hacker arrested | Breaking Cybersecurity News | The Hacker News

Many of you might have this question in your mind: "Is it illegal to test a website for vulnerability without permission from the owner?" Or… "Is it illegal to disclose a vulnerability publicly?" Well, the answer is YES, it's illegal most of the times and doing so could backfire even when you have good intentions. Last year, Hungarian police arrested a 20-year-old ethical hacker accused of finding and exploiting serious vulnerabilities in Magyar Telekom, the largest Hungarian telecommunication company, who is now facing up to 8 years in prison. According to local Hungarian media , the defender first discovered a severe vulnerability in Magyar Telekom systems in April 2018 and reported it to the company officials, who later invited him to a meeting. Reportedly, the hacker then traveled to Budapest for the meeting, which didn't go well as he expected, and apparently, the company did not permit him to test its systems further. However, the man conti

Ukrainian Police have this week busted out two separate groups of hackers involved in carrying out DDoS attacks against news agencies and stealing money from Ukrainian citizens, respectively. According to the authorities, the four suspected hackers they arrested last week , all aged from 26 to 30 years, stole more than 5 million Hryvnia (around 178,380 USD) from the bank accounts of Ukrainian citizens by hacking into their computers. The suspects carried out their attacks by scanning vulnerable computers on the Internet and infecting them with a custom Trojan malware to take full remote control of the systems. The group then apparently enabled key-logging on the infected computers in an attempt to capture banking credentials of victims when the owners of those infected computers fill in that information on any banking site or their digital currency wallet. Once getting a hold on the victims banking and financial data, the attackers logged into their online banking accounts

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

The U.S. authorities have charged two Ukrainian hackers for hacking into the Securities and Exchange Commission's EDGAR filing system and stealing sensitive market-moving reports of companies before their public release. EDGAR, or Electronic Data Gathering, Analysis, and Retrieval, is an online filing system wherein companies submit their financial filings. The system processes around 1.7 million electronic filings per year. EDGAR lists millions of filings on corporate disclosures—ranging from annual and quarterly earnings report to sensitive and confidential information on mergers and acquisitions, which could be used for insider-trading or even manipulating U.S. equity markets. The two Ukrainian hackers, Artem Radchenko and Oleksandr Ieremenko (27-years-old), hacked EDGAR system to extract such sensitive non-public reports of publicly traded companies and sold that information to different groups of traders. According to an indictment [ PDF ] unsealed on Tuesday, amo

A simple DDoS attack could land you in jail for 10 years or even more. A Massachusetts man has been sentenced to over 10 years in prison for launching DDoS attacks against the computer network of two healthcare organizations in 2014 to protest the treatment of a teenager at the centers. Beyond serving 121 months in prison, Martin Gottesfeld , 34, was also ordered by U.S. District Judge Nathaniel Gorton to pay nearly $443,000 in restitution for damages he caused to the targeted facilities. Gottesfeld carried out the DDoS attacks on behalf of the Anonymous hacker collective against Boston Children's Hospital (BCH) and Wayside Youth & Family Support Network—a nonprofit home treatment facility that provides a range of mental health counselings to children, young adults, and families in Massachusetts. In April 2014, the hacker used a botnet of over 40,000 network routers that he infected with customized malicious software to carry out the DDoS attacks that not only knocke

German federal police have arrested a 20-year-old local student for stealing and publishing a massive trove of personal data of hundreds of politicians , journalists and other public figures last month. The young man, whose identity has not been revealed by the police, was arrested after police raided his parent's house in west-central German State of Hesse on Sunday and recovered a computer that the suspect tried to destroy 2 days before the search and a data backup. The suspect, who believed to have acted alone, has admitted of carrying out the mass hacking of German politicians out of anger at their political statements, BKA Federal Criminal Police revealed. "The accused was interrogated on 07.01.2019 by the senior prosecutor and officials of the Federal Criminal Police Office. He comprehensively acknowledged the allegations against him and provided information on his own offenses," the BKA said in a press release . "Due to a lack of grounds for detentio

