Tag Archive for: jailed

Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts

/in


Apr 13, 2024NewsroomCryptocurrency / Regulatory Compliance

Crypto Exchange Thefts

A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million.

Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in December 2023 following his arrest in July.

“At the time of both attacks, Ahmed, a U.S. citizen, was a senior security engineer for an international technology company whose resume reflected skills in, among other things, reverse engineering smart contracts and blockchain audits, which are some of the specialized skills Ahmed used to execute the hacks,” the U.S. Department of Justice (DoJ) noted at the time.

Cybersecurity

While the name of the company was not disclosed, he was residing in Manhattan, New York, and working for Amazon before he was apprehended.

Court documents show that Ahmed exploited a security flaw in an unnamed cryptocurrency exchange’s smart contracts to insert “fake pricing data to fraudulently generate millions of dollars’ worth of inflated fees,” which he was able to withdraw.

Subsequently, he initiated contact with the company and agreed to return most of the funds except for $1.5 million if the exchange agreed not to alert law enforcement about the flash loan attack.

It’s worth noting that CoinDesk reported in early July 2022 that an unknown attacker returned more than $8 million worth of cryptocurrency to a Solana-based crypto exchange called Crema Finance, while keeping $1.68 million as a “white hat” bounty.

Ahmed has also been accused of carrying out an attack on a second decentralized cryptocurrency exchange called Nirvana Finance, siphoning $3.6 million in the process, ultimately leading to its shutdown.

“Ahmed used an exploit he discovered in Nirvana’s smart contracts to allow him to purchase cryptocurrency from Nirvana at a lower price than the contract was designed to allow,” the DoJ said.

Cybersecurity

“He then immediately resold that cryptocurrency to Nirvana at a higher price. Nirvana offered Ahmed a ‘bug bounty’ of as much as $600,000 to return the stolen funds, but Ahmed instead demanded $1.4 million, did not reach…

Source…

Canada’s ‘most prolific hacker’ jailed for two years

/in


A 33-year-old man has been sentenced to two years in prison after admitting his part in a series of ransomware and malware attacks that hit more than one thousand individuals, businesses, and organisations — including three police departments.

Ottawa-based Matthew Philbert, who has been dubbed “Canada’s most prolific hacker,” typically launched attacks by sending malicious emails that posed as job applications, attaching a booby-trapped resume poisoned with malware.

If Philbert’s intended targets made the mistake of opening the attachment their PCs would be infected by a remote access trojan horse that would allow the hacker to infiltrate computer systems and plant further malware,

Hiding his true identity with anonymous email addresses and masking his location with VPNs, Philbert gained full access over infected computers, stealing passwords, and sending emails from victims’ accounts.

According to Ontario Provincial Police, Philbert didn’t care whether the victims of his attacks were big or small, targeting businesses of all sizes including a private elementary school, as well as the Ronald McDonald House in Halifax which provides accommodation for parents of hospitalised children.

Audaciously, the hacker also targeted three police departments – Nishnawbe Aski Police in Thunder Bay, West Vancouver Police Department, and City of Kawartha Lakes Police Department – although none of these are thought to have lost any money.

The Royal Canadian Mounted Police, the US FBI and Europol launched a 23-month-long investigation into the cyber attacks, which culminated with Philbert’s arrest at his home in Ottawa in 2021.

Ontario police discovered Philbert had $46,000 worth of Bitcoin in a cryptocurrency wallet, the apparent proceeds from four different ransomware attacks.

The hacker’s cybercriminal activity is thought to stretch back to the 2000s, when attackers would lock up PCs and display a message claiming to come from the police saying that the computer’s owner had been caught viewing child sexual abuse material.  These rudimentary versions of ransomware would demand a “fine” be paid to unlock the PC and make police turn a blind eye.

Philbert pleaded guilty to fraud, unauthorized use of a…

Source…

Ex-GCHQ man jailed for life after stabbing US security worker

/in


  • By Harriet Robinson, Aruna Iyengar & PA Media
  • BBC News

Video caption,

CCTV of ex-GCHQ man’s attack on US security worker

A former UK intelligence worker has been jailed for stabbing a US government employee.

Joshua Bowles, from Cheltenham, attacked the woman in a leisure centre car park, three miles from GCHQ’s base, in March.

The 29-year-old was handed a life sentence at the Old Bailey, with a minimum term of 13 years.

Armed with two knives, Bowles punched and stabbed the woman repeatedly on 9 March, leaving her with cuts to her abdomen, chest and thigh.

The ex-computer software coding developer later said he had targeted her because he could not handle the “murky waters of ethics” and “the power that the American NSA have and the things they do”.

During sentencing, senior judge Mrs Justice Cheema-Grubb found the stabbing was a “politically motivated attack” driven by “anger and resentment” towards GCHQ and women.

She rejected the defence claim that it was not a terrorist incident, saying Bowles’ internet history showed he had a “deep disaffection with society and a desire to challenge authority”.

The court heard Bowles had planned the attack and searched online for topics including US Unabomber terrorist Theodore Kaczynski, attacks on women, and white supremacy.

Image source, Counter Terrorism Policing

Image caption,

Joshua Bowles was sentenced at the Old Bailey in London

In a victim impact statement, the woman said using her attacker’s name made her “feel sick” and brought back “awful memories”.

She said she was “devastated” to find out they had worked in the same place, adding: “This attack has had a profound effect on me and it’s utterly and completely changed my life.

“Following the attack, I went from being in the best shape I had ever been to being the weakest I have ever been.”

On the day of the stabbing, the woman – referred to by code number 99230 – was followed as she and a friend left a Cheltenham leisure centre after a game of netball.

After hearing someone say “excuse me”, she turned and was punched repeatedly in the face.

‘Hated me’

She fought back, kicking and…

Source…

Sydney man jailed over $100k SMS phishing scam

/in


Sydney man jailed over $100k SMS phishing scam

Sydney Local Court has sentenced a 40-year-old Sydney man to a two-year, eight-month stint in prison over an SMS phishing scam that began in 2018.

The man had created a number of fake websites for the National Australia Bank, the Commonwealth Bank of Australia, and Telstra. He then contacted customers via SMS and tricked them into supplying personal information, which he in turn used to access their own bank and telephone accounts, and to create new accounts in their name.

The NSW Police Cybercrime Squad, working with the AFP, arrested the man on 24 November 2021 after working with the banks and Telstra to identify his victims. Also found on the premises were SIM cards, mobile phones, drug paraphernalia, bank cards, and a range of other electronic devices, all of which were seized by police.

The AFP reports that the man had scammed over $100,000 out of 39 victims, while the companies affected were able to place tighter security on other affected account holders, protecting a further 16,147 account holders.

Last Friday, the man was found guilty of four separate offences regarding obtaining benefit by deception, unauthorised access with intent, and obtaining data with intent. The perpetrator will also be subject to a 13-month good behaviour bond and a $1,000 recognisance bond on release.

“The AFP is committed to tracking down cyber criminals and bringing them to justice, no matter where they are in the world,” said AFP spokesperson Commander Chris Goldsmid.

“Scammers will use any tools they can to exploit people for their own profit. The internet and other new technologies provide opportunities to remotely access potential victims.”

Despite law enforcement’s constant urging that victims are far less likely to recover lost funds if they remain silent, a report released by internet security company Avast in 2022 suggests that almost half of the 37 per cent of Australians impacted by phishing fail to report it.

ISCOVER

“Reporting phishing scams that you encounter is critical to ensure we keep our digital world as safe as possible,” Stephen Kho, a cyber security specialist for Avast, said in the report

“Even…

Source…