Showing posts with label HACKING. Show all posts
Showing posts with label HACKING. Show all posts

Thursday, February 19, 2015

RUSSIAN NATIONAL EXTRADITED TO U.S. FOR ALLEGED ROLE IN MAJOR INTERNATIONAL HACKING SCHEME

FROM:  U.S. JUSTICE DEPARTMENT
Tuesday, February 17, 2015
Russian National Charged in Largest Known Data Breach Prosecution Extradited to United States
Defendant Brought From Netherlands

After Fighting Extradition for Over Two Years

A Russian national appeared in federal court in Newark today after being extradited from the Netherlands to face charges that he conspired in the largest international hacking and data breach scheme ever prosecuted in the United States, announced Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, Secretary Jeh Johnson of the Department of Homeland Security, U.S. Attorney Paul J. Fishman of the District of New Jersey and Acting Director Joseph P. Clancy of the U.S. Secret Service.

Vladimir Drinkman, 34, of Syktyykar and Moscow, Russia, was charged for his alleged role in a data theft conspiracy that targeted major corporate networks, stole more than 160 million credit card numbers, and caused hundreds of millions of dollars in losses.  Prior to his extradition, he had been detained by the Dutch authorities since his arrest in the Netherlands on June 28, 2012.

Drinkman appeared today before U.S. Magistrate Judge James B. Clark and entered a plea of not guilty to all 11 counts charged in the indictment and was ordered detained without bail.  Trial before U.S. District Judge Jerome B. Simandle was scheduled for April 27, 2015.

“Cyber criminals conceal themselves in one country and steal information located in another country, impacting victims around the world,” said Assistant Attorney General Caldwell.  “Hackers often take advantage of international borders and differences in legal systems, hoping to evade extradition to face justice.  This case and today's extradition demonstrates that through international cooperation, and through great teamwork between the Department of Justice and the Department of Homeland Security, we are able to bring cyber thieves to justice in the United States, wherever they may commit their crimes.”

“Drinkman’s extradition on the indictment this office brought more than a year and a half ago shows how relentlessly we will pursue those who are charged with these serious crimes,” said U.S. Attorney Fishman.  “The incredibly sophisticated work with our partners at the U.S. Secret Service to uncover this enormous, far-reaching scheme demanded an equal effort by our colleagues at the Department of Justice Criminal Division in Washington and our law enforcement partners overseas to bring the defendant back to face these charges.”

“This case demonstrates our commitment to fulfilling an important part of our integrated mission; that of protecting our Nation’s critical financial infrastructure,” said Acting Director Clancy.  “Our success in this investigation and other similar investigations is a credit to our skilled and relentless cyber investigators.  Our determination, coupled with our network of foreign law enforcement partners, ensures that our investigative reach can expand beyond the borders of the United States.”

According to the second superseding indictment, unsealed on July 25, 2013, and other court filings, Drinkman and four co-defendants each served particular roles in the scheme. Drinkman and Alexandr Kalinin, 28, of St. Petersburg, Russia, each allegedly specialized in penetrating network security and gaining access to the corporate victims’ systems.  Roman Kotov, 33, of Moscow, allegedly specialized in mining the networks Drinkman and Kalinin compromised to steal valuable data.  According to allegations in the indictment, the hackers hid their activities using anonymous web-hosting services provided by Mikhail Rytikov, 27, of Odessa, Ukraine.  Dmitriy Smilianets, 31, of Moscow, then allegedly sold the stolen information and distributed the proceeds of the scheme to the participants.

Drinkman and his co-defendants are charged with attacks on NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard.  It is not alleged that the NASDAQ hack affected its trading platform.

Drinkman and Kalinin were previously charged in New Jersey as “Hacker 1” and “Hacker 2” in a 2009 indictment charging Albert Gonzalez, 33, of Miami, in connection with five corporate data breaches, including the breach of Heartland Payment Systems Inc., which at the time was the largest ever reported.  Gonzalez is currently serving 20 years in federal prison for those offenses.  Kalinin is also charged in two federal indictments in the Southern District of New York: one charges Kalinin in connection with hacking certain computer servers used by NASDAQ and the second charges him and another Russian hacker, Nikolay Nasenkov, with an international scheme to steal bank account information from U.S.-based financial institutions.  Rytikov was previously charged in the Eastern District of Virginia with an unrelated scheme.

