Sie sind auf Seite 1von 9



Friday, November 21, 2014

Former U.S. Navy Nuclear Systems Administrator Sentenced To 2 Years For Hacking The U.S. Navy And
National Geospatial-Intelligence Agency Computer Systems

TULSA, Okla. — The second leader of the computer hacking group Team Digi7al was sentenced today for
hacking the United States Navy, the National Geospatial-Intelligence Agency, and over 50 public and
private computer systems, announced Danny C. Williams, U.S. Attorney for the Northern District of

Nicholas Paul Knight, 27, of Chantilly, Virginia, was sentenced by U.S. District Judge James H. Payne to 24
months in prison. At the time of the hacking attacks Knight was a U.S. Navy Nuclear Systems
Administrator aboard the USS Harry S. Truman. Knight pleaded guilty to the single-count information on
May 5, 2014. Co-defendant Daniel Krueger, 20, of Dix, Illinois, was sentenced to two-years in prison on
October 22, 2014.

“Computer hacking presents a significant risk to national security. As a service member in the United
States Navy, the defendant knowingly breached his oath of enlistment and became an insider threat,”
said U.S. Attorney Williams. “We will continue to work with our law enforcement partners to find cyber-
criminals and prosecute them to the full extent of the law.”

According to court documents, in June 2012, the Naval Criminal Investigative Service (NCIS) detected a
breach of the U.S. Navy’s Smart Web Move database, which stored personal records, including Social
Security numbers, names, and dates of birth, for approximately 222,000 service members. The servers
that stored these records were located in Tulsa. At the time of the hacking attacks, Knight, Krueger, and
other Team Digi7al conspirators posted links to the stolen information on Team Digi7al’s Twitter account
to make the private information available to the public.

In early 2013, Knight was administratively separated from the U.S. Navy after he was caught hacking into
a computer system while aboard the USS Harry S. Truman during a sting operation conducted by the

The case was investigated by the NCIS Atlantic Cyber Operations office in Norfolk, Virginia, with the
cooperation and assistance of the DCIS Cyber Field Office, and other federal, state, and local agencies.
Assistant U.S. Attorney Joel-lyn A. McCormick and Gary L. Davis II prosecuted on behalf of the United


Thursday, November 13, 2014

Member of Organized Cybercrime Ring Responsible for $50 Million in Online Identity Theft Sentenced to
115 Months in Prison

A Georgia man who purchased stolen credit card data and other personal information through the
identity theft and credit card fraud ring known as “” was sentenced today to serve 115 months
in federal prison. He was further ordered to pay $50.8 million in restitution.

Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, U.S. Attorney
Daniel G. Bogden of the District of Nevada and Assistant Special Agent in Charge Michael Harris of U.S.
Immigration and Customs Enforcement’s Homeland Security Investigations (ICE HSI) in Las Vegas made
the announcement. U.S. District Judge Andrew P. Gordon of the District of Nevada imposed the

“Cyber thieves created a real criminal organization through the virtual world of the Internet, stealing
credit card data and relying on technology, perceived anonymity, and international borders to evade law
enforcement,” said Assistant Attorney General Caldwell. “Cameron Harrison made a living by using that
stolen financial information.. Applying time-honored techniques from mob and gang prosecutions to
this new generation of cybercriminals, we were able to infiltrate and bring down the ring.”

“The financial toll exacted by identity theft and credit card fraud can be crippling to victims both
financially and emotionally,” said U.S. Attorney Bogden. “These are far from victimless crimes and the
members of this organization were responsible for the theft of over $50 million. We are working
diligently with our law enforcement partners to ensure that the people who commit these high-tech
crimes are put out of business.”

“This significant sentence is entirely fitting given that this defendant’s actions and those of the larger
criminal organization harmed countless innocent Americans and seriously compromised our financial
system,” said Homeland Security Investigations Executive Associate Director Peter T. Edge. “Criminals
like this defendant who believe they can elude detection by hiding behind their computer screens here
and overseas are discovering that cyberspace affords no refuge from American justice. HSI will continue
to work closely with its law enforcement partners to track down these violators and see that they face
the full weight of the law.”