The Department of Justice announced Wednesday charges against two Iranian nationals for their involvement in creating and deploying the notorious SamSam ransomware. The alleged hackers, Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah, 27, have been charged on several counts of computer hacking and fraud charges, the indictment unsealed today at New Jersey court revealed. The duo used SamSam ransomware to extort over $6 million in ransom payments since 2015, and also caused more than $30 million in damages to over 200 victims, including hospitals , municipalities, and public institutions. According to the indictment, Savandi and Mansouri have been charged with a total of six counts, including one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two counts of intentional damage to a protected computer, and two counts of transmitting a demand in relation to damaging a protected computer. Si

An Irish national who helped run the now-defunct dark web marketplace Silk Road pleaded guilty on Friday to drug trafficking charges that carry a maximum sentence of 20 years in prison. Gary Davis , also known as Libertas, was one of the site administrators and forum moderators for Silk Road, then-largest underground marketplace on the Internet used by thousands of users to sell and buy drugs and other illegal goods and services. Silk Road went down after the law enforcement raided its servers in 2013 and arrested its founder Ross William Ulbricht , who has been sentenced to life in prison after being convicted on multiple counts related to the underground drug marketplace. The FBI also seized Bitcoins (worth about $33.6 million, at the time) from the website. Those Bitcoins were later sold in a series of auctions by the United States Marshals Service (USMS). According to a press release published by US Department of Justice, Davis helped the black market website "r

An Australian teenager who pleaded guilty to break into Apple's private systems  multiple times over several months and download some 90GB of secure files has avoided conviction and will not serve time in prison. An Australian Children's Court has given the now 19-year-old adult defendant, who was 16 at the time of committing the crime, a probation order of eight months, though the magistrate made him understand how serious his offense was. The teen, whose cannot be named under a local law that protects the identity of juveniles, told the court that he hacked into Apple's systems because he was a huge fan of the company and "dreamed of" working for the technology giant. The "Hacky Hack Hack" Folder The teen hacked into Apple's servers not once, but numerous times over the course of more than a year—between June 2015 and November 2016, and in April 2017. As soon as the tech giant detected his presence on their servers, it blocked him and

The Russian man who was accused of operating the infamous Kelihos botnet has finally pleaded guilty in a U.S. federal court. Peter Yuryevich Levashov , 38, of St. Petersburg, Russia, pleaded guilty on Wednesday in U.S. federal court in Connecticut to computer crime, wire fraud, conspiracy and identity theft charges. Levashov, also known by many online aliases including Peter Severa, Petr Levashov, Petr Severa and Sergey Astakhov, has admitted of operating several botnets, including the Storm, Waledac and Kelihos botnets, since the late 1990s until he was arrested in April 2017 . Kelihos botnet, dated back to 2010, was a global network of tens of thousands of infected computers that were used to steal login credentials, send bulk spam emails, and infect computers with ransomware and other malware. Russian Hacker Infects 50,000 Computers With Kelihos Botnet Storm and Waledac botnets also shared Kelihos code, but kelihos was the most notorious botnet of all that alone infect

British police have arrested a 19-year-old teen who is an alleged member of Apophis Squad cybercriminal group responsible for making hoax bomb threats to thousands of schools and airlines; and DDoSing ProtonMail and Tutanota secure email services. George Duke-Cohan was arrested in his bedroom at his family home in Watford by British National Crime Agency (NCA) on 31st August and pledged guilty to three counts of making bomb threats to schools and airlines in Luton Magistrates' Court on Monday. Duke-Cohan spammed out more than 24,000 emails to schools across the UK and in the US as well, claiming that pipe bombs had been planted on the premises, which would blow up the building if $5,000 extortion money was not made within 3 hours. He Got Arrested Third-Time For Making Hoax Bomb Threats This is not the first time Duke-Cohan has been arrested for spreading fake bomb threats. He first created panic in March this year when he emailed thousands of schools in the UK warnin