Drinkman and Smilianets were arrested at the request of the United States while traveling in the Netherlands on June 28, 2012.  Smilianets was extradited on Sept. 7, 2012, and remains in federal custody.  Kalinin, Kotov and Rytikov remain at large.  All of the defendants are Russian nationals except for Rytikov, who is a citizen of Ukraine.

The Attacks

According to allegations in the indictment, the five defendants conspired with others to penetrate the computer networks of several of the largest payment processing companies, retailers and financial institutions in the world, stealing the personal identifying information of individuals.  They allegedly took user names and passwords, means of identification, credit and debit card numbers and other corresponding personal identification information of cardholders. The conspirators allegedly acquired at least 160 million card numbers through hacking.

The initial entry was often gained using a “SQL injection attack.”  SQL, or Structured Query Language, is a type of programming language designed to manage data held in particular types of databases.  The hackers allegedly identified vulnerabilities in SQL databases and used those vulnerabilities to infiltrate a computer network.  Once the network was infiltrated, the defendants allegedly placed malicious code, or malware, on the system.  This malware created a “back door,” leaving the system vulnerable and helping the defendants maintain access to the network.  In some cases, the defendants lost access to the system due to companies’ security efforts, but were allegedly able to regain access through persistent attacks.

Instant message chats obtained by law enforcement reveal that the defendants allegedly targeted the victim companies for many months, waiting patiently as their efforts to bypass security were underway, sometimes leaving malware implanted for more than a year.

The defendants allegedly used their access to the networks to install “sniffers,” which were programs designed to identify, collect and steal data from the victims’ computer networks. The defendants then allegedly used an array of computers located around the world to store the stolen data and ultimately sell it to others.

Selling the Data

After acquiring the card numbers and associated data—which they referred to as “dumps”—the conspirators allegedly sold it to resellers around the world.  The buyers then sold the dumps through online forums or directly to individuals and organizations.  Smilianets was allegedly in charge of sales, selling the data only to trusted identity theft wholesalers.  He allegedly charged approximately $10 for each stolen American credit card number and associated data, approximately $50 for each European credit card number and associated data and approximately $15 for each Canadian credit card number and associated data, offering discounted pricing to bulk and repeat customers.  Ultimately, the end users encoded each dump onto the magnetic strip of a blank plastic card and cashed out the value of the dump by either withdrawing money from ATMs or making purchases with the cards.

Covering Their Tracks

The defendants allegedly used a number of methods to conceal the scheme.  Rytikov allegedly allowed his clients to hack with the knowledge he would never keep records of their online activities or share information with law enforcement.

Over the course of the conspiracy, the defendants allegedly communicated through private and encrypted communications channels to avoid detection.  Fearing law enforcement would intercept even those communications, some of the conspirators allegedly attempted to meet in person.

To protect against detection by the victim companies, the defendants allegedly altered the settings on victim company networks to disable security mechanisms from logging their actions.  The defendants also allegedly worked to evade existing protections by security software.

As a result of the scheme, financial institutions, credit card companies and consumers suffered hundreds of millions in losses—including more than $300 million in losses reported by just three of the corporate victims—and immeasurable losses to the identity theft victims in costs associated with stolen identities and false charges.

The charges and allegations contained indictments are merely accusations and the defendants are presumed innocent unless and until proven guilty.

The ongoing investigation is being conducted by the U.S. Secret Service.  The case is being prosecuted by Trial Attorney Rick Green of the Criminal Division’s Computer Crime and Intellectual Property Section, Chief Gurbir S. Grewal of the District of New Jersey’s Economic Crimes Unit, and Assistant U.S. Attorney Andrew S. Pak of the Computer Hacking and Intellectual Property Section of the District of New Jersey’s Economic Crimes Unit.

The Criminal Division’s Office of International Affairs assisted with the case, as did public prosecutors with the Dutch Ministry of Security and Justice and the National High Tech Crime Unit of the Dutch National Police.