Cameron Harrison, aka “Kilobit,” 28, of Augusta, Georgia, admitted at his guilty plea hearing that he
became associated with the organization in June 2008. According to Harrison’s admissions, was an Internet-based, international criminal enterprise whose members trafficked in
compromised credit card account data and counterfeit identifications and committed money laundering,
narcotics trafficking and computer crimes. Harrison admitted that the group tried to protect the
anonymity and the security of the enterprise from both rival organizations and law enforcement. For
example, members communicated through various secure and encypted forums, such as chatrooms,
private messaging systems, encrypted email, proxies and encypted virtual private networks. Gaining
membership in the group required the recommendation of two current members in good standing.

Harrison admitted that he purchased compromised credit card account data and other personal
identifying information from fellow members. He further admitted to possessing over 260
compromised credit and debit card numbers, which were recovered from his computer and email
accounts following his arrest.

Harrison was identified when he purchased a counterfeit Georgia driver’s license from an undercover
special agent through the network. During interactions with the undercover special agent,
Harrison admitted to having been a vendor of counterfeit identifications in the defunct cyberfraud
organization “ShadowCrew.”

Fifty-five individuals were charged in four separate indictments in Operation Open Market, which
targeted the organization. To date, 26 individuals have been convicted and the rest are either
fugitives or are pending trial. Harrison pleaded guilty in April 2014 to participating in a racketeer
influenced corrupt organization, conspiracy to engage in a racketeer influenced and corrupt organization,
and trafficking in and production of false identification documents.

The cases were investigated by HSI and the U.S. Secret Service, and are being prosecuted by Trial
Attorney Jonathan Ophardt of the Criminal Division’s Organized Crime and Gang Section and Assistant
U.S. Attorneys Kimberly M. Frayn and Andrew W. Duncan of the District of Nevada.

This prosecution is part of efforts underway by President Barack Obama’s Financial Fraud Enforcement
Task Force. President Obama established the interagency Financial Fraud Enforcement Task Force to
wage an aggressive, coordinated and proactive effort to investigate and prosecute financial crimes. The
task force includes representatives from a broad range of federal agencies, regulatory authorities,
inspectors general and state and local law enforcement who, working together, bring to bear a powerful
array of criminal and civil enforcement resources. The task force is working to improve efforts across the
federal executive branch, and with state and local partners, to investigate and prosecute significant
financial crimes, ensure just and effective punishment for those who perpetrate financial crimes, combat
discrimination in the lending and financial markets and recover proceeds for victims of financial crimes.


The FBI cracks the ‘largest phishing case ever’8 Oct, 2009US and Egyptian authorities have charged 100
people in what the director of the FBIhas called “the largest international phishing case ever conducted”

.The US and Egyptian fraudsters were accused of using phishingscams to steal account details from
hundreds, possibly thousands, of people, and transferring about $1.5 million into fake accounts they
controlled.The group of fraudsters were accused of targeting US financial institutions and victimising a
number of account holders by fraudulently using their personal financial information after they were
successfully phished.The arrests were the result of an investigation called ‘Operation Phish Phry’. Starting
in 2007, FBI agents worked with US financial institutions to “identify and disrupt” criminal phishing
gangs.“This international phishing ring had a significant impact on two banks and caused huge
headaches for hundreds, perhaps thousands of bank customers,” said Acting US Attorney George S.
Cardona, in a statement.“Organised, international crime rings can only be confronted by an organised
responseby law enforcement across international borders, which we have seen in this case.”American
authorities charged 53 people, while Egypt charged 47, with offences including conspiracy to commit
bank fraud, computer fraud, money laundering and aggravated identity theft. The bank fraud alone
could lead to jail sentences of 20 years.The Melissa Virus/WormThe Melissa Virus appeared on
thousands of email systems on March 26, 1999. It was disguised in each instance as an important
message from a colleague or friend. The viruswas designed to send an infected email to the first 50 email
addresses on the users’ Microsoft Outlookaddress book. Each

