Tag Archive for: charged

Former Contractor Employee Charged for Hacking California Water Treatment Facility

/in


A 53-year-old man from Tracy, California, has been charged for allegedly hacking into the systems of a water treatment facility in an attempt to delete critical software.

The suspect, Rambler Gallo, has been charged with “transmitting a program, information, code, and command to cause damage to a protected computer”, but this is a case of unauthorized access rather than actual hacking. 

Gallo worked for a company contracted by the town of Discovery Bay in California to operate its water treatment facility, which serves 15,000 residents. 

He worked at the company between 2016 and the end of 2020, and during this time he allegedly installed software that allowed him to access the facility’s systems from his personal computer. 

After he resigned in January 2021, he used that remote access software to enter the water facility’s systems and “transmitted a command to uninstall software that was the main hub of the facility’s computer network and that protected the entire water treatment system, including water pressure, filtration, and chemical levels,” according to a press release from authorities in the Northern District of California. 

Gallo faces up to 10 years in prison and a $250,000 fine. 

It’s not uncommon for water facilities to be targeted, including by former employees. One of the most well-known incidents involves the water plant in Oldsmar, Florida. While initially it was believed that malicious hackers had tried to poison the water supply, recent reports said the incident did not involve any hacking and it may have actually been the result of human error. 

Advertisement. Scroll to continue reading.

Related: US Says National Water Supply ‘Absolutely’ Vulnerable to Hackers

Related: Former Ubiquiti Employee Who Posed as Hacker Sentenced to Prison

Related: Former Cisco Employee Sentenced to Prison for Webex Hack

Related: Bipartisan Bill Proposes Cybersecurity Funds for Rural Water Systems

Source…

Russian Man Charged for $200 Million in Ransomware Crimes Involving Crypto

/in


A Russian man has been charged by US authorities for his alleged connection to multiple ransomware schemes that netted him and other attackers nearly $200 million – much of which came through crypto. 

Some of the victims of those ransomware attacks included hospitals, schools, and police departments. 

$200 Million in Ransomware Payments

The culprit – Mikhail Pavlovich Matveev – was part of three ransomware gangs: Lockbit, Babuk and Hive. Collectively, they have obtained almost $200 million from victims after demanding funds in excess of $400 million, per figures from the Department of Justice

The Department noted that Mateev was known online by multiple aliases, including “Wazawaka”, “m1x”, “Boriselcin”, and “Uhodiransomwa.”

“These international crimes demand a coordinated response,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division in the DOJ’s statement. “We will not relent in imposing consequences on the most egregious actors in the cybercrime ecosystem.”

Some of Mateev’s alleged crimes included helping deploy Babuk ransomware against the Metropolitan Police Department in Washington, D.C. in April 2021, as well as a New Jersey nonprofit behavioral healthcare organization in May 2022. 

In the former case, the criminal and his co-conspirators threatened to disclose sensitive materials to the public unless payments were made. Babuk ransomware actors have executed at least 65 attacks around the world since December 2020, demanding $49 million in payments, and receiving at least $13 million. 

In January 2022, cybersecurity journalist Brian Krebs reported that Mateev had claimed affiliation with the Darkside ransomware groups, according to Bloomberg.  Darkside was responsible for a ransomware attack against the Colonial Pipeline in 2021, which netted the attackers 63.7 BTC in forced payments. 

Crypto’s Role in Ransomware

Cryptocurrencies like Bitcoin have become popular tools for conducting ransomware attacks since 2021. Unlike traditional bank transfers, hackers can easily remain anonymous when requesting payments in Bitcoin, and such payments cannot be…

Source…

Madison teen, accused in Memorial bomb threats, now charged in New York with hacking a sports betting website

/in


A Madison teen who still faces felony charges over bomb threats made at Memorial High School last year was arrested Thursday and charged by federal authorities in New York City with hacking an online sports betting website, which had user accounts that were then plundered.

The charges filed on Monday against Joseph H. Garrison, 18, in U.S. District Court for the Southern District of New York allege that in November — about three months after Garrison was charged and released for the Memorial threats — he launched what authorities called a “credential stuffing attack” to find username and password combinations, gleaned from sources on the “dark web,” that would work on other websites where users used the same username-password combinations.

People are also reading…

That included the fantasy sports and sports betting website, which was not identified by name in the complaint.

He then sold the working combinations to buyers on the internet, according to a criminal complaint, and provided detailed instructions on how to use them on the betting site. The buyers used them to steal about $600,000 from the site’s user accounts, the complaint states.

In todays world, its high tech versus high crime. Police work like dusting for prints is now supplemented with point and click. 


A credential stuffing attack uses a computer program to rapidly attempt to log into financial accounts using a list of known username-password combinations to search for working logins. 

Buyers took money from about 1,600 of the site’s 60,000 accounts that were accessed using the stolen credentials, the complaint states.

Intruders were able to clear out an individual user account by setting up a new payment method and depositing $5 into the account to verify it, then withdrawing the account’s balance through that new payment method, the complaint states.

Investigators identified Garrison as the person who carried out…

Source…

18-Year-Old Charged With Hacking 60,000 DraftKings User Accounts

/in


Federal officials have charged an 18-year-old Wisconsin resident for a hack that ensnared 60,000 user accounts at sports betting site DraftKings last year.

Joseph Garrison has been charged with conspiring to drain funds from DraftKings user accounts via a “credential stuffing attack.” This involves taking usernames and passwords exposed in past data breaches and using computer programs to plug the stolen credentials into other sites in an attempt to break into accounts that used the same username/password combinations. 

Federal officials didn’t name the sports betting site. But DraftKings told PCMag it worked with law enforcement to catch the “bad actor(s)” behind the assault. (In December, the company also warned users about the incident.)

Garrison allegedly launched the credential stuffing attack with the help of others on DraftKings in November, successfully comprising about 60,000 accounts. “Garrison then sold access to those victim accounts through various websites that marketed and sold illegal account credentials,” the FBI says in a criminal complaint.  

Garrison sold the hijacked DraftKings accounts with instructions on how to drain the funds, which involved adding a new payment method to a hijacked account. “Using this method, the hackers stole approximately $600,000 from approximately 1,600 victim accounts,” the FBI says.

The instructions

Federal investigators connected Garrison to the crimes by looking at the IP address “that uploaded the instructions to use those stolen credentials to steal money from the victim accounts.” That IP address was tied to a Wisconsin residence belonging to Garrison’s parents. Law enforcement then searched his home, including his home computer and smartphone. 

“On the Garrison computer, law enforcement located at least 69 wordlists which contained at least 38,484,088 individual username and password combinations,” the FBI’s complaint says. Investigators also uncovered messages Garrison sent to his associates about pulling off the hacks, and selling access to hijacked DraftKings accounts. 

“In one particular conversation, Garrison discussed, in substance and in part, how successful he was at credential stuffing attacks, how…

Source…