Monday, November 3, 2014

NSF FUNDS SIMULATIONS TO TRAIN STUDENTS IN CYBERSECURITY

FROM:  NATIONAL SCIENCE FOUNDATION 
Cybersecurity: It's about way more than countering hackers
Growing professionals in cybersecurity means supporting an interdisciplinary approach that develops sophisticated thinkers

It's tense in the situation room. A cyber attack on the electrical grid in New York City has plunged Manhattan into darkness on a day that happens to be the coldest in the year. Concurrently, the cellular phone network has been attacked, silencing smartphones and sowing confusion and panic. A foreign power has claimed responsibility for the attacks and says more are coming. Your job is to look at geopolitical factors, intelligence feeds, military movements and clues in cyberspace to predict what may be happening next. Your goal is to make a recommendation to the President.

This scenario is thankfully not real, but it is the kind of simulation planned for students in the cybersecurity program at California State University, San Bernardino (CSUSB). With funding from the National Science Foundation's (NSF) CyberCorps®: Scholarships for Service (SFS) program, undergraduate and graduate students take an interdisciplinary approach to cybersecurity.

"We provide an environment where business students can work with engineers on drones, and students from political science can work on predictive modeling," said Principal Investigator (PI) Tony Coulson. "Our students can major in business, public administration, criminal justice, computer science, intelligence, all with cyber security as an option. We produce students who can problem-solve--people who can understand politics and finance as well as computer science."

Cybersecurity is a field that has received a lot of attention in recent years because of hacking episodes that have compromised networks, and in turn, the personal information of citizens who depend on a safe cyberspace to do such activities as banking and shopping. Following such a breach, attention is generally focused on identifying the hackers and their methods.

Among the options for students supported through San Bernardino's SFS program is being educated in cyber intelligence to deal proactively with cyber threats--to predict malicious behavior before it happens. Doing so draws not only on a background in computer and information science, but also on an understanding of human behavior and psychology and the political and economic environment. About 50 students have gone through the program, including completing internship requirements, and Coulson reports 100 percent placement with employers.

"The San Bernardino project is one of 166 active projects around the country fully or partly funded by SFS," said SFS Lead Program Director Victor Piotrowski. "Cybersecurity is a dynamic and evolving field, and the country needs talented people with the skills to protect U.S. interests around the world. Through SFS, we prepare students for high-paying careers in government, and increase the capacity of institutions to offer quality course work in this area."

A condition of students' receiving support through SFS is that they put their skills to work in a government agency for a period equal to the duration of their scholarship. Coulson says that after completing the program at CSUSB, students often have to choose from multiple offers. The program boasts having students placed in many areas of government.

"CSUSB students have a depth of skills and often pick their dream jobs," said Coulson, including a student who got a job at his first-choice agency--the National Archives.

San Bernardino is a poor community, and the good jobs available to SFS graduates can make a huge difference to them and their families. To promote their success in finding and keeping employment, the professional development offered to students goes beyond their academic work to include business etiquette, mentoring, how to succeed at an internship, and how to conduct oneself successfully in an office. The goal is to produce a graduate ready to be hired.

In addition to traditional essay-based projects, students have to complete a very hands-on final exam, requiring that they pick locks and use digital and biometric information to hack into a network. According to Coulson, they enjoy the challenge.

Along with running the SFS project, Coulson is co-PI on another NSF-supported project, CyberWatch West, funded through the Advanced Technological Education program (ATE).

"Despite Silicon Valley being on the West coast, and California having the largest population of community colleges in the country, there are very few cybersecurity programs here," said Coulson.

So CyberWatch West aims to help community colleges, K-12 schools and universities link together in 13 western states to develop faculty and students in cybersecurity. The project is a resource for faculty to identify curriculum pathways and outreach, find mentors and engage students in competitions, events and presentations.

"There's such a need in the Los Angeles and Orange County areas," said Coulson. There are something like 2,500 open positions, and we're graduating 200 kids."

Bringing together cybersecurity, law and digital forensics

Also responding to the need for a cybersecurity workforce prepared to deal with today's complex problems is an SFS project for undergraduates and graduate students at the University of Illinois, Urbana-Champaign (UIUC). The project has graduated 25 students who are already working in government (reflecting another 100 percentage placement rate), and another 20 are set to graduate next May.