infected computer would infect 50 additional computers, which in turn would infect another 50
computers. The virus proliferated rapidly and exponentially, resulting in substantial interruption and
impairment of public communications and services. Many system administratorshad to disconnect their
computer systems from the Internet. Companies such as Microsoft, Intel, Lockheed Martinand Lucent
Technologieswere forced to shut down their email gateways due to the vast amount of emails the virus
was generating. The Melissa virus is the most costly outbreak to date, causing more than $400 million in
damages to North Americanbusinesses.After an investigation conducted by multiple branches of
government and law enforcement, the Melissa Virus/Worm was attributed to David L. Smith, a 32-year-
old New Jerseyprogrammer, who was eventually charged with computer fraud.



Possibly the first "hacktivist" (hacking activist) attack, the WANK worm hit NASAoffices in Greenbelt,
Maryland. WANK (Worms Against Nuclear Killers) ran abanner (pictured) across system computers as
part of a protest to stop the launch ofthe plutonium-fueled, Jupiter-bound Galileo probe. Cleaning up
after the crack hasbeen said to have cost NASA up to a half of a million dollars in time and resources.To
this day, no one is quite sure where the attack originated, though many fingershave pointed to
Melbourne, Australia-based hackers



A small group of hackers traced to southern England gained control of a MoDSkynet military satellite and
signaled a security intrusion characterized by officialsas "information warfare," in which an enemy
attacks by disrupting militarycommunications. In the end, the hackers managed to reprogram the control
systembefore being discovered. Though Scotland Yard's Computer Crimes Unit and theU.S. Air Force
worked together to investigate the case, no arrests have been made.



A blackmail scheme gone wrong, the posting of over 300,000 credit card numbersby hacker Maxim on a
Web site entitled "The Maxus Credit Card Pipeline" hasremained unsolved since early 2000. Maxim stole
the credit card information bybreaching; he or she then demanded $100,000 from the
Web site inexchange for destroying the data. While Maxim is believed to be from EasternEurope, the
case remains as of yet unsolved.



If there's one thing you don't want in the wrong hands, it's the source code that cancontrol missile-
guidance systems. In winter of 2000, a hacker broke intogovernment-contracted Exigent Software
Technology and nabbed two-thirds of thecode for Exigent's OS/COMET software, which is responsible for
both missile andsatellite guidance, from the Naval Research Lab in Washington, D.C. Officials wereable to
follow the trail of the intruder "Leaf" to the University of Kaiserslautern inGermany, but that's where the
trail appears to end.


Ransomware emerges as a top threat to business

In May 2016, Security researchers at Kaspersky Lab and FireEye confirmed that the upward trend of
ransomware was continuing and had emerged as a top threat to business.This was confirmed by Eset
data which showed that ransomware made up a quarter of UK cyber-attacks, and was continuing to rise,
while in August Trend Micro reported that the occurrence of ransomware families nearly doubled in the
first half of 2016 compared with the whole of 2015 and PhishMe research concluded that ransomware is
a mature business model for cyber criminals.The impact of ransomware was underlined by a study, also
published in August, that found that one in five businesses hit by ransomware are forced to close, but
despite this harsh reality, another study foundthat almost two-thirds of US office workers were unaware
of ransomware threat, emphasizing the need for cyber security awareness training.


UK second only to US in DDoS attacks

The UK is second only to the US in being targeted by distributed denial of service (DDoS) attacks with
theaim of vandalism, disrupting businesses or extorting money from businesses, a report revealed in
August.Although DDoS mitigation technologies are fairly mature, security consultants report that after
ransomware attacks, DDoS attacks were the most common reason for callouts from affected businesses
in 2016. DDoS attacks are not new, but attackers have been exploring new techniques for delivering
more powerful attacks over longer periods. DDoS attacks have also been driven by the release of the
Mirai code for establishing IoT botnets and the availability of DDoS services for as little as $5 an hour.


