Cybercriminals often elude authorities but sometimes law enforcement makes a big score and miscreants find themselves in front of a judge and eventually behind bars.
Mark Vartanyan, a.k.a “Kolypto”
Mark Vartanyan, also known as “Kolypto,” who was extradited to the U.S. from Norway in December 2016. Vartanyan later plead guilty March 20, 2017 for his role as a Citiadel malware toolkit co-developer and was sentenced July 19, 2017 to five years in federal prison. The hacker was charged with computer fraud and was responsible for developing, improving, maintaining and distributing the malware between August 2012 and January 2013 and again between April 2014 and June 2014. During this time period the malware stole the financial account credentials and personally identifiable information from victim computer networks affecting nearly 11 million computers worldwide causing more than $500 million in loses.
Marcus Hutchins a.k.a “MalwareTech”
The WannaCry ransomware attack took the globe by storm infecting more than 300,000 computers in over 150 countries worldwide. Several hospitals, local municipalities and other networks containing the EternalBlue exploit were impacted during the initial outbreak of the attack which started May 12, 2017, until Marcus Hutchins a.k.a “MalwareTech” accidentally pulled the plug on the malware. By registering a domain name he found in the code of the ransomware, the researcher effectively halted the initial outbreak of the malware May 15, 2017 and slowed the spread of infection. Hutchins’ victory however, was short lived after the researcher was arraigned in a federal Wisconsin court for allegedly authoring a banking trojan called Kronos. Hutchins plead not guilty and is currently awaiting trial although DOJ attorneys have since filed a “Motion to Revoke,” or an appeal of the magistrate’s order to a district court judge.
Pyotr Levashov, suspected spam king
The 36-year-old man, Pyotr Levashov, was taken into custody on April 7, 2017 while on vacation in Barcelona in a joint operation between Spanish and U.S. authorities on suspicions of being a notorious spam king and for his involvement with the Kelihos Botnet. On April 20, 2017 Levashov was charged in an indictment with one count of causing intentional damage to a protected computer, one count of conspiracy, one count of accessing protected computers in furtherance of fraud, one count of wire fraud, one count of threatening to damage a protected computer, two counts of fraud in connection with email and one count of aggravated identity theft. Authorities say the Kelihos botnet was used to generate and distribute more than 2,500 unsolicited spam e-mails that advertised various criminal schemes.
Ruslan Stoyanov, head of cyber-investigations at Kaspersky Lab
The Kaspersky Lab’s head of cyber-investigations was arrested by Russian authorities on suspicion of committing treason around the same time a senior Russian FSB intelligence officer was also arrested under the same charges. The Russian news website Kommersant said Stoyanov has been in custody since December 2016 and that the researcher was investigating a senior figure within the Russian FSB, who was allegedly receiving money from foreign organizations to assist in cyber-investigations. A Kaspersky Lab spokesperson told SC Media UK that Stoyanov had been under investigation for a period predating his employment with their firm.
Yu Pingan, OPM breach suspect
U.S. officials arrested Chinese national Yu Pingan Aug. 25, 2017on charges relating to the 2015 Office of Personnel Management (OPM) breach that compromised the data of nearly four million people. Authorities arrested Yu on Aug. 21, 2017 when he flew into Los Angeles International Airport after he was accused of conspiring with others to use the Sakula malware in a series of cyberattacks against unnamed U.S. companies, according to court documents. While the OPM breach wasn’t mention specifically in the indictment, Sakula was used in the OPM breach and authorities said Yu used “rare” hacking tools including the named malware, and said Yu was involved in cyberattacks occurred between 2014 and 2015.
Kamyar Jahanrakhshan, attempted to extort Leagle.com
Kamyar Jahanrakhshan, age 32, of Seattle, was arrested July 28, 2017 for the attempted extortion of Leagle.com and several other media companies after the companies refusing to remove court documents involving him from their site. On December 30, 2014, Kamyar Jahanrakhshan, reportedly contacted Leagle.com requesting that the company remove a link to the documents, claiming he was a plaintiff in the case and the posting was tarnishing his reputation as well as violating his privacy, according to a July 28, 2017, Justice Department press release. After the site refused to meet his request, he offered to pay for the removal of the documents, again to no avail. Jahanrakhshan then claimed that he had met with a group of hackers who were willing to launch a DDoS attacks against the organization unless the demands were met. Shortly after the company was hit with distributed denial of service (DDoS) attacks that were also carried out on Fairfax Media5, The Metro News, Canadian Broadcasting Corporation, and Canada.com. Jahanrakhshan was charged in a federal indictment on Aug. 9, 2017 and now faces ten years in federal prison and a $250,000 fine if convicted.
AlphaBay and Ahnsa takedowns
Europol, the FBI, the U.S. Drug Enforcement Agency (DEA) and the Dutch National Police on July 20, 2017 brought down two of the top three darkweb markets, AlphaBay and Hansa in a globally coordinated operation. The sting was in the works for several months and severely hobbled the underpinnings of a criminal economy that has seen 350,000 illicit commodities traded. The takedown included several arrests including that of Alexandre Cazes aka Alpha02 and Admin, 25, a Canadian citizen residing in Thailand. Cazes apparently took his own life while in custody in Thailand however, on July 19, 2017 the U.S. District Attorneys filed a civil forfeiture complaint against Alexandre Cazes and his wife’s assets located throughout the world. Attorney General Jeff Sessions described the takedown as “one of the most important criminal investigations of the year.” The investigation also identified an AlphaBay staffer living in the United States although that investigation is ongoing.
Chinese authorities arrested 11 individuals linked to Fireball malware
On 3 June 2017, Beijing authorities arrested 11 individuals linked to Fireball malware after receiving a tip from someone operating under the pseudonym “Zhang Ming.” The adware is capable of hijacking a user’s browser and running any code on an infected device and is responsible for infecting 250 million users worldwide. It has reportedly affected one out of every five corporate networks, and is believed to have generated 80 million yuan in 2016 alone. Authorities suspected the malware came bundled with free software offered by the Chinese digital marketing agency Rafotech. After confirming this was true, authorities traced the location of the company and arrested 11 of its employees. Earlier this year Microsoft said the threat of the malware was greatly overblown.
Evaldas Rimasauskas, $100 million multinational BEC whaling fraud
Lithuanian authorities arrested Evaldas Rimasauskas in March 2017 for allegedly defrauding two major tech companies out of $100 million by pretending to be a business affiliate. Authorities said Rimasauskas opened a company with a name similar to that of another legitimate company and a variety of bank accounts in Lithuania, Latvia and Cyprus to swindle money from a company. They say he then contacted companies that did business with the legitimate company with the similar name and swindled funds through a series of networked accounts. Rimasauskas is charged with one count of wire fraud and aggravated identity theft and three of money laundering and could face in excess of 20 years in US prison.