Tag Archive for: convicted

Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware

/in


Dec 02, 2023NewsroomCybercrime / Malware

TrickBot Malware

A Russian national has been found guilty in connection with his role in developing and deploying a malware known as TrickBot, the U.S. Department of Justice (DoJ) announced.

Vladimir Dunaev, 40, was arrested in South Korea in September 2021 and extradited to the U.S. a month later.

“Dunaev developed browser modifications and malicious tools that aided in credential harvesting and data mining from infected computers, facilitated and enhanced the remote access used by TrickBot actors, and created a program code to prevent the TrickBot malware from being detected by legitimate security software,” the DoJ said.

“During Dunaev’s participation in the scheme, 10 victims in the Northern District of Ohio, including Avon schools and a North Canton real-estate company, were defrauded of more than $3.4 million via ransomware deployed by TrickBot.”

Cybersecurity

Dunaev, who pleaded guilty to committing computer fraud and identity theft and conspiracy to commit wire fraud and bank fraud, faces a maximum of 35 years in prison. He is scheduled to be sentenced on March 20, 2024.

Dunaev is also the second TrickBot gang malware developer to be arrested after Alla Witte, a Latvian national who, was sentenced to two years and eight months in prison in June 2023.

The development came nearly three months after the U.K. and U.S. governments sanctioned 11 individuals suspected of being part of the TrickBot cybercrime group.

TrickBot, which started off as a banking trojan in 2016, evolved into a multi-purpose tool capable of delivering additional payloads to infected hosts and acting as an initial access facilitator for ransomware attacks.

Cybersecurity

After surviving law enforcement to dismantle the botnet, the infamous Conti ransomware crew gained control over the operation. However, both Conti and TrickBot suffered a major blow last year following Russia’s invasion of Ukraine, when Conti pledged allegiance to Russia.

This led to a series of leaks dubbed ContiLeaks and TrickLeaks that gave away valuable information about their internal chats and infrastructure, ultimately resulting in the shut down of Conti and its disintegration into numerous other groups.

Found this article…

Source…

Prison officer who helped smuggle cocaine into convicted murderer’s cell facing jail time

/in


Prison officer, 31, who helped smuggle cocaine and a mobile phone into convicted murderer’s cell at maximum-security jail after ‘forming a close relationship’ is now facing time behind bars herself

  • Heather McKenzie was working at HMP Shotts when she teamed up with convicted murderer Zak Malavin to supply drugs to inmates
  • McKenzie will be sentenced at the High Court in Glasgow on February 23

By David Meikle and Ashlie Mcanally

Published: | Updated:

A prison officer is facing time behind bars after helping to smuggle cocaine into one of Scotland’s most notorious maximum-security jails.

Heather McKenzie was working at HMP Shotts – home to some of the country’s most hardened criminals – when she teamed up with convicted murderer Zak Malavin to supply drugs to inmates.

Prison officials and police started an investigation after noticing a significant rise in the quantities of drugs being found in the jail – and receiving a tip-off about possible staff corruption.

Intelligence suggested McKenzie, 31, was illegally bringing drugs and mobile phones into the prison.

Heather McKenzie (pictured) was working at HMP Shotts – home to some of the country’s most hardened criminals – when she teamed up with a convicted murderer

Heather McKenzie (pictured) was working at HMP Shotts – home to some of the country’s most hardened criminals – when she teamed up with a convicted murderer

Zak Malavin who is serving life for murdering a man in a park by attacking him with a sword, was found to have an iPhone, 1.45g of cocaine and a sleeping pill in his cell

Zak Malavin who is serving life for murdering a man in a park by attacking him with a sword, was found to have an iPhone, 1.45g of cocaine and a sleeping pill in his cell

Malavin, serving life for murdering a man in a park by attacking him with a sword, was found to have an iPhone, 1.45g of cocaine and a sleeping pill in his cell when officers searched it in May 2020.

A search the following month uncovered two knotted bags containing a further 5.7g of cocaine, while data on the iPhone revealed texts and calls to McKenzie.

