Saturday, January 25, 2014

Unprecedented International Cybercrime Cooperation Nabs Email Hackers

Email Hacking in China, India, Romania

Yesterday we tweeted asking for more information on a statement we found in India's press regarding an email hacker charged in Pune. The article I sited, Pune techie held after FBI alert on hacking racket, reported:
The CBI on Friday arrested a 32-year-old techie from Pune after a tip-off from the Federal Bureau of Investigation (FBI) about a racket involving hacking of 900 e-mail accounts belonging to people from across the world, including Americans and Indians. [...] Following the FBI tip-off, the CBI carried out raids in Ghaziabad, Mumbai and Pune during which several professional hackers were rounded up. Tiwari was arrested and taken on transit remand to Delhi by the CBI team. His computers and other gadgets were seized. According to the CBI, the e-mail accounts of 171 Indians and more than 700 foreign nationals, including Americans, had been hacked. [...] The agency said the raids were part of a coordinated action involving the agencies of China, Romania, the US and India. This was the first time the CBI had tied up with international investigation agencies to launch an operation against cyber crime in India.
We were so pleased to learn of the CBI's Cooperation with the FBI on it's first Cybercrime coordinated effort, but were left puzzling over the statement about coordinated raids in India, Romania, China, and the US.

The confusion was over the fact that the FBI had decided to not unseal the cases in the US related to these crimes until they received confirmation from their peers in India, Romania, and China that the others involved in the case had been successfully arrested. Once that was concluded, we were able to find the original announcement, January 24, 2014, from the US Attorney's Office in the Central District of California, International Law Enforcement Efforts Result in Charges Around the World Against Operators and Customers of E-Mail Hacking Websites.

  • Mark Anthony Townsend, 45, of Cedarville Arkansas and
  • Joshua Alan Tabor, 29, of Prairie Grove Arkansas were charged with a felony violation for running "needpassword.com". Customers of their service would provide an email account and make payment via PayPal once the email password was obtained. More than 6,000 email accounts were hacked during this scheme.
    Three additional US persons were charged, but these were charged with the lesser misdemeanor charges related to hiring a hacker (as opposed to the two above, who did the hacking themselves):
  • John Ross Jesensky, 30, of Northridge, California, paid $21,675 to a Chinese website to obtain email account passwords.
  • Laith Nona, 31, of Troy, Michigan, paid $1,081 to obtain email account passwords.
  • Arthur Drake, 55, of Bronx, New York, paid $1,011 to get email account passwords.

The Romanian DCCO (Direcţiei de Combatere a Criminalităţii Organizate or Directorate for Combating Organized Crime) part of the DIICOT, searched the residences and arrested four individuals associated with the hacker for hire websites:

  • zhackgroup.com
  • spyhackgroup.com
  • rajahackers.com
  • clickhack.com
  • ghostgroup.org (since at least September 2006!)
  • e-mail-hackers.com






Romanian Email hacker, Guccifer

The Romanians report that these individuals broke into at least 1600 email accounts between February 2011 and October 2012.

Based so far only on the coincidence of timing, this blogger believes that this was the notorious "Guccifer" or Marcel Lazar Lehel, who was previously charged with a suspended sentence of three years (February 8, 2012) for hacking into email accounts belonging to SRI director George Maior, former US state secretary Colin Powell, members of Bush and Rockefeller families and officials of the Obama administration. See for example the January 22, 2014 story in Romania's Nine O'Clock news, "Hacker 'Gucifer' caught in Arad" -- www.nineoclock.ro/hacker-“guccifer”-caught-in-arad/. In another story from digi24.ro (via Google Translation) it says:

[In addition to] SRI boss George Major, George Bush, and Colin Powell, Other victims of 'Guccifer' were actor Steve Martin, John Dean, former advisor to President Richard Nixon, actress Mariel Hemingway, three members of the House of Lords in the UK, Laura Manning Johnson, a former CIA analyst, George Roche was Secretary of the Air Force, and President MetLife (insurance company).
. In the earlier charges that resulted in the suspended sentence, Guccifer was charged with accessing and making public photos from the Facebook pages and email accounts of many public officials in Romania as well.


Indian Email hacker, Amit Tiwari

The Central Bureau of Investigation in India arrested Amit Tiwari (who had previously been arrested for Credit Card Fraud) for operating the websites www.hirehacker.net and www.anonymiti.com, who hacked at least 935 e-mail accounts between February 2011 and February 2013.

HireHacker's homepage
HireHacker.net was a prolific advertiser of their services since 2007, creating many "blogs" (such as freelancehackers.wordpress.com) and posting questions on places like Yahoo Answers like "Can the Famous Internet Detectives at HireHacker.net really recover my cheating spouses email password?"


Chinese Email hacker, Ying Liu

The Ministry of Public Safety in China arrested Ying Liu (劉颖), AKA Brent Liu, for operating the website HireToHack.net. Liu was shown to have broken into at least 300 email accounts between January 2012 and March 2013.

Liu's website had it's fifteen minutes of fame when it was featured in NYMag's story Hiring Hackers is Super Cheap. In that story from January 2012, two Kuwaiti brothers, Bassam Alghanim being the billionaire of the two, hired some Chinese hackers "for the price of a really good dinner" to break into his brother's email account. That story indicated that the hackers earned $200,000 in thirteen months by breaking into accounts. The story was also covered in the Wall Street Journal (which also has a video from Cassell Bryan-Low about the case), where the actual hacking may have been via Invisible Hacking Group instead.

Ying Liu hosted his website, hiretohack.net, on the notorious Malaysian hosting platform, Piradius.net. Here are some screen shots of HireToHack.net that show how their system worked:

Homepage
Menu of Services
Order Placement
This is such an amazing demonstration of international cooperation! I know I already said so, but for India's CBI, China's MPS, Romania's DCCO, and the FBI to cooperate together on a single case is without precedence! A great sign towards a bad future for cyber criminals!

No comments:

Post a Comment

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.