Threat Management

Busted! 2019’s top cybercrime news

Spies, whistleblowers, students, executives and every variety of scammer. It seems no one was immune from the long arm of the law, or at least, the indictment, in 2019. Many are in custody, some have been sentenced and others remain at large. 

Julian Assange 

In what might have been the most anticipated arrest in 2019, a bedraggled Julian Assange, founder of WikiLeaks, was rousted from the Ecuadorian Embassy in London in May and eventually slapped with 17 counts of violating the rarely invoked Espionage Act for the 2010 procurement and publication of classified documents nicked by former Army private and intelligence officer Chelsea Manning. 

The WikiLeaks founder first sought asylum in the embassy in 2012 to avoid being picked up by the U.S. for the Manning initiative and by the Swedish government on since-dropped rape allegations.  

Assange and WikiLeaks became a focal point of the 2016 election after the site released thousands of emails stolen by Russian operatives from the Democratic National Committee (DNC) and other Democratic interests. The emails were leaked in a steady stream in 2016 and were widely seen damaging to Hillary Clinton. 

The indictments against Assange do not relate to his actions during the 2016 election, though. The U.S. had eyed Assange for a decade since WikiLeaks published classified documents nicked by Manning. Assange currently sits in custody in the U.K. awaiting possible extradition to the U.S.  

Paige Thompson 

Capital One data thief Paige Thompson and indicted for a series of breaches and cryptojacking attacks that victimized more than 30 different companies and compromised the personal information of 100 million of Capital One’s credit card customers and applicants.. 

Thompson, 33, allegedly created a software program that identifies web application firewall misconfigurations while scanning the publicly-facing portion of servers used by customers of a specific cloud computing services company. The cloud computer company is almost certainly Amazon Web Services, considering that Thompson (aka “erratic”) was a former AWS employee, and reports at the time of Thompson’s arrest last July stated that Capital One’s compromised files were hosted on AWS S3 servers. 

According to the Justice Department, Thompson leveraged the WAF misconfigurations to send commands to the AWS servers that would allow her to obtain credentials for particular user accounts. These credentials allegedly gave her access to additional sensitive data belonging to the AWS customers — data she is accused of copying to her own server. Thompson allegedly also engaged in illicit cryptocurrency mining by drawing from the compromised servers’ processing power, and she allegedly attempted to conceal her location and identity by using virtual private networks and Tor. 

Yujing Zhang  

Security at President Trump’s Florida retreat, Mar-A-Lago, has long been of concern but the arrest of a Chinese national who illegally entered the resort March 30 and was found to be carrying a thumb drive containing malware as well as a laptop, a “hard drive type” device and multiple cell phones, kicked security anxiety into overdrive.  

Yujing Zhang allegedly gained access to the property, claiming to be attending a United Nations Chinese American Association event, reportedly hawked by Li “Cindy” Lang. Lang owns a company that promises access to President Trump and who recently had been in the news after New England Patriots owner Robert Kraft was arrested for soliciting prostitution in a Florida massage parlor she once owned.  

After being removed and detained by Secret Service agents, Zhang said she’d been invited to the event via WeChat by her friend “Charles” and was there to “attempt to speak with a member of the President’s family about Chinese and American foreign economic relations.” No such event was being held at Mar-a-Lago at the time, although an event promoter named Charles Lee does work with the United Nations Chinese Friendship Association and also promotes Yang’s events.Zhang ultimately was arrested and charged with two counts – one for making a false statement to a federal officer and the other for entering restricted property. 

281 BEC scammers 

Sometimes it’s the what, not the who. Over a span of four months in 2019, law enforcement officials at home and abroad arrested 281 individuals, in a massive crackdown on various business email compromise scams. 

Dubbed Operation reWired, the coordinated campaign began in May 2019 and has resulted in 72 arrests in the U.S., and 167 in Nigeria, which is known to be a hotbed of BEC, “419” and romance scams. Arrests also took place in Turkey (18), Ghana (15), France, Italy, Japan, Kenya, Malaysia and the U.K. Among those taken into custody during Operation reWired were Brittney Stokes, 27, of Country Club Hills, Ill., and Kenneth Ninalowo, 40, of Chicago, who face federal charges for allegedly defrauding a community college and an energy company into sending roughly $5 million to their bank accounts. 

In another case, Opeyemi Adeoso, 44, of Dallas, and Benhamin Ifebajo, 45, of Richardson, Texas, were arrested and charged with bank fraud, wire fraud, money laundering and conspiracy for allegedly assuming 12 fake identities and stealing $3.4 million from 37 victims across the U.S. Authorities also broke up a Nigeria-based BEC scheme with hundreds of U.S. victims and more than $10 million in losses.  

Nigerian nationals 

Federal prosecutors issued a 252-count indictment against 80 individuals – mostly Nigerian nationals – who allegedly conspired to bilk at least $46 million from victims via romance scams, business email compromises and other online fraud schemes. 

The grand jury indictment was filed in the Central District of California back in October 2018 and unsealed only after the 2019 arrest of 14 defendants in the U.S. – 11 in the Los Angeles area, the apparent epicenter of the scam. Two others were placed in federal custody prior to the law enforcement crackdown, and another was arrested earlier. The remaining 63 individuals are believed to be abroad, with most in Nigeria. 

The Department of Justice identify the lead defendants as fellow Nigerian citizens Valentine Iro, 31, of Carson, California and Chukwudi Christogunus Igbokwe, 38, of Gardena, California. The pair, both of whom were arrested, allegedly coordinated the management of funds accumulated by the operation and spearheaded a worldwide money-laundering network that elicited the help of money mules who set up fraudulent bank accounts and illicit money exchangers who moved monies overseas. 

Wall Street Market and Valhalla dark web marketplace officials 

Europol dealt a double blow to dark web marketplaces after taking down both the Wall Street Market and Silkkitie, aka The Valhalla Marketplace.  

The Wall Street Market was considered the second largest illegal online market on the dark web with more than 1,150,000 customer accounts and more than 5,400 sellers registered. 

The alleged marketplace officials who are said to have received commission payments of two to six percent of the sales were arrested in Germany while two of the highest selling suppliers of narcotics were arrested in the U.S. and Finnish authorities took down Silkkitie earlier in the year. Authorities seized over €550 000 in cash, alongside cryptocurrencies Bitcoin and Monero in six-digit figures, several vehicles and other evidence, including computers and data storage. 

Monica Elfriede Witt, defector/ex-U.S. spy  

The former U.S. counterintelligence agent specializing in Middle Eastern affairs who defected to Iran in 2013 was indicted by a federal grand jury for conducting espionage on behalf of her adopted country.Witt, an American citizen who served in the U.S. Air Force Office of Special Investigations from 1997 until 2008, was charged with allegedly assisting Iranian hackers to target her former agent colleagues with malware attacks that would gain covert access to the U.S. intelligence computers and networks. Witt, 39, reportedly was known in U.S. intelligence circles as “Wayward Storm.” 

The same indictment charges four Iranian nationals. 

Henry Kyle Frese 

The U.S. Defense Intelligence Agency (DIA) analyst was arrested for supplying top secret national defense information (NDI) on a foreign country’s weapons systems to two journalists, one of whom he reportedly was engaged with romantically. 

Frese, 30, of Alexandria, Va., accessed classified reports in April and May 2018 and passed them to the journalist with whom he was apparently living. At that journalist’s behest, he agreed to speak with a second journalist. A court-authorized surveillance of his cell phone led to his arrest. 

Doug Olenick, Bradley Barth, Robert Abel and SC UK contributed to this article. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.