Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label US Department Of Justice. Show all posts
US Department Of Justice
Amazon Crypto Exchange cryptocurrency Cryptocurrency Frauds Cyber Fraud DOJ Security Professionals US Department Of Justice

Former Amazon Security Engineer Charged of Defrauding a Crypto Exchange


A prominent cybersecurity pro for Amazon is apparently facing a problem. The U.S. Department of Justice has detained security engineer, Shakeeb Ahmed, with charges of defrauding and money laundering from an unnamed decentralized cryptocurrency exchange, both charged carrying a maximum 20-year-imprisonment.

According to Damian Williams, the U.S. attorney for the Southern District of New York, this was the second case their firm was announcing that is highlighting the case of “fraud in the cryptocurrency and digital asset ecosystem.”

As noted by the DOJ, Ahmed – a former security engineer for an “international technology company” – was able to "fraudulently obtain" from the aforementioned exchange almost $9 million worth of cryptocurrencies. He executed this by creating bogus dates for pricing, in order to produce the fees that he later withdrew for himself.

Williams further added, "We also allege that he then laundered the stolen funds through a series of complex transfers on the blockchain where he swapped cryptocurrencies, hopped across different crypto blockchains, and used overseas crypto exchanges. But none of those actions covered the defendant's tracks or fooled law enforcement, and they certainly didn't stop my Office or our law enforcement partners from following the money."

Ahmed is also charged with allegedly attempting to steal more money from the exchange via "flash loan" attacks, another type of crypto vulnerability

While it was initially imprecise as to what company the accused had worked for, cybersecurity blogger Jackie Singh on Tuesday mentioned that Ahmed was a former Amazon employee. Jackie further mentioned several other online profiles the accused appeared to have links with.

According to a LinkedIn profile that matches Ahmed's job description, he works at Amazon as a "Senior Security Engineer" and has worked there since November 2020. The user's profile continues to claim Amazon as his employer. However, it is still unclear if this profile is in fact representing Ahmed.

Following this, Amazon was contacted to confirm the aforementioned details, to which the company confirmed that he had worked for Amazon. However he is no longer employed with the company, they added. The tech giant said that it could not provide any further information regarding his role in the company.

Moreover, a report by Inner City Press – a New York outlet – confirms that Ahmed appeared at the court following his detainment on Tuesday. The report mentions him wearing flip-flops, shorts, and a T-shirt saying “I code,” to the court hearing. Later, he was released on bond after pleading not guilty and will be permitted to continue living in his Manhattan apartment, according to the site.

Read more »
US Department Of Justice
Criminal Darknet Cyber Crime Dark Web Darknet Markets FBI Genesis Market Underground Forum US Department Of Justice

Genesis Market: Formerly a Popular Dark Web Marketplace Now up for Sale


If one wishes to own a defunct darknet business, they could try reaching out to the backers of Genesis Market, the formerly high-and-mighty seller of stolen data. Today, they appear to be desperate to sell their formerly valued asset for scrap.

According to a report by The Record, several advertisements for the sale of Genesis have recently appeared on underground forums. The FBI deactivated the website early this year as part of an investigation that saw the arrest of numerous site administrators and users. The platform had previously been a popular location for hacking services and stolen data.

The FBI later conducted hundreds of raids in countries all over the world, where several websites were seized that effectively crippled the platform’s operation. One might assume that there would not be much left to sell given the extent of the operation.

However, according to The Record, on June 28 a user account that appears to be associated with Genesis' operators started posting about the business's sale. The user asserted that the darknet platform of the marketplace was still functional and that the FBI had only taken control of the open web domains of the marketplace. Reportedly, the sale involves illegal business infrastructures, including “a complete database (except for some details of the client base), source codes, scripts, with a certain agreement, as well as server infrastructure.”

Although if you are a potential buyer, there are certain concerns that come with such acquisition. They include: 

  • Buying these sites is certainly illegal, and may get you in trouble. 
  • The likelihood that it is some sort of FBI honeypot operation does not seem implausible. 
  • It is hard to assume that Genesis will make a comeback anytime soon because its reputation among users of the darknet is completely destroyed.

Regardless, the answer to how the dark net is doing lately is quite intriguing. Past few years have apparently been challenging for the virtual underworld, thanks to the active and aggressive operations against it by the Justice Department.

A report from February notes that the Darknet revenue has lately experienced losses. The FBI exposing the Hydra marketplace further dropped the revenue flow exponentially. Prior to its downfall, Hydra was one of the most popular cybercrime hotspots on the web. The state’s operation against it seems to have hugely impacted the dark web economy. The Genesis shutdown is likely to have only contributed further to the disturbance in the web’s murkiest realm.

