Archive for the ‘Crime’ Category

A California man was hit with an extortion charge this week for allegedly threatening to send out millions of e-mails criticizing his insurance company, if the firm didn’t pay him as much as $3 million.

Anthony Digati, 52, faces a maximum two-year prison term if convicted of charges the Federal Bureau of Investigation is calling “cyber-extortion” (.pdf).

The authorities said Digati erected a website to damage the reputation of New York Life unless it returned his $50,000 premium, and an extra $150,000 for good measure, by a certain date. If the deadline was not meant, the price would climb to $3 million, according to the indictment unsealed late Thursday.

The bureau’s statement said that Digati threatened on his website to “make false public statements and transmit millions of spam e-mails in an effort to damage the reputation of New York Life and cost the company millions of dollars of revenue.”

The authorities declined comment. Digati, of Chino, California, declined to be interviewed when reached by telephone, as did his attorney.

Digati, who is being charged in New York, remains free on bond in connection with the charge of extortion through interstate communications.

According to Thursday’s indictment, Digati became upset with New York Life after having a claim denied. He registered the domain newyorklifeproducts.com, and sent an e-mail to more than 1,000 employees of the insurer demanding payment, adding that if he didn’t get his money by March 8, “the price will then be $3,000,000.”

He told the company through his website that he has “6 million e-mails going out to couples with children age 25-40, this email campaign is ordered and paid for,” according to the indictment.

Continue Reading “Man Indicted for ‘Cyber-Extortion’ Threat Against Insurance Firm” »

It was only a matter of time before another banker, lured by the prospects of riches, would get busted on allegations of stealing source code connected to a high-frequency, stock-and-commodities trading platform.

The latest arrest concerns a former Societe Generale trader who was being detained Tuesday on New York federal court charges of stealing the computer code of the Paris-based banking concern’s high-frequency trading software.

Monday’s arrest of Samarth Agrawal, 26, came nine months after a Goldman Sachs programmer was arrested on similar charges that he, too, stole his employer’s source code for software his employer used to make sophisticated, high-speed, high-volume stock and commodities trades.

The Securities and Exchange Commission is investigating the use of these programs that many believe give their users an unfair advantage over other traders. Nevertheless, stealing the code to these suspect programs remains illegal.

Continue Reading “Second Banker Accused of Stealing High-Frequency Trading Code” »

The hackers who breached Google’s network last year were able to nab the source code for the company’s global password system, according to The New York Times.

The single sign-on password system, which Google referred to internally as “Gaia,” allows users to log into a constellation of services the company offers — Gmail, search, business applications and others — using one password.

The hackers, who are still unknown, were able to steal the code after gaining access to the company’s software repository, which stores the crown jewels for its search engine and other programs.

Because the hackers grabbed the software, and do not appear to have grabbed customer passwords, users aren’t directly affected by the theft. But the hackers could study the software for security vulnerabilities to devise ways to breach the system that could later affect users.

Google announced in January that it and numerous other companies had been hacked in a sophisticated attack. The hackers had targeted source code repositories at many of the companies, including Google.

According to the Times, the theft began when an instant message was sent to a Google employee in China who was using Windows Messenger. The message included a link to a malicious website. Once the employee clicked on the link, the intruders were able to gain access to the employee’s computer and from there to computers used by software developers at Google’s headquarters in California.

The intruders seemed to know the names of the Gaia software developers, according to the Times. The intruders had access to an internal Google corporate directory known as Moma, which lists the work activities of every Google employee.

Continue Reading “Report: Google Hackers Stole Source Code of Global Password System” »

Two Belarusian nationals suspected of operating a rent-a-fraudster service for bank and identity thieves have been arrested overseas, according to New York authorities, who unsealed an indictment for one of the suspects on Monday.

Dmitry Naskovets, 25, and Sergey Semashko, 25, are suspected of creating and operating CallService.biz, a Russian-language site for identity criminals who trafficked in stolen bank-account data and other information. The website displayed an FBI logo Monday and the message, “This domain has been seized by the Federal Bureau of Investigation.”

Naskovets has been charged in U.S. District Court for Southern New York with one count each of aggravated identity theft and conspiracy to commit wire fraud and credit card fraud. Semashko has been charged by Belarusian authorities.

Naskovets was arrested in the Czech Republic last Thursday, at the request of U.S. authorities who have filed for extradition. Semashko was arrested the same day in Belarus.

According to the indictment (.pdf), the two entrepreneurs launched the site in Lithuania in June 2007 and filled a much-needed niche in the criminal world — providing English- and German-speaking “stand-ins” to help crooks thwart bank security screening measures.

In order to conduct certain transactions — such as initiating wire transfers, unblocking accounts or changing the contact information on an account — some financial institutions require the legitimate account holder to authorize the transaction by phone.

Continue Reading “Cops Pull Plug on Rent-a-Fraudster Service for Bank Thieves” »

A former senior National Security Agency official was slammed with a 10-count indictment Thursday after allegedly leaking top secret information to a reporter at a national newspaper.