Since last year, this project offers scholarships to law students as well as engineering and computer science students. According to PI Roy Campbell, few lawyers understand cybersecurity and few computer scientists understand the legal framework involved in prosecuting and preventing cyber crimes.

The first law student to be accepted in the program, Whitney Merrill, is a recent law school graduate currently practicing as an attorney while completing her master's in computer science at UIUC. She found the combination of cybersecurity and law in the UIUC program to be valuable.

"The two fields are fiercely intertwined," said Merrill. "Understanding both fields allows me to better serve and advocate for my clients. Additionally, I hope to be able to help the two communities more effectively communicate with each other to create tools and a body of law that reflects accurately an understanding of both law and technology."

Merrill found the program challenging at first.

"But my interest and love for the subject matter made the challenging workload (29 credits last semester) enjoyable," she added. "Working towards a mastery in both fields has also helped me to spot legal issues where I would not have before."

Next summer Merrill will be working as a summer intern at the Federal Trade Commission in their Division of Privacy and Identity Protection. She graduates in December 2015.

With additional NSF support, a new related program in digital forensics at UIUC has the goal of building a curriculum that will teach students about cybersecurity in the context of the law enforcement, the judicial system, and privacy laws.

"Digital forensics is not the sort of area a computer scientist can just jump into," Campbell said. "It's not just malware or outcropping of hacking techniques. It has to be done in a deliberate way to produce evidence that would be acceptable to courts and other entities."

Co-PI Masooda Bashir says digital forensics gets to the heart of the multidisciplinary nature of cybersecurity.

"If you think about the amount of digital information that is being generated, exchanged, and stored daily you begin to understand the impact that the field of Digital Forensics is going to have in the coming years, " she said. "But Digital Forensics (DF) is not only a technical discipline, but a multidisciplinary profession that draws on a range of other fields, including law and courtroom procedure, forensic science, criminal justice and psychology."

She added, " I believe it is through integration of such relevant nontechnical disciplines into the DF education we can help students develop the comprehensive understanding that they will need in order to conduct examinations and analyses whose processes and findings are not just technically sound, but legal, ethical, admissible in court, and otherwise effective in achieving the desired real-world goal."

As the new program evolves, Masooda is drawing on her background as a computer scientist/psychologist to add the psychology of cybercrime to the curriculum. She's also working on a project examining cybersecurity competitions to understand their impact on the cybersecurity workforce and also to better understand the psychological factors and motivations of cyber security specialist and hackers.

Students with an interest in cybersecurity can start planning now

The U.S. Office of Personnel Management maintains a website where students can get information of SFS and the institutions that are participating in it. Meanwhile, PIs can update their project pages and agency officials can check resumes for students with the qualifications they need.

In the evolving field of cybersecurity, individuals with technical skills and knowledge of the social and legal context for what they do will continue to be highly desirable workers

Tuesday, August 12, 2014

RUSSIAN NATIONAL INDICTED FOR HACKING INTO RETAILERS AND DISTRIBUTING CREDIT CARD DATA ON WEBSITES

FROM:  U.S. JUSTICE DEPARTMENT 
Friday, August 8, 2014
Russian National Arraigned on Indictment for Distributing Credit Card Data Belonging to Thousands of Card Holders

A Russian national indicted for hacking into point of sale systems at retailers throughout the United States and operating websites that distributed credit card data of thousands of credit card holders appeared today for arraignment in U.S. federal court, announced U.S. Attorney Jenny A. Durkan of the Western District of Washington and Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division.

“Cyber-criminals should take heed: distance will not protect you from the reach of justice.   We will investigate, we will locate, and we will bring foreign hackers to stand trial,” said U.S. Attorney Jenny A. Durkan.   “This defendant is presumed innocent, and will be afforded the full protections of our system of justice.   But he will do so in our courthouse, in the community where harm was done.”

“Cyber-criminals have caused enormous financial damage and innumerable invasions of Americans’ privacy, often from halfway around the world,” said Assistant Attorney General Caldwell.   “The alleged crimes in this case harmed thousands of U.S. citizens, and thanks to our law enforcement partners throughout the world, we will have the opportunity to seek justice in a U.S. courtroom.”