Read more »
US Department Of Justice
CNN Cyber Crime FBI Genesis Market Online crime forum Operation Cookie Monster Sting operation US Department Of Justice

Operation Cookie Monster: FBI Seizes Genesis Market Involved in Identity Theft


More than 100 individuals have been detained by the FBI and European law enforcement agencies for being involved in a global cybercrime forum, that apparently aided in some large-scale identity thefts.

According to the US Justice Department, the operation was directed at Genesis Market, an invitation-only crime forum that has been selling information obtained from more than 1.5 million computers worldwide that contains the login information for more than 80 million user accounts over the past five years.

On Tuesday, the FBI carried out raids on the main websites conducting cybercrime activities from more than a dozen countries, from the Netherlands to Australia.

A senior FBI official told reporters on Wednesday that at least some of the arrests took place in the US but declined to provide any more details due to an ongoing investigation. “Victims of Genesis incurred losses that exceed tens of millions of dollars,” the FBI official said.

Reportedly, 45 of 56 FBI field offices across the US were involved in the investigation, with Attorney General Merrick Garland, in a statement calling the cybercrime sting operation “unprecedented” for law enforcement.

According to the seizure notice seen by CNN, the FBI seized the web domains of Genesis Market in response to a court order from the US District Court for the Eastern District of Wisconsin. As per the seizure notice, the FBI called the takedown "Operation Cookie Monster," a pun on the forum's sale of "cookies," or information about web browsers.

The Genesis Market has played a major part in providing cybercriminals access to compromised computers to carry out cyber frauds like identity theft and ransomware attacks.

According to cybersecurity researchers, the crime forum, which has advertised login information for individual bank accounts, was developed out of research that hackers conducted on anti-fraud technologies used by hundreds of banks and payment networks.

Genesis Market also offers "digital fingerprints" for sale, a collection of computer-generated information used to identify specific people online. According to researchers of cybersecurity company Sophos, advertisements on Genesis Market have asserted that a hacked computer's fingerprints will remain current as long as someone has access to it.

The seizure conducted by the FBI is the latest of the many international law enforcement stings that involve coordinated arrests and raids globally.

Genesis Market “was one of the most, if not the most popular marketplace for stolen network and user information[…]Based on my experience, the void will be filled by those who were not arrested,” said Khodjibaev senior threat intelligence analyst at Cisco Talos.

While some claimed cybercriminals are taken offline by arrests, there is however an extensive demand for stolen personal data, which leads to the rapid emergence of new alleged hackers to fill their places.

Read more »
US Government
Credit Card Fraud Cyber Crime DOJ TOCRP Try2Check US Department Of Justice US Government

US Government Takes Down Try2Check Services Used by Dark Web Markets


The US Government, on Wednesday, announced that it had taken down the credit card checking tool ‘Try2Check’ that apparently gave cybercrime actors access to bulk purchases and sale of stolen credit card credentials to check which cards were legitimate and active.

The US Department of Justice confirmed the issue and charged Denis Gennadievich Kulkov, a citizen of Russia, for being involved in operating a fraudulent credit card checking business that brought in tens of millions of dollars.

The underground service Try2Check, which Kulkov is believed to have founded in 2005, quickly gained enormous popularity among online criminals engaged in the illicit credit card trade and enabled the suspect to earn at least $18 million in bitcoin.

Apparently, Try2Check leveraged the unnamed company’s “preauthorization” service, whereby a business, such as a hotel, requests that the payment processing firm preauthorizes a charge on a customer’s card to confirm that it is valid and has the necessary credit available. Try2Check impersonated a merchant seeking preauthorization in order to extract information about credit card validity.

What Services Did Try2Check Include? 

The services were used by individuals dealing with both the bulk purchase and sale of credit card credentials and were required to check the percentage of valid and active credit cards, including dark web markets like Joker's Stash for card testing.

By using Try2Check services, the defendant duped a well-known U.S. payment processing company whose systems were used to execute the card checks, in addition to credit card holders and issuers.

The services have now been dismantled following a collaborative measure taken by the US Government and partners in Germany and Austria, including units in the Austrian Criminal Intelligence Service, the German Federal Criminal Police Office (B.A.), the German Federal Office for Information Security (B.S.), and the French Central Directorate of the Judicial Police (DCPJ).

"Try2Check ran tens of millions of credit card checks per year and supported the operations of major card shops that made hundreds of millions in bitcoin in profits[…]Over a nine-month period in 2018, the site performed at least 16 million checks, and over a 13-month period beginning in September 2021, the site performed at least 17 million checks," the DOJ stated. 

