Airport.
The investigation also has led to the arrest of four of Panin’s SpyEye clients and associates in the United Kingdom and Bulgaria.
On Jan. 28, 2014, Panin pleaded guilty to conspiring to commit wire and bank fraud. Sentencing for Panin is scheduled for April 29, 2014, before United States District Judge Amy Totenberg of the Northern District of Georgia.
The case is being investigated by the FBI. Assistant United States Attorney Scott Ferber of the Northern District of Georgia, Trial Attorney Ethan Arenson of the Criminal Division’s Computer Crime and Intellectual Property Section and Senior Litigation Counsel Carol Sipperly of the Criminal Division’s Fraud Section are prosecuting the case. Former Assistant United States Attorney Nicholas Oldham also participated in the prosecution while with the Criminal Division.
Valuable assistance was provided by the Criminal Division’s Office of International Affairs and the following international law enforcement agencies: The United Kingdom’s National Crime Agency, the Royal Thai Police-Immigration Bureau, the National Police of the Netherlands - National High Tech Crime Unit (NHTCU), Dominican Republic’s Departamento Nacional de Investigaciones (DNI), the Cybercrime Department at the State Agency for National Security-Bulgaria and the Australian Federal Police (AFP).
Valuable assistance also was provided by the following private sector partners: Trend Micro’s Forward-looking Threat Research (FTR) Team, Microsoft’s Digital Crimes Unit, Mandiant, Dell SecureWorks, Trusteer and the Norwegian Security Research Team known as “Underworld.no”.
Tuesday, January 28, 2014
Cyber Criminal Pleads Guilty to Developing and Distributing Notorious Spyeye Malware
Aleksandr Andreevich Panin, a Russian national also known as “Gribodemon” and “Harderman,” has pleaded guilty to conspiracy to commit wire and bank fraud for his role as the primary developer and distributor of the malicious software known as “SpyEye,” which, according to industry estimates, has infected over 1.4 million computers in the United States and abroad.
Acting Assistant Attorney General Mythili Raman of the Department of Justice’s Criminal Division, U.S. Attorney Sally Quillian Yates of the Northern District of Georgia and Acting Special Agent in Charge Ricky Maxwell of the FBI’s Atlanta Field Office made the announcement.
“Given the recent revelations of massive thefts of financial information from large retail stores across the country, Americans do not need to be reminded how devastating it is when cyber criminals surreptitiously install malicious codes on computer networks and then siphon away private information from unsuspecting consumers,” said Acting Assistant Attorney General Raman. “Today, thanks to the tireless work of prosecutors and law enforcement agents, Aleksandr Panin has admitted to his orchestration of this criminal scheme to use ‘SpyEye’ to invade the privacy of Americans by infecting their computers through a dangerous botnet. As this prosecution shows, cyber criminals – even when they sit on the other side of the world and attempt to hide behind online aliases – are never outside the reach of U.S. law enforcement.”
“As several recent and widely reported data breaches have shown, cyber-attacks pose a critical threat to our nation’s economic security,” said U.S. Attorney Yates. “Today’s plea is a great leap forward in our campaign against those attacks. Panin was the architect of a pernicious malware known as ‘SpyEye’ that infected computers worldwide. He commercialized the wholesale theft of financial and personal information. And now he is being held to account for his actions. Cyber criminals be forewarned: you cannot hide in the shadows of the Internet. We will find you and bring you to justice.”
“This investigation highlights the importance of the FBI’s focus on the top echelon of cyber criminals,” said Acting FBI SAC Maxwell. “The apprehension of Mr. Panin means that one of the world’s top developers of malicious software is no longer in a position to create computer programs that can victimize people around the world. Botnets such as SpyEye represent one of the most dangerous types of malicious software on the Internet today, which can steal people’s identities and money from their bank accounts without their knowledge. The FBI will continue working with partners domestically and internationally to combat cyber-crime.”
According to the charges and other information presented in court, SpyEye is a sophisticated malicious computer code that is designed to automate the theft of confidential personal and financial information, such as online banking credentials, credit card information, usernames, passwords, PINs, and other personally identifying information. The SpyEye virus facilitates this theft of information by secretly infecting victims’ computers, enabling cyber criminals to remotely control the infected computers through command and control (C2) servers. Once a computer is infected and under their control, cyber criminals can remotely access the infected computers, without authorization, and steal victims’ personal and financial information through a variety of techniques, including “web injects,” “keystroke loggers,” and “credit card grabbers.” The victims’ stolen personal and financial data is then surreptitiously transmitted to the C2 servers, where it is used to steal money from the victims’ financial accounts.
