The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Cyber Crime

US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility

US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility

February 19, 2020Ravie Lakshmanan
The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) earlier today issued a warning to all industries operating critical infrastructures about a new ransomware threat that if left unaddressed could have severe consequences. The advisory comes in response to a cyberattack targeting an unnamed natural gas compression facility that employed spear-phishing to deliver ransomware to the company's internal network, encrypting critical data and knocking servers out of operation for almost two days. "A cyber threat actor used a spear-phishing link to obtain initial access to the organization's information technology network before pivoting to its operational technology network. The threat actor then deployed commodity ransomware to encrypt data for impact on both networks," CISA noted in its alert. As ransomware attacks continue to escalate in frequency and scale , the new development is yet another indication that p
Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks

Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks

January 25, 2020Mohit Kumar
The Indonesian National Police in a joint press conference with Interpol and cybersecurity firm Group-IB earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers. Dubbed ' Operation Night Fury ,' the investigation was led by Interpol's ASEAN Cyber Capability Desk, a joint initiative by law enforcement agencies of Southeast Asian countries to combat cybercrime. According to the press conference, all three accused (23, 26, and 35 years old) were arrested last year in December from Jakarta and Yogyakarta and charged with criminal laws related to the data theft, fraud, and unauthorized access. "The operation is still ongoing in the other five ASEAN countries with which the intelligence was also shared. This case marks the first successful multi-jurisdictional operation against the operators of JavaScript-sniffers in the re
Russian Pleads Guilty to Running 'CardPlanet' to Sell Stolen Credit Cards

Russian Pleads Guilty to Running 'CardPlanet' to Sell Stolen Credit Cards

January 24, 2020Swati Khandelwal
Image credit: Times of Israel. Aleksei Burkov, a 29-year-old Russian hacker, on Thursday pleaded guilty to multiple criminal charges for running two illegal websites that helped cyber criminals commit more than $20 million in credit card fraud. The first website Burkov operated was an online marketplace for buying and selling stolen credit card and debit card numbers—called Cardplanet —which roughly hosted 150,000 payment card details between the years 2009 and 2013. Cardplanet marketplace offered stolen payment card details for anywhere between $2.50 and $10 a card, depending on the card type, country of origin, and the availability of card owner information. The carding website even offered a paid service that allowed buyers to instantly verify if a stolen payment card were still valid. "Many of the cards offered for sale belonged to U.S. citizens. The stolen credit card data from more than 150,000 compromised payment cards was allegedly sold on Burkov's site and
Hacker Who Tried to Blackmail Apple for $100,000 Sentenced in London

Hacker Who Tried to Blackmail Apple for $100,000 Sentenced in London

December 21, 2019Wang Wei
A 22-year-old man who claimed to have access to over 300 million iCloud accounts and threatened to factory reset all accounts unless Apple pays ransom has pleaded guilty in London for trying to blackmail Apple. In March 2017, Kerem Albayrak from North London claimed to be a spokesman for a hacking group called the " Turkish Crime Family " and in possession of 319 million iCloud accounts. Albayrak gave Apple a deadline until April 7, 2017, to pay up $75,000 in crypto-currency or $100,000 worth of iTunes gift cards in return for deleting the copy of stolen database, the U.K. National Crime Agency said in a statement , calling the blackmailer a "fame-hungry cyber-criminal." However, if the company failed to meet his demands, Albayrak threatened that he would start remotely wiping the victim's Apple devices, factory reset iCloud accounts, and dump the stolen database online. In late March 2017, the NCA's National Cyber Crime Unit arrested Albayrak at
British Hacker Accused of Blackmailing healthcare Firms Extradited to U.S.

British Hacker Accused of Blackmailing healthcare Firms Extradited to U.S.

