Cybercrime Review 2013: The largest Hacking Scam in US history is prosecuted The NASDAQ Hack (Aleksandr Kalinin)

Four Russians and a Ukrainian have been charged in what prosecutors call "the largest hacking and data breach scheme in US history".

The five plotted in a "worldwide scheme that targeted major corporate networks, stole more than 160 million credit card numbers and resulted in hundreds of millions of dollars in losses," said Paul Fishman, the U.S. Attorney for the District of New Jersey.

US Attorney Paul Fishman

Companies that have been focused included Citibank, 7-Eleven, PNC Financial Services Group, France's largest retailer Carrefour and computers used by the Nasdaq Stock Market.

US prosecutors in New York separately indicted one of the five men and another Russian in another hacking scheme that targeted 800.000 bank accounts. Two of the men are in custody.


On June 25th, 2013, Preet Bharara, the United States Attorney for the Southern District of New York, announced the unsealing of an indictment against Aleksandr Kalinin, aka “Grig,” aka “g,” aka “tempo,” for hacking certain computer servers used by the NASDAQ Stock Market. In a separate indictment also unsealed, Kalinin and another Russian hacker, Nikolay Nasenkov were charged in the same matter.
Both, Kalinin and Nasenkov remain at large.

Fishman said: "This type of crime is the cutting edge. Those who have the expertise and the inclination to break into our computer networks threaten our economic wellbeing, our privacy and our national security."

US Attorney Preet Bharara

Preet Bharara said: “As today’s allegations make clear, cyber criminals are determined to prey not only on individual bank accounts, but on the financial system itself. But would-be cyber thieves should take note: Because of the close and growing collaboration between the U.S. government and the private sector on issues of cyber security, our ability to unmask and prosecute the anonymous perpetrators of cyber crimes - wherever they may be located - has never been stronger.”

FBI Assistant Director in Charge George Venizelos said: “As alleged, Kalinin infiltrated NASDAQ’s servers, allowing for the manipulation and theft of sensitive data. In a series of separate schemes, Kalinin and Nasenkov stole hundreds of thousands of bank account numbers, PINs, and other code to withdraw millions of dollars from victim accounts. Today, their password has expired.”

FBI (AD) George Venizelos

                                   The NASDAQ Hack

From November 2008 through October 2010, Kalinin hacked various computer servers used by the NASDAQ to conduct its business operations. During the courses of these hacka, Kalinin installed on certain NASDAQ servers malicious software (Malware) which permitted him and his companions to secretly access the compromised NASDAQ servers to execute commands on those servers, including commands to delete, change or steal data. (The infected servers did not include the trading platform that allows NASDAQ customers to buy and sell securities.)

                      The Citibank and PNC Bank Hacks

From December 2005 through November 2008, Kalinin and Nasenkov allegedly stole bank account information from financial institutions through computer hacking. Kalinin, Nasenkov, and their co-conspirators then used that account data to access the bank accounts of thousands of individual victims without authorization and without those victims’ knowledge, resulting in the theft of millions of dollars from those accounts.

The Cybercriminals then fraudulently obtained bank account numbers, customer identification numbers (a unique number embossed or printed on the front of an ATM card. See picture), card security codes (a security feature which helps authenticate an ATM card. See picture), and personal identification numbers (PINs) for victims’ accounts at financial institutions, including Citibank and PNC Bank, through computer intrusion and other hacking techniques. As part of the scheme, the defendants and their co-conspirators then encoded the stolen account data onto the magnetic strips of blank plastic ATM cards so that those ATM cards could be used to access individual victims’ bank accounts through ATMs. The ATM cards were then used, along with the stolen account PINs, to access individual victims’ accounts through ATMs located around the world, including the United States, Estonia, Canada, Great Britain, Russia, and Turkey, and to withdraw from those accounts millions of dollars.

CSC

In January 2006, the PINs for hundreds of customer accounts were compromised as a result of a cyber attack launched against PNC Bank’s online banking website. Nasenkov allegedly supplied stolen account information, including PINs, from the compromised bank accounts to co-conspirators who, in return, used the stolen account information to encode blank ATM cards and withdraw approximately 1.3 million USD from victims’ accounts.