In addition to this, the US State Department in partnership with the US Secret Service has offered a $10 million reward through the Transnational Organized Crime Rewards Program (TOCRP) for anyone who can help find Kulkov, who is currently a resident of Russia. If found guilty, Kulkov will face a 20-year-imprisonment.

"The individual named in today's indictment is accused of operating a criminal service with immeasurable reach to fund further illicit activity with global impact[…]Thanks to the cooperation and dedication of our global law enforcement community, Try2Check can no longer serve as a vehicle for continued criminal activity or illicit profits," said U.S. Secret Service Special Agent in Charge Patrick J. Freaney.  

Read more »
US Department Of Justice
Cyber Crime DOJ FBI Hive Hive Ransomware Ransomware Ransomware group US Department Of Justice

DOJ Reveals: FBI Hacked Hive Ransomware Gang


The U.S. Department of Justice (DOJ) recently confirmed that the FBI has infiltrated the activities of a popular cyber-crime gang, covertly disrupting their hacking attacks for more than six months. 

According to DOJ, FBI gained deep access to the Hive ransomware group in the late July 2022. The infiltration prevented them from blackmailing $130 million in emancipate bills from more than 300 organizations. 

The files of victims are encrypted by ransomware gangs using malicious software, locking them up and rendering them unavailable unless a ransom is paid to obtain a decryption key. 

It is being estimated that Hive and its affiliates have accumulated over $100 from more than 1,500 victims that included hospitals, school districts, financial companies and critical infrastructure, in more than 80 countries across the globe. 

The FBI revealed that it has collaborated with the local law enforcement agencies to help victims recover from the attack, including the UK's National Crime Agency, which claims to have given around 50 UK organizations decryptor keys to overcome the breaches. 

On Thursday, the US announced that it had put an end to the operation by disabling Hive's websites and communication systems with the aid of police forces in Germany and Netherlands. 

Attorney General Merrick Garland stated that "Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world." 

While the Equity Division had not yet been used to capture any individual connected to Hive attacks, a senior official suggested that such releases might happen soon. 

In regards to the infiltrations, Deputy Attorney General Lisa O Monaco said, "simply put, using lawful means, we hacked the hackers." 

Moreover, the DOJ says it would pursue those behind the Hive until they were brought to justice. 

"A good covert operation can degrade confidence in operational security and inject suspicion among actors,” Mandiant Threat Intelligence head John Hultquist said. "Until the group is arrested, they will never truly be gone. They will have to reconstitute, which takes time, but I'll bet they reappear in time."    

Read more »
US Department Of Justice
Cyber Crime Infraud Organiztion Macedonain Russian US Department Of Justice

US Sentences Russian, Macedonian For Roles in Transantional Cybercrime Enterprise

 

The United States has sentenced nationals from Russia and North Macedonia to prison for their roles in a transnational cybercrime operation that was responsible for theft of $568 million worldwide, according to a Justice Department statement. 

Sergei Medvedev, 33, of Russia, pleaded guilty in the District of Nevada to one count of racketeering conspiracy in June 2020 and was sentenced on Friday to 10 years in prison. According to court documents, Medvedev was a co-founder of Infraud along with Syvatoslav Bondarenko of Ukraine. From November 2010 until Infraud was taken down by law enforcement in February 2018, Medvedev was an active participant in the Infraud online forum. 

Medvedev was running an “escrow” service to facilitate illegal transactions among Infraud members. For several years, Medvedev served as Infraud’s administrator, handling day-to-day management, deciding membership, and meting out discipline to those who violated the enterprise’s rules.

Mark Leopard, 31, of North Macedonia, pleaded guilty in the district of Nevada to one count of racketeering conspiracy in November 2019 and was sentenced today to five years in prison. According to court documents, Leopard joined Infraud in June 2011, offering his services as an ‘abuse immunity’ web hoster to Infraud members who wished to design websites to sell contraband. 

Unlike a legitimate host, Leopard would knowingly cater to websites offering illegal goods and services, ignoring any abusive reports from Internet users. He hosted a number of sites for Infraud members in this fashion, providing the infrastructure that allowed his co-conspirators to profit off their criminal activities.

The enterprise, which boasted over 10,000 members at its peak and operated for more than seven years under the slogan ‘IN Fraud We Trust’. Infraud was responsible for the sale and/or purchase of over four million compromised credit and debit card numbers and the actual loss associated with Infraud was in excess of $568 million, the Us Department of Justice said.

“Today’s sentence should serve as a warning to any web host who willingly looks the other way for a quick buck – and that the United States will hold these bad actors accountable, even when they operate behind a computer screen halfway across the world,” Acting Assistant Attorney General Nicholas McQuaid said.
Read more »
Subscribe to: Posts (Atom)