December 19, 2019Swati Khandelwal
A British man suspected to be a member of ' The Dark Overlord ,' an infamous international hacking group, has finally been extradited to the United States after being held for over two years in the United Kingdom. Nathan Francis Wyatt , 39, appeared in federal court in St. Louis, Missouri, on Wednesday to face charges related to his role in hacking healthcare and accounting companies in the U.S. and then threatening to publish stolen information unless victims paid a ransom in Bitcoin. According to a court indictment unsealed yesterday, Wyatt faces one count of conspiracy, two counts of aggravated identity theft and three counts of threatening to damage a protected computer. However, the suspect has not yet pledged guilty to any of the charges in the U.S. federal court, where he appeared after fighting for 11 months to avoid being extradited from Britain. Cyber Attacks by The Dark Overlord Group British police first arrested Wyatt in September 2016 during an inves
Russian Police Raided NGINX Moscow Office, Detained Co-Founders

Russian Police Raided NGINX Moscow Office, Detained Co-Founders

December 12, 2019Mohit Kumar
Russian law enforcement officers have raided the Moscow offices of Nginx—the company behind the world's second most popular web server software—over a copyright infringement complaint filed by Rambler, a Russian Internet portal and email service provider. According to multiple reports from local media and social media, the police conducted searches and has also detained several employees of the company, including Igor Sysoev , the original developer of Nginx and Maxim Konovalov , another co-founder of the company. Over 30% of the websites on the Internet today, including many of the world's most popular sites like Netflix and Twitch, run on the Nginx server. Igor Sysoev created the Nginx web server in the early 2000s and open-sourced it in 2004, after which he founded the company Nginx in 2015 that has now been acquired by F5 Networks , an American technology company, for $ 670 million. According to a copy of the complaint shared on Twitter, Rambler accused that Sys
Europol Shuts Down 'Imminent Monitor' RAT Operations With 13 Arrests

Europol Shuts Down 'Imminent Monitor' RAT Operations With 13 Arrests

November 29, 2019Mohit Kumar
In a coordinated International law enforcement operation, Europol today announced to shut down the global organized cybercrime network behind Imminent Monitor RAT , yet another hacking tool that allows cybercriminals to gain complete control over a victim's computer remotely. The operation targeted both buyers and sellers of the IM-RAT (Imminent Monitor Remote Access Trojan), which was sold to more than 14,500 buyers and used against tens of thousands of victims across 124 countries. The infrastructure and front-end sale website of the Imminent Monitor have also been seized as part of this operation, making the Trojan unusable for those who already bought it, as well as unavailable for the new users. Promoted as a legitimate remote administration framework, the hacking tool was widely used to unauthorisedly access targeted users' computers and steal their login credentials for online banking and other financial accounts. According to Europol's press release , aut
Russian Hacker Behind NeverQuest Banking Malware Gets 4 Years in U.S. Prison

Russian Hacker Behind NeverQuest Banking Malware Gets 4 Years in U.S. Prison

November 22, 2019Swati Khandelwal
A Russian hacker who created and used Neverquest banking malware to steal money from victims' bank accounts has finally been sentenced to 4 years in prison by the United States District Court for the Southern District of New York. Stanislav Vitaliyevich Lisov , 34, was arrested by Spanish authorities at Barcelona–El Prat Airport in January 2017 on the request of the FBI and extradited to the United States in 2018. Earlier this year, Lisov pleaded guilty to one count of conspiracy to commit computer hacking, involving attempts to steal at least $4.4 million from hundreds of victims using the NeverQuest banking trojan. Just like any other sophisticated banking Trojan, NeverQuest , aka Vawtrak or Snifula, has also been designed to let attackers remotely control infected computers and steal a wide range of sensitive information. Besides stealing login information for banking or other financial accounts using a keylogger or web form injection techniques, the malware was also c
Two Hackers Who Extorted Money From Uber and LinkedIn Plead Guilty