Roman Valerevich Seleznev, aka “Track2,” 30, of Vladivostok, Russia, was indicted by a federal grand jury in the Western District of Washington on March 3, 2011, and the indictment was unsealed on July 7, 2014.   Seleznev is charged in connection with operating several carding forums, which are websites where criminals gather to sell stolen credit card numbers, and hacking into retail point of sale systems and installing malicious software on the systems to steal credit card numbers.   Seleznev was transferred to Seattle, Washington, from Guam, where he made his initial appearance on July 7, 2014.   Today, Seleznev entered pleas of “not guilty” to the charges in the indictment.   Trial is scheduled for October 6, 2014.

According to the allegations in the indictment, Seleznev hacked into retail point of sale systems to steal credit card numbers between October 2009 and February 2011.   Seleznev also created and operated infrastructure using servers located all over the world to facilitate the theft and sale of credit card data and host carding forums.   Seleznev is charged with 29 counts: five counts of bank fraud, eight counts of intentionally causing damage to a protected computer, eight counts of obtaining information from a protected computer without authorization, one count of possession with intent to defraud of 15 or more unauthorized access devices (stolen credit card numbers), two counts of trafficking in unauthorized access devices and five counts of aggravated identity theft.

“This case will no doubt serve as a serious warning to cyber criminals.   The Secret Service will partner with law enforcement worldwide and will not relent in the pursuit of transnational cyber criminals that try to exploit the U.S. financial payment systems” said Secret Service Assistant Director Paul Morrissey of the Office of Investigations.

The case is being investigated by the U.S. Secret Service Electronic Crimes Task Force, which includes detectives from the Seattle Police Department.   The case is being prosecuted by Assistant United States Attorney Norman M. Barbosa of the Western District of Washington and Trial Attorney Ethan Arenson of the Criminal Division’s Computer Crime and Intellectual Property Section.   The Criminal Division’s Office of International Affairs and the U.S. Attorney’s Office for the District of Guam provided substantial assistance.

Seleznev has also been charged in an indictment filed in the District of Nevada that was returned on Jan. 10, 2012, and unsealed on Nov. 13, 2013, alleging that he participated in a racketeer influenced corrupt organization, conspired to engage in a racketeer influenced corrupt organization, and possessed counterfeit access devices.  Seleznev, referenced as “Track2” in the indictment, and 54 others are charged with being members of the “Carder.su” organization, which allegedly trafficked in compromised credit card account data and counterfeit identifications and committed money laundering, narcotics trafficking, and various types of computer crime.  Seleznev allegedly operated a website that sold stolen card information to members of the Carder.su organization.   Thus far, at least 25 of the defendants have been convicted, and several others are fugitives.

The Nevada investigation is being handled by Immigration and Customs Enforcement – Homeland Security Investigations and the U.S. Secret Service.   The Nevada case is being prosecuted by Assistant U.S. Attorneys Kimberly M. Frayn and Andrew W. Duncan of the District of Nevada and Trial Attorney Jonathan Ophardt of the Criminal Division’s Organized Crime and Gang Section.  

The charges contained in the indictments are only allegations.   A person is presumed innocent unless and until he or she is proven guilty beyond a reasonable doubt in a court of law.

Friday, May 23, 2014

CEO OF HIGHER EDUCATION SOFTWARE PROVIDER PLEADS GUILTY IN HACKING CONSPIRACY

FROM:  U.S. JUSTICE DEPARTMENT 
Wednesday, May 21, 2014
President of Higher Education Software Provider Pleads Guilty to Conspiring to Hack into Competitors’ Computer Systems

The president and chief executive officer of Virginia-based Symplicity Corporation pleaded guilty today to conspiring to hack into the computer systems of two competitors to improve his company’s software development and sales strategy.

Acting Assistant Attorney General David A. O’Neil of the Justice Department’s Criminal Division, U.S. Attorney Dana J. Boente of the Eastern District of Virginia and Special Agent in Charge Adam S. Lee of the FBI’s Richmond Field Office made the announcement after the plea was accepted by U.S. District Judge Claude M. Hilton in the Eastern District of Virginia.

Ariel Manuel Friedler, 36, of Arlington, Virginia, pleaded guilty to conspiracy to access a protected computer without authorization.   Sentencing is scheduled for Aug. 1, 2014 before U.S. District Judge Anthony J. Trenga in the Eastern District of Virginia.

