Tag Archive for: Charges

Former Uber security chief convicted on charges of covering up a hack in 2016

/in


Former Uber chief security officer Joe Sullivan has been found guilty of charges that he covered up a 2016 cyberattack where a hacker downloaded the personal information of more than 57 million people. The information stolen from Uber included names, email addresses, and phone numbers for more than 50 million Uber riders and 7 million drivers, as well as driver’s license numbers for another 600,000 drivers.

As reported by the New York Times and Washington Post, the jury convicted Sullivan on two counts: one for obstructing justice by not revealing the breach to the FTC and another for misprision, which is concealing a felony from the authorities.

This is believed to be the first time a company executive faced criminal prosecution over a hack.

He’d faced three counts of wire fraud, but prosecutors dismissed those charges in August. Sullivan had served as a security executive at other companies, including Facebook and Cloudflare, and, as the Post points out, in this case, he was pitted against the same San Francisco US attorney’s office where he had previously worked prosecuting cybercrimes.

The hack itself was described by the prosecution in their original complaint (PDF), noting that it almost exactly mirrored a 2014 breach of Uber that, at the time of the incident, the FTC was already investigating the company over. As the trial began in September, Uber’s systems were breached again in a hack linked to an alleged former member of the Lapsus$ ransomware group, forcing it to temporarily take some internal systems offline.

The 2016 breach occurred when two outsiders trawling Github found credentials giving them access to Uber’s Amazon Web Services (AWS) storage, which they used to download its database backups. The hackers then contacted Uber and negotiated a ransom payment in exchange for a promise to delete the stolen information, paid out in $100,000 worth of Bitcoin, and treated as part of the company’s Bug Bounty program. They eventually pleaded guilty to hacking the company in 2019.

Uber’s new CEO testified he “could not trust” his chief security officer.

As the Times notes, this is believed to be the first time a company executive faced criminal prosecution over a…

Source…

GTA 6 Hacker Pleads Not Guilty to Computer Misuse Charges

/in


The City of London Police has confirmed that the GTA 6 hacker has pled not guilty to charges of computer misuse. However, he has pled guilty to breaching bail conditions, which police said he violated as reported on Sunday. The police’s Cyber Crime Unit revealed that the 17-year-old teenager (identified only as A.K. for legal reasons) appeared in court over the weekend.

GTA 6 hacker currently detained in youth detention center

gta 6 hacker

City of London detective inspector Michael O’Sullivan confirmed the details in a statement to Eurogamer:

The 17-year-old who appeared at Highbury Corner Youth Court on 24th September has pleaded guilty to breaching his bail conditions and not guilty to computer misuse. The teenager has been remanded to a youth detention center.

The charge of computer misuse is a bit ironic, considering the teenager most likely used his computer exactly as he intended. At any rate, if the suspect is convicted, it will be interesting to see what his sentence will be, considering that he was accused of being the leader of hacking group Lapsus$ in March when he was then 16 years old.

The FBI has yet to issue a statement, though one is likely to follow after additional arrests of other members of the hacking group, who are claimed to have assisted the suspect in his hack of Rockstar Games. Apparently, the teenager is only one of seven suspected of breaching high-profile companies. Journalist Matthew Keys says that the the hacker was responsible for the security breach at Uber. The police was able to track down the suspect due to him using similar hacking techniques in breaching Microsoft, Nvidia, and Okta.

Last week, Rockstar equated the hack to just “a network intrusion” and there wouldn’t be any “long-term effect” on the development of their ongoing projects, including GTA 6.

In other news, the Kena Bridge of Spirits anniversary update comes with a host of new features, and details of the Far Cry 6 GOTY Edition and upgrade pass have been leaked online.

Source…

300+ gallons for $30? Men accused of using device to steal gas face felony charges

/in


NASSAU COUNTY, Fla. – Two men accused of stealing hundreds of gallons of fuel from a 7-Eleven gas station each face a felony charge of grand theft, as well as other charges, according to the Nassau County Sheriff’s Office.

Investigators said deputies were called to the gas station Monday on Lofton Square Court, where they determined two men had installed a device on a gas pump that restricts the flow meter on its pumping system. Arrest reports state the suspects used a key to open the pumps and place the manipulator inside and then used a small remote to control the device.

According to the Sheriff’s Office, the first theft was of 367 gallons of fuel valued at $1,757.93 — but the pump only showed a charge of $30.

The Sheriff’s Office said deputies determined the same two men were involved in a second theft. Investigators said just before the deputy arrived, the men had been pumping for approximately 10 minutes and took approximately 114 gallons of gas valued at about $546.

Ad

“It was determined that the suspects opened the gas pump cabinet using a key without authorization and knowingly and willfully installed a device, which caused the electronic computer system to understate the amount of fuel being pumped,” the Sheriff’s Office reported.

The two men arrested were identified as Ramon Vila-Garcia and Silvio Richard Aguila. Both are both being held at the Nassau County jail.

Booking photos for Ramon Vila and Silvio Aguila provided by Nassau County Sheriff’s Office.

We spoke with cyber security expert Chris Hamer about the device the men were accused of using.

“It was obviously designed by somebody with internal knowledge of the machines because it is custom-made for intercepting the signal from the actual fuel flow meter and modifying it or replacing it with a slower count,” Hamer explained. “So the computer thinks less gasoline is passing through the pipe than it actually is.”

Hamer said devices like the one found by investigators are used by members of organized theft rings that target gas stations all across the U.S.

Ad

“The Secret Service is currently monitoring 40 groups in Florida alone,” Hamer said. “It’s a nationwide problem. It’s a worldwide problem…

Source…

Romanian man extradited to US over Gozi virus hacking charges

/in


A dual Romanian and Latvian national has been extradited to the US from Colombia for allegedly running a “bulletproofing hosting” service that enabled cyber criminals to distribute the Gozi virus.

Mihai Ionut Paunescu, 37 years old and also known as Virus, also allegedly enabled other cyber crimes, such as distributing malware like Zeus Trojan and SpyEye Trojan, initiating and executing distributed denial of service (DDoS) attacks, and transmitting spam, said federal attorneys yesterday.

The Gozi virus, first discovered in 2007, is malware that stole personal bank account information, including usernames and passwords, from users of affected computers, according to allegations in documents filed in Manhattan federal court. The virus infected over one million computers worldwide, including around 40,000 in the US, some of which belonged to NASA.

It caused tens of millions of dollars in losses to individuals, businesses, and governments whose computers were infected. Once installed, Gozi would collect data from the infected computer to capture personal bank account information which was then transmitted to various computer servers controlled by criminals who used the virus. They would then use the personal information to transfer funds out of victims’ bank accounts and into their possession.

“Bulletproof hosting” services helped cyber criminals to distribute the Gozi Virus with little fear of detection by law enforcement, said federal attorneys. Bulletproof hosts provided cyber criminals with critical online infrastructure they needed, including IP addresses and computer servers, in a manner designed to enable them to preserve their anonymity.

Paunescu allegedly rented servers and IP addresses from legitimate internet service providers and then rented these to cyber criminals. He also provided servers which were used as command-and-control servers to conduct DDoS attacks and monitored IP addresses he controlled to determine if they appeared on a special list of suspicious or untrustworthy IP addresses. Lastly, Paunescu also relocated his customers’ data to different networks and IP addresses to avoid being blocked as a result of private security or law enforcement…

Source…