Two Hackers Who Extorted Money From Uber and LinkedIn Plead Guilty

October 31, 2019Mohit Kumar
Two grey hat hackers have pleaded guilty to blackmailing Uber , LinkedIn, and other U.S. corporations for money in exchange for promises to delete data of millions of customers they had stolen in late 2016. In a San Jose courthouse in California on Wednesday, Brandon Charles Glover (26) of Florida and Vasile Mereacre (23) of Toronto admitted they accessed and downloaded confidential corporate databases on Amazon Web Services using stolen credentials. After downloading the data, the duo contacted affected companies to report security vulnerabilities and demanded money in exchange for the deletion of the data, according to a press release published by the US Justice Department. "I was able to access backups upon backups, me and my team would like a huge reward for this," the hackers said to the victim company in an email. "Please keep in mind, we expect a big payment as this was hard work for us, we already helped a big corp which paid close to 7 digits, all
Binance Confirms Hacker Obtained Its Users' KYC Data from 3rd-Party Vendor

Binance Confirms Hacker Obtained Its Users' KYC Data from 3rd-Party Vendor

August 26, 2019Wang Wei
As suspected, the KYC details of thousands of Binance's customers that hackers obtained and leaked online earlier this month came from the company's third-party vendor, Malta-based cryptocurrency exchange Binance confirmed. For those unaware, Binance, the world's largest cryptocurrency exchange by volume, hit by a " Potential KYC leak " earlier this month, with an unknown hacker distributing the Know Your Customer (KYC) images of hundreds of its users online and to media outlets. Before leaking the KYC images online, the alleged hacker threatened the exchange to release KYC data of its 10,000 customers if the company did not pay 300 Bitcoins—equivalent to over $3 million at today's exchange value. While Binance CEO Changpeng Zhao called the incident a fud (fear, uncertainty, doubt), the exchange recently confirmed that some of the leaked images match actual accounts though others show evidence of manipulation. According to an official blog post , t
Hacker Ordered to Pay Back Nearly £1 Million to Phishing Victims

Hacker Ordered to Pay Back Nearly £1 Million to Phishing Victims

August 23, 2019Wang Wei
A prolific hacker who carried out phishing scams against hundreds of companies worldwide has been ordered to pay back more than $1.1 million (over £922,000) worth of cryptocurrencies to his victims. Grant West , a 27-year-old resident of Kent, England, targeted several well-known companies around the world since 2015 to obtain the financial data of tens of thousands of customers and then sold that data on underground forums in exchange for Bitcoins or other cryptocurrencies. West, who operated under the online moniker of 'Courvoisier,' stashed the resulting cryptocurrencies in multiple accounts and wallets, which was confiscated by the Metropolitan police after West's arrest in September 2017 following a two-year-long investigation code-named ' Operation Draba .' Metropolitan Police Cyber Crime Unit (MPCCU) also seized an SD card from West's home, which contained approximately 78 million individual usernames and passwords as well as 63,000 credit and de
Judge Rules No Jail Time for WannaCry 'Killer' Marcus Hutchins, a.k.a. MalwareTech

Judge Rules No Jail Time for WannaCry 'Killer' Marcus Hutchins, a.k.a. MalwareTech

July 26, 2019Swati Khandelwal
Marcus Hutchins, better known as MalwareTech, has been sentenced to "time served" and one year of supervised release for developing and selling the Kronos banking malware. Yes, Hutchins will not go to prison, United States District Judge J.P. Stadtmueller ruled today in Milwaukee County Court, after describing his good work as "too many positives on the other side of the ledger." In response to today's sentencing Hutchins said : "Sentenced to time served! Incredibly thankful for the understanding and leniency of the judge, the wonderful character letter you all sent, and everyone who helped me through the past two years, both financially and emotionally." Marcus Hutchins, 25, is the same British malware analyst who gained notoriety in cybersecurity circles for "accidentally" helping to stop the WannaCry ransomware outbreak in 2017 that wreaked havoc in over 150 countries and brought down companies across all industries. Hutchins was a
Silk Road Admin Sentenced to 78 Months in Prison On Drug Trafficking Charges