In 2007, Kalinin, placed malware on a computer network that processed ATM transactions for Citibank and other financial institutions. This malware recorded data passing over the network and exported it to an outside computer. Using this malicious computer code, Kalinin stole bank account information for approximately 500.000 bank accounts, including approximately 100.000 Citibank accounts. The stolen account information was used to create ATM cards that in turn were used to withdraw approximately 2.9 million USD from Citibank customers’ accounts.

In 2008, Nasenkov used a computer program to mount an attack against Citibank’s online banking website that resulted in the theft of account information for more than 300.000 accounts. The stolen account information was used to create ATM cards that in turn were used to withdraw approximately 3.6 million USD from the compromised accounts.

Kalinin, 26, of St. Petersburg, Russia, is charged with one count of computer hacking in connection with the NASDAQ hack, which carries a maximum sentence of 10 years in prison. In connection with the scheme to steal bank account information, Kalinin is charged with one count of conspiracy to commit bank fraud, which carries a maximum sentence of 30 years in prison; 4 counts of bank fraud, each of which carries a maximum sentence of 30 years in prison; one count of conspiracy to commit access device fraud, which carries a maximum sentence of seven and a half years in prison; one count of aggravated identity theft, which carries a mandatory sentence of two years in prison; and one count of conspiracy to commit computer intrusion, which carries a maximum sentence of 5 years in prison. All in all Kalinin could be sentenced to 174 years and a half in prison.

NASENKOV, 31, of St. Petersburg, Russia, is charged with one count of conspiracy to commit bank fraud, which carries a maximum sentence of 30 years in prison; 4 counts of bank fraud, each of which carries a maximum sentence of 30 years in prison; one count of conspiracy to commit access device fraud, which carries a maximum sentence of seven and a half years in prison; one count of computer intrusion to obtain information, which carries a maximum sentence of five years in prison; one count of computer intrusion to further fraud, which carries a maximum sentence of five years in prison; one count of aggravated identity theft, which carries a mandatory sentence of two years in prison; one count of conspiracy to commit money laundering, which carries a maximum sentence of 20 years in prison; and one count of conspiracy to commit computer intrusion, which carries a maximum sentence of five years in prison. All in all Nasenkov could be sentenced to 219 years and a half in prison.

Albert Gonzalez

The men conspired with Albert Gonzalez, a Miami hacker serving 20 years in prison for stealing 130 million credit- and debit-card records from Heartland Payment Systems.

Other defendants from the Hacker-Ring (also known as the "Moscow-Five") charged are:

• Roman Kotov, 32, of Moscow
• Vladimir Drinkman, 32, of Moscow
• Dmitriy Smilianets, 29, of Moscow
• Mikhail Rytikov, 26, of Odessa, Ukraine

Offical Link to the indictment : HERE (Pdf-File)

NEW YORK Online Child Predators 2012: Samuel Fanelli Sentenced to 15 Years in Prison for Possession of 10.000+ Images of Child Pornography

On March 8th, 2012, Samuel J. Fanelli, 23, of White Plains, New York, got sentenced to 15 years in prison by U.S. District Judge Cathy Seibel in White Plains federal court on charges of possessing, receiving, and distributing child pornography. Fanelli will also have to register as a sex offender.

Judge Cathy Seibel

Fanelli was arrested on January 28th, 2011 by FBI agents and pleaded guilty on July 5th, 2011, where he stated:

"I had some child pornography on my hard drive and I made it available through a peer-to-peer network."

Fanelli, who was working as a babysitter for several Westchester families, also admitted to molesting at least one child he babysat for in his plea agreement. During a search of Fanelli’s residence prior to his arrest, his computer was seized and was found to have more than 10.000 images as well as videos of child pornography.

The slight, monocled Fanelli, looking younger than his 22 years at the time, said he was a college graduate when questioned by Judge Cathy Seibel in White Plains. Seibel asked Fanelli if he knew that his activity on the filesharing network was illegal. "You understood by doing that other people were going to have access to it and be able to download it to their computer via the Internet ?" she asked.

Fanelli answered in the same polite tone he used throughout the hearing:

"Yes, ma'am,"

Fanelli also mentioned that he had been under a psychiatrist's care for about six weeks before his arrest.

The investigation began September 1st, 2010, when an FBI Undercover Agent took over the peer network account of another child pornography user who was online friends with Fanelli. Through that account, the agent accessed Fanelli's computer and downloaded the disastrous files.