George Garofano (left) The fourth celebrity hacker—who was charged earlier this year with hacking into over 250 Apple iCloud accounts belonged to Jennifer Lawrence and other Hollywood celebrities—has been sentenced to eight months in prison. Earlier this year, George Garofano, 26, of North Branford, admitted to illegally obtaining credentials of his victims' iCloud accounts using a phishing scheme, carried out from April 2013 to October 2014, in which he posed as a member of Apple's security team and tricked victims into revealing their iCloud credentials. Using stolen credentials, Garofano then managed to steal victims' personal information, including their sensitive and intimate photographs and videos, from their iCloud accounts, and then leaked them on online forums, like 4Chan. Among the victims were Jennifer Lawrence, Kim Kardashian , Kirsten Dunst, Kate Upton, American Olympic gold medallist Misty May Treanor and actors Alexandra Chando, Kelli Garner and

Almost three years after the arrest of two young Dutch brothers, who pleaded guilty to their involvement in creating and distributing CoinVault ransomware malware , a district court in Rotterdam today sentenced them to 240 hours of community service. In 2015, the two suspects — Melvin (25-year-old) and Dennis van den B. (21-year-old) — were arrested from Amersfoort on suspicion of involvement in CoinVault ransomware attacks. The duo was arrested by law enforcement with the help of researchers from Kaspersky Labs , who reverse-engineered the malware and found the full name of one of the suspects and their IP address left accidentally on the command and control server. CoinVault ransomware campaign that began in May 2014 was one of the most successful file-encrypting ransomware program of its time that encrypted over 14,000 Windows computers worldwide, primarily the Netherlands, the US, the UK, Germany, and France. Just like other ransomware attacks, the sole intent of CoinVau

A 21-year-old New Jersey woman has been charged with hacking into the email accounts of pop star and actress Selena Gomez, stealing her personal photos, and then leaked them to the Internet. Susan Atrach of Ridgefield Park was charged Thursday with 11 felony counts—five counts of identity theft, five counts of accessing and using computer data to commit fraud or illegally obtain money, property or data, and one count of accessing computer data without permission. According to the prosecutors, Atrach allegedly hacked into email accounts belonging to Gomez and one of her associates several times between June 2015 and February 2016, the Los Angeles County District Attorney's office said in a press release . She then obtained images and other media stored there and shared them with her friends and posted them online. Gomez, who has more than 138 million followers on Instagram, was the victim of a hacking attack in August 2017, when photographs of her ex-boyfriend Justin Bieb

As it was speculated that the author of LuminosityLink RAT was arrested last year, a plea agreement made available to the public today confirmed the news. Back in September last year, Europol's European Cybercrime Centre (EC3) and National Crime Agency began the crackdown on the LuminosityLink RAT, targeting sellers and users of the malware, which resulted in the seizure of a considerable number of computers and internet accounts across the world, and complete takedown of the threat. Colton Grubbs , a 21-year-old man from Kentucky, the developer of the LumunosityLink RAT has pleaded guilty to federal charges of creating, selling and providing technical support for the malware to his customers, who used it to gain unauthorized access to thousands of computers across 78 countries worldwide. First surfaced in April 2015, the LuminosityLink RAT (Remote Access Trojan), also known as Luminosity, was a hacking tool that was sold for $40, marketing itself as a legitimate tool for Wi

Remember a young hacker who hacked jail systems in an attempt to release his prison inmate early? Well, that hacker will now be joining his inmate behind bars. Konrads Voits of Ypsilanti, Michigan, has been sentenced to seven years and three months in prison for attempting to hack the Washtenaw County Jail computer system and modifying prison records to get his friend released early. Besides spending 87 months in prison, Voits has also been ordered to pay $235,488 in fine to Washtenaw County for the cost accrued in investigating and cleaning up the infiltration that resulted in the compromise of personal information of around 1,600 employees, the US Justice Department announced last week. Between January 24th, 2017 and March 10th, 2017, Voits successfully tricked IT staff at Washtenaw County Jail into visiting a phony website at "ewashtenavv.org," which mimics the official URL, "ewashtenaw.org." The malicious website then installed malware on the IT