Silk Road Admin Sentenced to 78 Months in Prison On Drug Trafficking Charges

July 26, 2019Swati Khandelwal
An Irish national has been jailed for six-and-a-half years for his role as one of the administrators and forum moderators who helped run now-defunct dark web marketplace " Silk Road ." Gary Davis , 31, of Wicklow, Ireland, was known as 'Libertas' on the Silk Road website, then-largest underground black marketplace on the Internet used by thousands of people to buy and sell drugs and other illegal goods and services. Silk Road site administrators were responsible for, among other things, monitoring user activity on the underground website for any problem, responding to customer service inquiries, and resolving any dispute between buyers and vendors. Davis was indicted by U.S. federal prosecutors in 2013 when authorities shut down the Silk Road website and arrested its founder Ross William Ulbricht , who was sentenced to life in prison in 2015 after being convicted on multiple counts related to the black marketplace. "During its operation from 2011 un
DDoS Attacker Who Ruined Gamers' Christmas Gets 27 Months in Prison

DDoS Attacker Who Ruined Gamers' Christmas Gets 27 Months in Prison

July 04, 2019Wang Wei
A 23-year-old hacker from Utah who launched a series of DDoS attacks against multiple online services, websites, and online gaming companies between December 2013 and January 2014 has been sentenced to 27 months in prison. Austin Thompson, a.k.a. "DerpTroll," pledged guilty back in November 2018 after he admitted to being a part of DerpTrolling , a hacker group that was behind DDoS attacks against several major online gaming platforms including Electronic Arts' Origin service, Sony PlayStation network, and Valve Software's Steam during Christmas. "Thompson typically used the Twitter account @DerpTrolling to announce that an attack was imminent and then posted "scalps" (screenshots or other photos showing that victims' servers had been taken down) after the attack," the DoJ says. According to a U.S. Department of Justice press release published Wednesday, Thompson's actions caused the victim companies at least $95,000 in damages. T
GandCrab Ransomware Decryption Tool [All Versions] — Recover Files for Free

GandCrab Ransomware Decryption Tool [All Versions] — Recover Files for Free

June 18, 2019Mohit Kumar
Cybersecurity researchers have released an updated version of GandCrab ransomware decryption tool that could allow millions of affected users to unlock their encrypted files for free without paying a ransom to the cybercriminals. GandCrab is one of the most prolific families of ransomware to date that has infected over 1.5 million computers since it first emerged in January 2018. Created by BitDefender, the new GandCrab decryption tool [ download ] can now unlock files encrypted by the latest versions of the ransomware, from 5.0 to 5.2, as well as for the older GandCrab ransomware versions. As part of the " No More Ransom " Project, BitDefender works in partnership with the FBI, Europol, London Police, and several other law enforcement agencies across the globe to help ransomware affected users. The cybersecurity company in recent months released ransomware removal tools for some older GandCrab versions that helped nearly 30,000 victims recover their data for free,
U.S. Charges Chinese Hacker For 2015 Anthem Data Breach

U.S. Charges Chinese Hacker For 2015 Anthem Data Breach

May 09, 2019Mohit Kumar
The United States Justice Department today announced charges against a Chinese hacker and his hacking team member for their alleged role in the 2015 massive data breach at health insurance giant Anthem and three other unnamed American companies. Fujie Wang (王 福 杰) and another hacker named John Doe with three different aliases—Deniel Jack, Kim Young, and Zhou Zhihong—are charged with four counts of conspiracy to commit fraud, wire fraud, and damage to a protected computer, according to an indictment [ pdf ] unsealed today in federal court in Indianapolis. In 2015, the hackers managed to breach Anthem, the country's second-largest health insurance company and stole personal information of over 80 Millions of its customers, including their Social Security Numbers, birthdates, email addresses, residential addresses, medical identification numbers, employment information, and income data. The incident marked as one of the worst data breaches in history, with the company paying
WikiLeaks' Julian Assange Sentenced to 50 Weeks in UK Jail