Thomas Andrews Drake, 52, was a high-ranking NSA employee with access to signals intelligence documents when he repeatedly leaked classified information to the unnamed reporter, who ran stories based on the leaks between February 2006 and November 2007, the indictment alleges.

Fox News is reporting that the journalist was Siobhan Gorman, who worked at the time for the Baltimore Sun and is now a reporter with The Wall Street Journal, which is published by Fox parent corporation News Corp.

According to the indictment, Drake exchanged hundreds of e-mails with the reporter, and the two met in the Washington, D.C., area half a dozen times. Drake also researched stories for the journalist, sending e-mail to other NSA employees asking questions, and accessing classified documents to obtain information.

Drake even “reviewed, commented on, and edited drafts, near final and final drafts” of the reporter’s articles, according to the government.

He later allegedly shredded documents and lied about his activity to federal agents investigating the leaks.

Articles Gorman published at the time dealt with the threat of cyberattacks and the NSA’s struggles to modernize its data collection and sifting technology. A February 2006 article discussed the failure of a $300 million NSA project management system and other mission-critical software programs the agency needed to combat terrorism and attacks.

Another article published in May 2006 discussed a collection program called ThinThread that was abandoned in favor of another program called Trailblazer. Privacy safeguards that were inherent in ThinThread and not in Trailblazer were dropped as a result. Gorman wrote:

NSA managers did not want to adopt the data-sifting component of ThinThread out of fear that the Trailblazer program would be outperformed and “humiliated,” an intelligence official said.

Without ThinThread’s data-sifting assets, the warrantless surveillance program was left with a sub-par tool for sniffing out information, and that has diminished the quality of its analysis, according to intelligence officials.

Sources say the NSA’s existing system for data-sorting has produced a database clogged with corrupted and useless information.

Gorman attributed information in the articles to anonymous sources and, in at least one article published in March 2007, said the source was given anonymity because the document discussed was “classified” in nature.

Drake was charged in the U.S. District Court of Maryland with five counts of willfully retaining classified national security documents, as well as obstruction of justice and making false statements to the FBI.

“Our national security demands that the sort of conduct alleged here — violating the government’s trust by illegally retaining and disclosing classified information — be prosecuted and prosecuted vigorously,” said Assistant Attorney General Lanny A. Breuer in a statement.

Drake’s attorney did not immediately return a call for comment.

“The damage to our national security caused by leaks won’t stop until we see a couple of perpetrators in orange jump suits,” said Senator Kit Bond (R - Missouri), vice chairman of the Senate Intelligence Committee, in a press release praising the indictment. Bond called on the Justice Department to prosecute other whistleblowers, such as Thomas Tamm, whom Bond said should be following Drake to federal court.

Tamm is a former Justice Department prosecutor who revealed in 2008 that he was a source for a story the New York Times broke in December 2005 about the warrantless wiretapping program the NSA was conducting with authorization from the Bush administration.

Drake’s leaking to the Baltimore Sun began around November 2005, according the the indictment, when a former congressional staffer who had a “close, emotional friendship” with Drake asked him to speak with the reporter, now identified as Gorman. Drake had provided the congressional staffer with classified and unclassified information while the person worked for Congress, and after the staffer retired in May 2002.

Drake opened a Hushmail e-mail account to contact Gorman, and volunteered to provide information about the NSA. Drake instructed the reporter to open her own Hushmail account so they could communicate covertly.

Continue Reading “NSA Official Faces Prison for Leaking to Newspaper” »

If TJX hacker Albert Gonzalez had gone to trial instead of pleading out, one man would have been the primary witness against him — accomplice Damon Patrick Toey.

Toey, identified often in court documents simply as “PT,” provided information that investigators say likely helped persuade Gonzalez to plead guilty last year to multiple crimes, which prosecutors are calling the most serious and largest identity-theft crimes ever prosecuted.

Toey, 25, will on Thursday become the last of six U.S. defendants sentenced for the crimes. The others include Gonzalez, Christopher Scott, Humza Zaman, Jeremy Jethro and Stephen Watt. Other, unidentified Eastern European hacking accomplices are presumed to be still at large.

Gonzalez received three concurrent sentences last month, amounting to 20 years in prison for his role in the hacks of TJX, Hannaford Brothers, Heartland Payment Systems and others, which resulted in the theft of more than 200 million credit- and debit-card numbers. After his arrest, Gonzalez led investigators to a stash of more than $1 million in cash buried in a barrel in his parents’ backyard.

Toey, who prosecutors say earned only about $80,000 for his role in the crimes, faces a maximum sentence of 22 years. Prosecutors are taking into consideration his extensive cooperation with authorities, and are seeking only 6 years in prison and a $100,000 fine, with no restitution. His defense attorney is asking for 30 to 36 months and a maximum fine of $50,000.

His defense attorney’s sentencing memo provides a look at the unstable and peripatetic life that led the at-times homeless teen to a career in crime with his friend.

Toey was raised by a single mother, who later married and had two more children, according to his attorney. He was little-supervised, and at age 11 began experimenting with marijuana and spending extended periods of time on the computer. At 15 he dropped out of school. After his mother’s divorce shortly thereafter, he and his family went through a string of evictions, and ended up staying with family friends for a while, where his mother spent much of her time partying, drinking and smoking pot.