Panin was the primary developer and distributor of the SpyEye virus. Operating from Russia from 2009 to 2011, Panin conspired with others, including codefendant Hamza Bendelladj, an Algerian national also known as “Bx1,” to develop, market and sell various versions of the SpyEye virus and component parts on the Internet. Panin allowed cyber criminals to customize their purchases to include tailor-made methods of obtaining victims’ personal and financial information, as well as marketed versions that specifically targeted designated financial institutions. Panin advertised the SpyEye virus on online, invitation-only criminal forums. He sold versions of the SpyEye virus for prices ranging from $1,000 to $8,500. Panin is believed to have sold the SpyEye virus to at least 150 “clients,” who, in turn, used them to set up their own C2 servers. One of Panin’s clients, “Soldier,” is reported to have made more than $3.2 million in a six-month period using the SpyEye virus.
According to industry estimates, the SpyEye virus has infected more than 1.4 million computers in the United States and abroad, and it was the preeminent malware toolkit used from approximately 2009 to 2011. Based on information received from the financial services industry, over 10,000 bank accounts have been compromised by SpyEye infections since 2013 alone. Some cyber criminals continue to use SpyEye today, although its effectiveness has been limited since software makers have added SpyEye to malicious software removal programs.
In February 2011, pursuant to a federal search warrant, the FBI searched and seized a SpyEye C2 server allegedly operated by Bendelladj in the Northern District of Georgia. That C2 server controlled over 200 computers infected with the SpyEye virus and contained information from numerous financial institutions.
In June and July 2011, FBI covert sources communicated directly with Panin, who was using his online nicknames “Gribodemon” and “Harderman,” about the SpyEye virus. FBI sources then purchased a version of SpyEye from Panin that contained features designed to steal confidential financial information, initiate fraudulent online banking transactions, install keystroke loggers, and initiate distributed denial of service (DDoS) attacks from computers infected with the malware.
On Dec. 20, 2011, a Northern District of Georgia grand jury returned a 23-count indictment against Panin, who had yet to be fully identified, and Bendelladj. The indictment charged one count of conspiracy to commit wire and bank fraud, 10 counts of wire fraud, one count of conspiracy to commit computer fraud, and 11 counts of computer fraud. A superseding indictment was subsequently returned identifying Panin by his true name.
Bendelladj was apprehended at Suvarnabhumi Airport in Bangkok, Thailand, on Jan. 5, 2013 and was extradited from Thailand to the United States on May 2, 2013. His charges are currently pending in the Northern District of Georgia.
Panin was arrested by U.S. authorities on July 1, 2013, when he flew through Hartsfield-Jackson Atlanta International Airport.
The investigation also has led to the arrest of four of Panin’s SpyEye clients and associates in the United Kingdom and Bulgaria.
On Jan. 28, 2014, Panin pleaded guilty to conspiring to commit wire and bank fraud. Sentencing for Panin is scheduled for April 29, 2014, before United States District Judge Amy Totenberg of the Northern District of Georgia.
The case is being investigated by the FBI. Assistant United States Attorney Scott Ferber of the Northern District of Georgia, Trial Attorney Ethan Arenson of the Criminal Division’s Computer Crime and Intellectual Property Section and Senior Litigation Counsel Carol Sipperly of the Criminal Division’s Fraud Section are prosecuting the case. Former Assistant United States Attorney Nicholas Oldham also participated in the prosecution while with the Criminal Division.
Valuable assistance was provided by the Criminal Division’s Office of International Affairs and the following international law enforcement agencies: The United Kingdom’s National Crime Agency, the Royal Thai Police-Immigration Bureau, the National Police of the Netherlands - National High Tech Crime Unit (NHTCU), Dominican Republic’s Departamento Nacional de Investigaciones (DNI), the Cybercrime Department at the State Agency for National Security-Bulgaria and the Australian Federal Police (AFP).
Valuable assistance also was provided by the following private sector partners: Trend Micro’s Forward-looking Threat Research (FTR) Team, Microsoft’s Digital Crimes Unit, Mandiant, Dell SecureWorks, Trusteer and the Norwegian Security Research Team known as “Underworld.no”.
Subscribe to:
Posts (Atom)