Cyber Fraud News Stories 4



By Stephanie Ayres
10 January 2017
New York, New York

Prosecutors in the Southern District of New York have filed a superseding indictment charging three Chinese nationals with infiltrating the servers and computers of prominent securities law firms to obtain inside information on upcoming mergers and acquisitions in order to engage in pre-merger trading of the stocks in question.

Iat Hong and Chin Hung of Macao and Bo Zheng of Changsha, China were accused of obtaining credentials of a law firm employee that gave them access to the firm’s email servers where they installed malware to monitor the communications of firm partners working on M&A deals.

When they discovered a deal approaching completion, the defendants would allegedly purchase the stock in question and then sell at a profit after the deal was publicly announced.

According to a December 27 statement from the US Attorney’s office in Manhattan, a couple of the deals described in the indictment included a planned acquisition of Intermune by Roche AG and an acquisition of Altera Corporation by Intel Corporation in 2014 and 2015, respectively.

The hackers allegedly tried to use these methods to gain access to emails at other securities law firms with varying degrees of success.

By Stephanie Ayres
29 December 2016
Cleveland, Ohio

The US Attorney’s office for the Northern District of Ohio announced on December 16 the extradition of three individuals from Romania to face US charges relating to their use of a variety of malware programs to access thousands of computers to obtain credit card information and user credentials.

According to the US Attorney’s December 16 statement, the defendants sold the credit card data they obtained to get money to fund their own scheme, which focused on internet auction sites such as Ebay. Over a thousand bogus items for sale were submitted to the auction sites. The entries included a photo of the purported item. When visitors clicked the photos, they would be redirected to a spoofed auction site designed to mimic the real auction site. At the defendants’ allegedly bogus auction site, would-be purchasers of the items listed would be told to submit a payment through a malicious channel called “Ebay Escrow Agent” which would send the purchaser’s payment to shell companies controlled by the defendants.

Defendants Bogdan Nicolescu, Tiberiu Danet, and Radu Miclaus were charged with twelve counts of wire fraud, one count of conspiracy to commit wire fraud, conspiracy to traffic in counterfeit service marks, aggravated ID theft, conspiracy to cmmit money laundering, and conspiracy to violate the Computer Fraud Abuse Act.

By Stephanie Ayres
21 December 2016
Pittsburgh, Pennsylvania

The US Department of Justice (DOJ) announced a series of raids and arrests in several countries to take down a network of servers allegedly used by cyber fraudsters to facilitate the execution of malware operations such as ransom schemes, theft and distribution of banking credentials for purposes of theft and laundering operations using so-called “money mules.”

Avalanche reportedly had a multi-layered structure that allowed the transfer of data through a series of controlled servers before eventually routing it to the end user. According to a December 5 statement from the US Attorney’s office for the Western District of Pennsylvania, investigators found over 800,000 domain names associated with the Avalanche network used to accomplish the routing of compromising information and money through multiple channels to avoid detection by cyber security. Orders issued by US federal courts were used by investigators to seize, block, and redirect data traveling from infected computers to and through the Avalanche network.

Citing reports in Ukrainian media, investigative blogger Brian Krebs reported in December that the suspected mastermiind of the Avalanche system, Gennady Kapkanov, was arrested by Ukrainian police after a shootout at his home, but was later released by a Ukrainian judge, supposedly because the cybercrime charges entered against him didn’t justify holding him in custody. After the release, Kapkanov reportedly disappeared. (1)


(1) “Avalanche crime ring leader eludes justice,” Krebs on Security, December 18, 2016

By Stephanie Ayres
29 November 2016
Dallas, Texas

Four individuals have been charged in connection with a scheme to obtain video game tokens called “FIFA Coins” that could be exchanged for cash on a secondary market outside the game environment in which they were created and used.

A game called “FIFA Football” operated by the Electronic Acts Company reportedly allowed players to receive “FIFA Coins” as a reward based on the number of matches the players engaged with. According to a statement from the US Attorney’s office in Dallas, a group of hackers discovered a way to evade the company’s security measures to record on the company’s logs that they had engaged with thousands of matches in a matter of minutes and thus receive a large number of “FIFA Coins” which they were able to exchange on the secondary market for about $16,000.

The US Attorney’s statement announced that one defendant, Anthony Clark of Whittier, California, was convicted on a charge of conspiracy to commit wire fraud in federal court in Fort Worth. Three co-defendants in the scheme, Nick Castelluci of New Jersey, Ricky Miller of Texas, and Eaton Zveara of Virginia already pleaded guilty to a similar charge for their roles in the scheme.

By Stephanie Ayres
31 October 2016
New York, New York

A civil lawsuit over the fate of some $12 million looted from an Ecuadoran bank called Banco del Austro in January 2015 grew from a dispute between Banco del Austro and Wells Fargo, which processed requests for transfers made through the SWIFT interbank messaging system.

The $12 million was removed from Banco del Austro through a series of transfers over a period of about ten days and was sent to bank accounts in Hong Kong. According to a June 2016 report by “Reuters,” the address for the largest recipient of the Ecuadoran funds, Jinshun Group Company Ltd., appeared to be an improvised hangout for internet gamers in a rundown industrial district of Hong Kong.

Reporters described their attempts to follow the trail on the street and the legal paper trail in Hong Kong, but aside from discovering that some portion of the money went to a jewelry wholesaler and that Jinshun and related entities appeared to be controlled by unlocatable mainland Chinese individuals, the trail turned out to be a dead end.

Back in New York, Banco del Austro had alleged that Wells Fargo should have treated the transfers as suspicious. Wells Fargo reportedly countered that security problems at the bank in Ecuador were at the root of the issue, because a hacker had obtained a bank employee’s SWIFT log-in credentials and presumably used this access to carry out the transfers. A federal judge denied Wells Fargo’s motion to dismiss the case, so there may be more details to emerge about how the theft was carried out.

By Stephanie Ayres
18 June 2016
Seattle, Washington

The US Attorney’s office in Seattle announced on June 3 that Brian Richard Farrell was sentenced in Seattle federal court to eight years in federal prison and four yours of supervised release after pleading guilty to conspiracy to distribute controlled substances.

Farrell was an administrator of the Silk Road 2.0 website, which was operated on the Tor network of the so-called “dark web” to sell illegal drugs and other illegal products and also to launder the proceeds of such sales. This second version of Silk Road was set up in November 2013 to replace the original Silk Road website shut down a year earlier. The key control figure of the 2.0 site was identified by authorities as Blake Benthall, who was arrested in connection with his role in the site administration.

By Stephanie Ayres
30 January 2016
Seattle, Washington

The US Attorney’s office in Seattle announced on January 22 that Alexander Mihailovsky, a Belarus national, will be extradited to the US in connection with a 2012 indictment alleging conspiracy to commit wire fraud, accessing a protected computer in furtherance of fraud, and intentional damage to a protected computer.

Mihailovsky, using a company called Mystique Enterprises Ltd, processed credit card payments for an organized gang that tricked people into buying fake anti-virus software by promising to protect computers against nonexistent threats. According to the US Attorney’s January 22 statement, this gang took in some $71 million from this scam, which was targeted by a federal investigation called Operation Trident Tribunal. Another credit card processor for the group, Patrick Sallnert, was convicted and sentenced in 2012 on similar charges as those for Mihailovsky as a result of this investigation.