WikiLeaks' Julian Assange Sentenced to 50 Weeks in UK Jail

May 01, 2019Mohit Kumar
WikiLeaks founder Julian Assange has been sentenced to 50 weeks—for almost a year—in prison by a London court for breaching his bail conditions in 2012 and taking refuge in the Ecuadorian embassy for nearly 7 years. The 47-year-old Assange was arrested last month by London's Metropolitan Police Service after the Ecuadorian government suddenly withdrew his political asylum . Within hours of his arrest, Assange was convicted at Westminster Magistrates' Court of skipping bail in June 2012 after an extradition order to Sweden over claims of sexual assault and rape allegations made by two women. Although Sweden dropped its preliminary investigation into the rape accusation against Julian Assange in 2017, Assange chose not to leave the Ecuadorian Embassy due to fears of extradition to the United States. In the Southwark Crown Court today Judge Deborah Taylor gave Assange a sentence close to the maximum of a year in custody, saying it was hard to "envisage a more ser
Europol Now Going After People Who Bought DDoS-for-Hire Services

Europol Now Going After People Who Bought DDoS-for-Hire Services

January 29, 2019Swati Khandelwal
If you were a buyer of any online DDoS-for-hire service, you might be in trouble. After taking down and arresting the operators of the world's biggest DDoS-for-hire service last year, the authorities are now in hunt for customers who bought the service that helped cyber criminals launch millions of attacks against several banks, government institutions, and gaming industry. Europol has announced that British police are conducting a number of live operations worldwide to track down the users of the infamous Webstresser.org service that the authorities dismantled in April 2018. Launched in 2015, Webstresser let its customers rent the service for about £10 to launch Distributed Denial of Service (DDoS) attacks against their targets with little to no technical knowledge, which resulted in more than 4 million DDoS attacks. According to the Europol announcement published on Monday, the agency gained access to the accounts of over 151,000 registered Webstresser users last yea
Real Identity of Hacker Who Sold LinkedIn, Dropbox Databases Revealed

Real Identity of Hacker Who Sold LinkedIn, Dropbox Databases Revealed

November 21, 2018Swati Khandelwal
The real identity of Tessa88—the notorious hacker tied to several high-profile cyber attacks including the LinkedIn , DropBox and MySpace mega breaches—has been revealed as Maksim Vladimirovich Donakov (Максим Владимирович Донаков), a resident of Penza, Russian Federation. In early 2016, a hacker with pseudonym Tessa88 emerged online offering stolen databases from some of the biggest social media websites in the world, including LinkedIn, MySpace, VKontakte (vk.com), Dropbox, Rambler , and Twitter , for sale in various underground hacking forums. The stolen data, taken years ago from several social media sites, included more than half a billion username and password combinations, which were then used in phishing, account takeover, and other cyber attacks. Though Tessa88's profile was active for a few months between February and May 2016, the OPSEC analysis revealed that the same person was involved in various cybercriminal activities since as early as 2012 under different
Two TalkTalk hackers jailed for 2015 data breach that cost it £77 million

Two TalkTalk hackers jailed for 2015 data breach that cost it £77 million

November 20, 2018Swati Khandelwal
Two hackers have been sent to prison for their roles in hacking TalkTalk , one of the biggest UK-based telecommunications company, in 2015 and stealing personal information, banking, and credit card details belonging to more than 156,000 customers. Matthew Hanley, 23, and Connor Allsopp, 21, both from Tamworth in Staffordshire, were sentenced Monday to 12 months and 8 months in prison, respectively, after they admitted charges relating to the massive breach that cost TalkTalk £77 million in losses. The total cost also included the massive £400,000 fine imposed by the Information Commissioner's Office (ICO) on TalkTalk for failings to implement the most basic security measures in order to prevent the hack from happening. At the Old Bailey, the judge Anuja Dhir described Hanley as a "dedicated hacker" and sentenced him to 12 months in prison; whereas, Allsopp gets 8-months prison for his lesser role in the cyber attack. The Judge also said that it was a tragedy
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.