Continue Reading “Prosecutors Seek 6-Year Sentence for TJX Hacker’s ‘Trusted’ Accomplice” »

A Bank of America worker pleaded guilty Tuesday to installing malware on more than 100 ATMs, and stealing $304,000 over a seven-month period.

Authorities were able to recover at least $167,000 in cash after the worker told U.S. Secret Service agents where they could find the money, according to a press release issued by the U.S. Attorney’s office in North Carolina, where the charges were filed.

Rodney Reed Caverly, 53, pleaded guilty to one count of unauthorized computer access for installing the malware.

Caverly’s attorney told Threat Level that his client wrote the code himself. It instructed the ATMs to dispense cash without creating a record of the transactions.

Continue Reading “Bank Worker Pleads Guilty to Hacking 100 ATMs” »

Brokerage firm DA Davidson has agreed to pay a fine of $375,000 for failing to protect confidential client data from Latvian hackers who breached the company in 2007 in an online extortion scheme.

The hackers used a SQL injection attack to obtain access to the company’s database on Dec. 25 and 26, 2007.

The Financial Industry Regulatory Authority, which announced the fine agreement on Monday, said although the attack activity was reflected in the brokerage’s server logs, administrators failed to examine those logs. The intruders obtained data on about 192,000 customers, according to the press release announcing the fine. (Previous reports indicated that more than 300,000 customer files were stolen). The data included customer account numbers, Social Security numbers, names, addresses, dates of birth and other private information.

The company discovered the breach only after receiving an extortion e-mail from one of the hackers on Jan. 16, 2008, which contained an attachment with the records of 20,000 customers as proof of the intrusion. DA Davidson contacted the Secret Service, and the subsequent investigation led to four suspects, three of whom are Latvian nationals, who were extradited from the Netherlands to face charges in Montana.

Aleksandrs Hoholko, 30, Jevgenijs Kuzmenko, 26, and Vitalijs Drozdovs, 33, pleaded guilty last month in Montana to making threatening communications and receiving extortion proceeds. They are scheduled to be sentenced in June. The fourth suspect, who called himself Robert Borko (.pdf) in correspondence with the brokerage firm, has not yet appeared in court.

According to the indictment, Borko was responsible for conducting the breach, then used the Latvians as couriers to receive the extortion payments. He identified himself as an “independent IT security consultant” in an e-mail to the brokerage firm and said he would delete the stolen information and identify IT security weaknesses to the company as part of his extortion agreement. According to court documents, he attempted to extort $80,000 from the brokerage firm.

The scheme follows a pattern of extortion plots that have hit other companies over the years, whereby criminal hackers, and unscrupulous security professionals, have attempted to sell their “security consulting” services to firms after breaching their networks.

Continue Reading “Brokerage Firm Fined $375,000 for Unsecured Data” »

Romanian authorites made headlines last week after busting 70 suspected cyberthieves accused of operating online auction scams. But it turns out one of the ringleaders was set free after authorities failed to file the required paperwork on time — and now he’s vanished.

Police say the 70 suspects ran scams on eBay and other online auction sites since 2006.

Romanian law allows suspects to be held in jail, in a so-called preventive arrest, for 29 days while an investigation is underway if authorities prove to the court that they need to hold the suspect while evidence is examined. While the court was busy ruling on an extended arrest for the other suspects, Nicolae Popescu, 30, walked out of the courthouse without the police being notified, according to a local news report. The deadline for his initial arrest had passed, and because the court had not yet ruled on his extended detention, he was allowed to leave.

Romanian police defended the slip, saying there were too many criminals to process and not enough people to watch the suspects and do the paperwork. Agents had been working 48 hours and were tired, a spokesman told a local paper.

Police are now appealing to the public to be on the lookout for Popescu or any of his three cars.

Continue Reading “Romanian Auction Scammer on the Lam” »

A Bank of America worker who installed malicious software on his employer’s ATMs was able to siphon at least $200,000 from the hacked machines before he was caught, according to a plea agreement he entered with prosecutors last week.

Rodney Reed Caverly, 53, was a member of the bank’s IT staff when he installed the malware, which instructed the machines to dispense free cash without creating a record of the transaction. The Charlotte, North Carolina, man made fraudulent withdrawals over a seven-month period ending in October 2009, according to prosecutors, who’ve charged him with one count of computer fraud.

Caverly has agreed to plead guilty and is set to appear in court on Tuesday. Nobody involved in the case —  Caverly, his defense attorney, prosecutors and Bank of America — has revealed how much Caverly stole, but the April 7 plea agreement (.pdf) discloses that the crime resulted in a “loss of more than $200,000 and less than $400,000.”

The document lays out the terms of the plea deal but provides no additional facts about the nature of the malware Caverly installed or how he conducted the fraudulent withdrawals.

Caverly faces a maximum five years in prison and a possible fine up to $250,000. Assuming Caverly has no prior convictions, federal sentencing guidelines recommend a sentence of 24 to 30 months.

Continue Reading “Take From ATM Malware Caper Exceeded $200,000″ »