Police later raided McKenzie’s home in Forth, Lanarkshire, and arrested her after finding £2,500 in cash, mobile phones, syringes and trenbolone – a powerful steroid – as well as traces of cocaine and 28g of another drug, benzocaine.

An iPhone found by police had a missed WhatsApp call from a contact named ‘Zak’….

Source…

Cybersecurity: What a convicted hacker thinks Australia is lacking in cybersecurity

/in


In 1998, Skeeve Stevens was jailed for a hack that was described at the time as Australia’s most “notorious” internet cybercrime. Today, it sounds very similar to the breach that hit Optus in September.
Under the pseudonym Optik Surfer, Stevens hacked internet provider AusNet and shared the credit card and personal details of 1200 people with journalists. His aim was to lay bare the shortcomings of AusNet’s system. For his actions, he was jailed for 18 months.
These days Stevens spends his time consulting with state and federal police, intelligence agencies, the Australian Defence Force and law firms, among others, discussing the weaponisation of technology.

Here’s what he wants you to know about the state of cybersecurity in Australia, who is drawn to hacking, and why they turn criminal.

Money aside, why do people hack?

Stevens told The Feed: you don’t “become a hacker, you kind of always are.”
It’s for people who are curious, talented, but mostly, it’s for people who like puzzles. Stevens just wanted to keep prodding to see where it would take him. Decades ago he hacked into Australian universities, vending machines, and even US agencies, just to see if he could.

“I thought ‘oh that’s cool, now if I do that, do I get that? Does this plus that equal that?” he said.

But he said hackers can veer towards criminality when their skills and talent aren’t met with enough ethical guidance during their learning process.
“I’ve seen eight-year-old girls that are coding three [computer] languages. Some of our kids are amazing,” he said.

“But are they being guided by teachers that can actually help harness and frame those skills? This is where you’re going to end up with bad actors or bad hackers.”

What is missing in Australia’s approach?

Stevens said the first thing Australia is lacking is literacy around cyber security at various levels. He said it starts with the average Australian and extends all the way to those making decisions about data collection and storage.
“There’s a lot of ‘FUD’ in the industry: fear, uncertainty, and doubt from officials,” said Stevens, noting that companies and politicians should be clearer in their communication and messaging.
While cyberattacks are commonplace and…

Source…

Former Uber security chief convicted on charges of covering up a hack in 2016

/in


Former Uber chief security officer Joe Sullivan has been found guilty of charges that he covered up a 2016 cyberattack where a hacker downloaded the personal information of more than 57 million people. The information stolen from Uber included names, email addresses, and phone numbers for more than 50 million Uber riders and 7 million drivers, as well as driver’s license numbers for another 600,000 drivers.

As reported by the New York Times and Washington Post, the jury convicted Sullivan on two counts: one for obstructing justice by not revealing the breach to the FTC and another for misprision, which is concealing a felony from the authorities.

This is believed to be the first time a company executive faced criminal prosecution over a hack.

He’d faced three counts of wire fraud, but prosecutors dismissed those charges in August. Sullivan had served as a security executive at other companies, including Facebook and Cloudflare, and, as the Post points out, in this case, he was pitted against the same San Francisco US attorney’s office where he had previously worked prosecuting cybercrimes.

The hack itself was described by the prosecution in their original complaint (PDF), noting that it almost exactly mirrored a 2014 breach of Uber that, at the time of the incident, the FTC was already investigating the company over. As the trial began in September, Uber’s systems were breached again in a hack linked to an alleged former member of the Lapsus$ ransomware group, forcing it to temporarily take some internal systems offline.

The 2016 breach occurred when two outsiders trawling Github found credentials giving them access to Uber’s Amazon Web Services (AWS) storage, which they used to download its database backups. The hackers then contacted Uber and negotiated a ransom payment in exchange for a promise to delete the stolen information, paid out in $100,000 worth of Bitcoin, and treated as part of the company’s Bug Bounty program. They eventually pleaded guilty to hacking the company in 2019.

Uber’s new CEO testified he “could not trust” his chief security officer.

As the Times notes, this is believed to be the first time a company executive faced criminal prosecution over a…

Source…