In a major hit against international cybercriminals, the Dutch police have taken down the world's biggest DDoS-for-hire service that helped cyber criminals launch over 4 million attacks and arrested its administrators. An operation led by the UK's National Crime Agency (NCA) and the Dutch Police, dubbed " Power Off, " with the support of Europol and a dozen other law enforcement agencies, resulted in the arrest of 6 members of the group behind the " webstresser.org " website in Scotland, Croatia, Canada and Serbia on Tuesday. With over 136,000 registered users, Webstresser website lets its customers rent the service for about £10 to launch Distributed Denial of Service (DDoS) attacks against their targets with little or no technical knowledge. "With webstresser.org, any registered user could pay a nominal fee using online payment systems or cryptocurrencies to rent out the use of stressers and booters," Europol said. The service was also

A Russian man accused of hacking LinkedIn , Dropbox , and Formspring in 2012 and possibly compromising personal details of over 100 million users, has pleaded not guilty in a U.S. federal court after being extradited from the Czech Republic. Yevgeniy Aleksandrovich Nikulin, 30, of Moscow was arrested in Prague on October 5, 2016, by Interpol agents working in collaboration with the FBI, but he was recently extradited to the United States from the Czech Republic on Thursday for his first appearance in federal court. Nikulin's arrest started an extradition battle between the United States and Russia, where he faces significantly lesser criminal charges of stealing $3,450 via Webmoney in 2009. But the Czech Republic ruled in favor of the United States. In the U.S., Nikulin is facing: 3 counts of computer intrusion 2 counts of intentional transmission of information, code, or command causing damage to a protected computer 2 counts of aggravated identity theft 1 count

British citizen and hacker Lauri Love, who was accused of hacking into United States government websites, will not be extradited to stand trial in the U.S., the High Court of England and Wales ruled today. Love, 33, is facing a 99-year prison sentence in the United States for allegedly carrying out series of cyber attacks against the FBI, US Army, US Missile Defence Agency, National Aeronautics and Space Administration (NASA), and New York's Federal Reserve Bank between 2012 and 2013. The High Court ruled Monday that Love should be tried in U.K. after Lord Chief Justice Lord Burnett of Maldon and Justice Ouseley heard he suffered severe mental illness like Asperger syndrome, eczema, asthma, and depression, and may kill himself if extradited. At Westminster Magistrates' Court in London in late 2016, District Judge Nina Tempia ordered Love to be extradited to the U.S. to stand trial, although his lawyers appealed the decision, arguing that he should be tried for his al

Remember " Crackas With Attitude "? A notorious pro-Palestinian hacking group behind a series of embarrassing hacks against United States intelligence officials and leaked the personal details of 20,000 FBI agents , 9,000 Department of Homeland Security officers, and some number of DoJ staffers in 2015. Believe or not, the leader of this hacking group was just 15-years-old when he used "social engineering" to impersonate CIA director and unauthorisedly access highly sensitive information from his Leicestershire home, revealed during a court hearing on Tuesday. Kane Gamble , now 18-year-old, the British teenager hacker targeted then CIA director John Brennan , Director of National Intelligence James Clapper , Secretary of Homeland Security Jeh Johnson, FBI deputy director Mark Giuliano , as well as other senior FBI figures. Between June 2015 and February 2016, Gamble posed as Brennan and tricked call centre and helpline staff into giving away broadband and

Canadian authorities have arrested and charged an Ontario man for operating a website that collected 'stolen' personal identity records and credentials from some three billion online accounts and sold them for profit. According to the Royal Canadian Mounted Police (RCMP), the 27-year-old Jordan Evan Bloom of Thornhill is the person behind the notorious LeakedSource.com —a major repository that compiled public data breaches and sold access to the data, including plaintext passwords. Launched in late 2015, LeakedSource had collected around 3 billion personal identity records and associated passwords from some of the massive data breaches, including LinkedIn , VK.com , Last.Fm , Ashley Madison ,  MySpace , Twitter ,  Weebly and Foursquare , and made them accessible and searchable to anyone for a fee. LeakedSource was shut down , and its associated social media accounts have been suspended after the law enforcement raided its operator earlier last year. However, another