U.S. Attorney Preet Bharara

After the Conviction U.S. Attorney Preet Bharara stated:

“Samuel Fanelli victimized children by trafficking in child pornography and, in one case, by sexually abusing a child entrusted to his care. With today’s sentence there will be one less child predator on the street.”

Cybercrime Review: East West Conspiracy - Andrew Auernheimer Convicted of Hacking AT&T’s Servers

Auernheimer

 A federal jury today convicted the head of a self-described “security research” hacking group of breaching AT&T’s servers, stealing e-mail addresses and other personal information belonging to approximately 120.000 Apple iPad users, and disclosing that information to an Internet magazine.

Andrew Auernheimer was convicted on November 20th, 2012, of both counts of a superseding indictment:

1) conspiracy to access AT&T’s servers without authorization and
2) disclose that information to a reporter at Gawker magazine and possession and transfer of means of identification for more than 120.000 iPad users.

Auernheimer was tried before U.S. District Judge Susan D. Wigenton in Newark federal court.

Susan Wigenton

His co-conspirator, Daniel Spitler, 27, of San Francisco, California, previously pleaded guilty to the same charges and is awaiting sentencing.

The iPad is a touch-screen tablet computer, developed and marketed by Apple Computers Inc., that allows users to, among other things, access the Internet and send and receive electronic mail.

Since its introduction in January 2010, AT&T has provided iPad users with Internet connectivity via AT&T’s 3G wireless network. During the registration process for subscribing to the network, a user is required to provide an e-mail address, billing address, and password.

Prior to mid-June 2010, AT&T automatically linked an iPad 3G user’s e-mail address to the Integrated Circuit Card Identifier (ICC-ID), a number unique to the user’s iPad, when he or/and she registered.

Every time a user accessed the AT&T website, the ICC-ID was recognized and the e-mail address was automatically populated for faster, user-friendly access to the site. AT&T kept the ICC-IDs and associated e-mail addresses confidential.

At that time, when an iPad 3G communicated with AT&T’s website, its ICC-ID was automatically displayed in the Universal Resource Locator, or URL, of the AT&T website in plain text. Seeing this, and discovering that each ICC-ID was connected to an iPad 3G user e-mail address, hackers wrote a script termed the “iPad 3G Account Slurper” and deployed it against AT&T’s servers.

The Account Slurper attacked AT&T’s servers for several days in early June 2010 and was designed to harvest as many ICC-ID/e-mail address pairings as possible. It worked by mimicking the behavior of an iPad 3G so that AT&T’s servers would be deceived into granting the Account Slurper access.

Co-conspirator, Daniel Spitler

Once deployed, the Account Slurper used a process known as a “brute force”-Attack against the servers, randomly guessing at ranges of ICC-IDs. An incorrect guess was met with no additional information, while a correct guess was rewarded with an ICC-ID/e-mail pairing for a specific, identifiable iPad 3G user.

From June 5th, 2010 on through June 9th, 2010, the Account Slurper stole for its hacker-authors approximately 120.000 ICC-ID/e-mail address pairings for iPad 3G customers.

Immediately following the theft, the hackers of the Account Slurper provided the stolen e-mail addresses and ICC-IDs to the website Gawker, which published the stolen information in redacted form, along with an article concerning the breach. The article indicated that the breach “exposed the most exclusive e-mail list on the planet” and named a number of famous individuals whose e-mails had been compromised, including Diane Sawyer, Harvey Weinstein, New York Mayor Michael Bloomberg, and then-White House Chief of Staff Rahm Emanuel. The article also stated that iPad users could be vulnerable to spam marketing and malicious hacking. A group calling itself “Goatse Security” was identified as obtaining the subscriber data.

Goatse Security is a so-called “security research” group, composed of Internet hackers, to which both Spitler and Auernheimer belonged.

During the data breach, Spitler and Auernheimer communicated with one another using Internet Relay Chat, an Internet instant messaging program. Those chats not only demonstrated that Spitler and Auernheimer were responsible for the data breach, but also that they conducted the breach to simultaneously damage AT&T and promote themselves and Goatse Security. As the data breach continued, so too did the discussions between Spitler, Auernheimer, and other Goatse Security members about the best way to take advantage of the breach and associated theft. On June 10, 2010, immediately after going public with the breach, Spitler and Auernheimer discussed destroying evidence of their crime.

Each count on which Auernheimer was convicted is punishable by a maximum potential penalty of five years in prison and a fine of 250.000 USD.