Tag Archive for: alleged

Dutch suspect locked up for alleged personal data megathefts – Naked Security

/in


The Public Prosecution Service in the Netherlands [Dutch: Openbaar Ministerie] has just released information about an unnamed suspect arrested back in December 2022 for allegedly stealing and selling personal data about tens of millions of people.

The victims are said to live in countries as far apart as Austria, China, Columbia, the Netherlands itself, Thailand and the UK.

Apparently, the courts have taken a strict approach to this case, effectively keeping the arrest secret from late 2022 until now, and not allowing the suspect out on bail.

According to the Ministry’s report, a court order about custody was made in early December 2022, when the authorities were given permission to keep the suspect locked up for a further 90 days, meaning that they can hold him until at least March 2023 as work on his case continues.

The suspect is being investigated for multiple offences: possessing or publishing “non-public” data, possessing phishing software and hacking tools, computer hacking, and money laundering.

The prosecutors claim that he laundered close to half-a-million Euros’ worth of cryptocurrency during 2022, so we’re assuming that the court considered him a flight risk, decided that if released he might be able to destroy evidence and, presumably, thought that he might try to warn others in the cybercrime forums where he’d been active to start covering their tracks, too.

Governmental breach?

Intriguingly, the investigation was triggered by the appearance on a cybercrime forum of a multi-million record stash of personal data relating to Austrian residents.

Those data records, it seems, turned out to have a common source: the company responsible for collecting radio and TV licence fees in Austria.

Austrian cops apparently went undercover to buy up a copy of the stolen data for themselves, and in the process of doing so (their investigative methods, unsurprisingly, weren’t revealed) identified an IP number that was somehow connected to the username they’d dealt with on the dark web.

That IP number led to Amsterdam in the Netherlands, where the Dutch police took the investigation further.

As the Dutch Ministry writes:

The team has strong indications that…

Source…

Ontario claims $75M stolen in ‘kickback schemes’ run by alleged ringleader of COVID-19 fraud

/in


The Ontario government is alleging that as much as $75 million in taxpayers’ money was stolen as part of elaborate “kickback schemes” in the awarding of computer contracts.

In a dramatic expansion of the province’s civil case against the ex-bureaucrat accused in the alleged $11 million theft of COVID-19 relief funds, the Crown claims at least nine others are involved in a separate “conspiracy” dating back more than a decade.

“The plaintiff (the Ontario government) paid out approximately $40 million pursuant to FFSCs (fee-for-service contracts) resulting from the kickback schemes. The secret commissions totalled approximately $35 million,” government lawyers say in Ontario Superior Court civil filings.

“As a result of the conspiracy, the plaintiff suffered damages in the amount of $75 million,” the submission says.

That is over and above the $11 million allegedly taken from the Support for Families program, which gave Ontario parents $200 per child under age 12 and $250 per child and youth under 21 with special needs to offset online educational expenses early in the pandemic.

In court filings on that matter, the government alleges Sanjay Madan, spouse Shalini Madan, their adult sons Chinmaya and Ujjawal, and associate Vidhan Singh funneled cash to thousands of Bank of Montreal, Royal Bank of Canada, TD, Tangerine, and India’s ICICI bank accounts in 2020.

Sanjay and Shalini were then fired from their government information technology jobs and are currently on trial for criminal charges. Sanjay is charged with two counts of fraud and two counts of breach of trust.

He and Shalini are charged with possession of stolen property and laundering the proceeds of crime. Shalini, Chinmaya and Ujjawal have all denied any involvement in the alleged $11 million theft. Chinmaya and Ujjawal have not been charged criminally.

Singh was charged with money laundering, fraud, and possession of stolen property and Manish Gambhir was charged with possession of stolen property and possession of an identity document related — or purported to relate — to another person. In the criminal matter, Singh and Gambhir have denied any wrongdoing. Gambhir is not named in the civil action.

As the…

Source…

An Alleged Russian Smuggling Ring Was Uncovered in New Hampshire

/in


As Russia’s invasion of Ukraine drags on, navigation system monitors reported this week that they’ve detected a rise in GPS disruptions in Russian cities, ever since Ukraine began mounting long-range drone attacks. Elsewhere, a lawsuit against Meta alleges that a lack of adequate hate-speech moderation on Facebook led to violence that exacerbated Ethiopia’s civil war. 

New evidence suggests that attackers planted data to frame an Indian priest who died in police custody—and that the hackers may have collaborated with law enforcement as he was investigated. The Russia-based ransomware gang Cuba abused legitimate Microsoft certificates to sign some of their malware, a method of falsely legitimatizing hacking tools that cybercriminals have particularly been relying on lately. And with the one-year anniversary of the Log4Shell vulnerability, researchers and security professionals reflected on the current state of open source supply-chain security, and what must be done to improve patch adoption.

We also explored the confluence of factors and circumstances leading to radicalization and extremism in the United States. And Meta gave WIRED some insight into the difficulty of enabling users to recover their accounts when they get locked out—without allowing attackers to exploit those same mechanisms for account takeovers.

But wait, there’s more! Each week, we highlight the security news we didn’t cover in depth ourselves. Click on the headlines below to read the full stories.

Alexey Brayman, 35, was one of seven people named in a 16-count federal indictment this week in which they were accused of operating an international smuggling ring over the past five years, illegally exported restricted technology to Russia. Brayman was taken into custody on Tuesday and later released on a $150,000 bond, after being ordered to forfeit his passport and abide by a curfew. He is an Israeli citizen who was born in Ukraine. Brayman and his wife, Daria, live in Merrimack, New Hampshire, a small town where the two ran an online craft business out of their home. “They are the nicest family,” a delivery driver who regularly drops off packages at their home told The Boston Globe. “They’ll leave…

Source…

US charges Ukrainian national over alleged role in Raccoon Infostealer malware operation • TechCrunch

/in


U.S. officials have charged a Ukrainian national over his alleged role in the Raccoon Infostealer malware-as-a-service operation that infected millions of computers worldwide.

Mark Sokolovsky — also known online as “raccoonstealer,” according to an indictment unsealed on Tuesday — is currently being held in the Netherlands while waiting to be extradited to the United States.

The U.S. Department of Justice accused Sokolovsky of being one of the “key administrators” of the Raccoon Infostealer, a form of Windows malware that steals passwords, credit card numbers, saved username and password combinations, and granular location data.

Raccoon Infostealer was leased to individuals for approximately $200 per month, the DOJ said, which was paid to the malware’s operators in cryptocurrency, typically Bitcoin. These individuals employed various tactics, such as COVID-19-themed phishing emails and malicious web pages, to install the malware onto the computers of unsuspecting victims. The malware then stole personal data from their computers, including login credentials, bank account details, cryptocurrency addresses, and other personal information, which were used to commit financial crimes or sold to others on cybercrime forums.

An example of one of the phishing emails sent by the crime group. Image Credits: U.S. Justice Department.

According to U.S. officials, the malware stole more than 50 million unique credentials and forms of identification from victims around the world since February 2019. These victims include a financial technology company based in Texas and an individual who had access to U.S. Army information systems, according to the unsealed indictment. Cybersecurity firm Group-IB said the malware may have been used to steal employee credentials during the recent Uber breach.

But the DOJ said it “does not believe it is in possession of all the data stolen by Raccoon Infostealer and continues to investigate.”

The Justice Department said it worked with European law enforcement to dismantle the IT infrastructure powering Raccoon Infostealer in March 2022, when Dutch authorities arrested Sokolovsky. According to one report, the malware…

Source…