“The Department of Justice is committed to protecting the intellectual property and private information of our citizens and businesses from economic espionage,” said Acting Assistant Attorney General O’Neil.   “Hackers who think they can anonymously steal confidential information from competitors’ computer systems should take note: we will investigate you, and we will prosecute you.”

“We are committed to working with our law enforcement partners to protect American businesses from intellectual property theft, whether the threat comes from an international or domestic source,” said U.S. Attorney Boente.  “This case should send a clear message:  We will aggressively prosecute criminals who attempt to steal confidential business information while hiding behind a cloak of anonymity.”

“This was a complex investigation involving senior executive management of the Symplicity Corporation who used sensitive customer login credentials to gain unauthorized access to their competitor’s computer networks” said Special Agent in Charge Lee.  “These actions caused significant harm to their competitors and ultimately gave Symplicity an unfair business advantage.  Although many victim businesses seek civil remedies in situations like this, reporting breaches of business computer networks to law enforcement is crucial towards combating these types of crimes.”

According to court records filed with the plea agreement, Symplicity provides student disciplinary records management services to colleges and universities.   Friedler conspired with two other Symplicity employees between 2007 and 2011 to hack into the computer systems of two companies that competed with Symplicity’s business.  Friedler and others decrypted account passwords of former customers, and Friedler hid his IP address using TOR, a network of computers used to encrypt and anonymize online communications.   Friedler then accessed customer contacts and viewed the proprietary and confidential software design and features of competitors Maxient LLC and a second company, identified in court documents as “Company A,” to inform Symplicity’s software development and sales strategy.

This case was investigated by the FBI’s Richmond Field Office.   Trial Attorney Peter V. Roman of the Criminal Division ’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Alexander T.H. Nguyen of the Eastern District of Virginia are prosecuting the case.

Tuesday, February 25, 2014

AG HOLDER WANTS NATIONAL STANDARD FOR REPORTING CYBERATTACKS

FROM:  U.S. JUSTICE DEPARTMENT  
Monday, February 24, 2014
Attorney General Holder Urges Congress to Create National Standard for Reporting Cyberattacks

In a video message released today, Attorney General Eric Holder called on Congress to create a strong, national standard for quickly alerting consumers whose information may be compromised by cyberattacks. This legislation would strengthen the Justice Department's ability to combat crime, ensure individual privacy, and prevent identity theft, while also helping to bring cybercriminals to justice.

The complete text of the Attorney General’s weekly address is available below:

“Late last year, Target – the second-largest discount retailer in the United States – suffered a massive data breach that may have compromised the personal information of as many as 70 million people, in addition to credit and debit card information of up to 40 million customers.  The Department of Justice is currently investigating this breach, in close coordination with the U.S. Secret Service.  And we are moving aggressively to respond to hacking, cyberattacks, and other crimes that harm American consumers – and expose personal or financial information to those who would take advantage of their fellow citizens.

"As we’ve seen – especially in recent years – these crimes are becoming all too common.  And they have the potential to impact millions of Americans every year.  Just days after the Target breach was made public, another major retailer – Neiman Marcus – reported that it also suffered a suspected cyberattack during the holiday season.  And although Justice Department officials are working closely with the FBI and prosecutors across the country to bring cyber criminals to justice, it’s time for leaders in Washington to provide the tools we need to do even more: by requiring businesses to notify American consumers and law enforcement in the wake of significant data breaches.
             
“Today, I’m calling on Congress to create a strong, national standard for quickly alerting consumers whose information may be compromised.  This would empower the American people to protect themselves if they are at risk of identity theft.  It would enable law enforcement to better investigate these crimes – and hold compromised entities accountable when they fail to keep sensitive information safe.  And it would provide reasonable exemptions for harmless breaches, to avoid placing unnecessary burdens on businesses that do act responsibly.

“This legislation would strengthen the Justice Department’s ability to combat crime and ensure individual privacy – while bringing cybercriminals to justice.  My colleagues and I are eager to work with Members of Congress to refine and pass this important proposal.  And we will never stop working to protect the American people – using every tool and resource we can bring to bear.”

Search This Blog

Translate

White House.gov Press Office Feed