412 million user accounts exposed in Friend

Finder Networks hackIn the biggest data breach of the year, user details of more than 412 million
accounts were exposed in a data breach at FriendFinder Networks, that once again confirmed poor user
data protection and poor password practices.

In addition to confirmation of a 2014 breach at Yahoo that exposed a record 500 million accounts, 2016
also saw a string of other breaches, including the Dailymotion breach, which prompted calls for
password alternatives, the US Navy breach, which highlighted third-party cyber risk, the breach at
mobile network operator Three, which highlighted several security issues, the Dropbox breach, and the
Australian Red Cross Blood Service data breach, which showed security is still not a priority for many


The Melissa Virus/Worm

The Melissa Virus appeared on thousands of email systems on 26 March 1999. It was disguised in each
instance as an important message from a colleague or friend.[3] The virus was designed to send an
infected email to the first 50 email addresses on the users’ Microsoft Outlook address book. Each
infected computer would infect 50 additional computers, which in turn would infect another 50
computers. The virus proliferated rapidly and exponentially, resulting in substantial interruption and
impairment of public communications and services. Many system administrators had to disconnect their
computer systems from the Internet. Companies such as Microsoft, Intel, Lockheed Martin and Lucent
Technologies were forced to shut down their email gateways due to the vast number of emails the virus
was generating. The Melissa virus is the most costly outbreak to date, causing more than $400 million in
damages to North American businesses.[citation needed.
After an investigation conducted by multiple branches of government and law enforcement, the Melissa
Virus/Worm was attributed to David L. Smith, a 32-year-old New Jersey programmer, who was eventually
charged with computer fraud.[4] Smith was one of the first people ever to be prosecuted for the act of
writing a virus. He was sentenced to 20 months in federal prison and was fined $5,000. In addition, he
was also ordered to serve three years of supervised release after completion of his prison sentence. The
investigation involved members of New Jersey State Police High Technology Crime Unit, the Federal
Bureau of Investigation (FBI), the Justice Department’s Computer Crime and Intellectual Property
Section, and the Defense Criminal Investigative Service.


Craig A. Schiller, ... Michael Cross, in Botnets, 2007

Installation of Adware and Clicks4Hire

The first criminal case involving a botnet went to trial in November 2005. Jeanson James Ancheta (a.k.a.
Resili3nt), age 21, of Downey, California, was convicted and sentenced to five years in jail for conspiring
to violate the Computer Fraud Abuse Act, conspiring to violate the CAN-SPAM Act, causing damage to
computers used by the federal government in national defense, and accessing protected computers
without authorization to commit fraud.

Ancheta's botnet consisted of thousands of zombies. He would sell the use of his zombies to other users,
who would launch DDoS or send spam. He also used a botnet of more than 400,000 zombies to generate
income in a “Clicks4Hire scam” (see Figure 2.6) by surreptitiously installing adware for which he was paid
more than $100,000 by advertising affiliate companies. A DOJ press release stated that Ancheta was able
to avoid detection by varying the download times and rates of the adware installations, as well as by
redirecting the compromised computers between various servers equipped to install different types of
modified adware. For information on how Clicks4Hire schemes work, read the following sidebar and
refer to Figure 2.6. Companies like and pay varying rates for
installation of their adware software in different countries. Companies like these are paying for criminal
activity—that is, the intentional installation of their software on computers without the explicit
permission of the owner of the computer. Pressure from the FTC caused one of these vendors (180
Solutions) to terminate 500 of its affiliate agreements for failing to gain user acceptance prior to
installing their software. This resulted in the DDoS attack described in Chapter 1, the involvement of the
FBI, and a lawsuit against the former affiliates. It also resulted in 180 Solutions changing its name to


WannaCry virus hits the NHS, 2017

Midway through 2017, the UK fell victim to one of the most crippling cyber attacks it had ever
experienced. The WannaCry virus infiltrated the NHS computer system and left it completely disabled for
most of the week. Forcing hospitals and medical practitioners to operate entirely offline, it exposed a
major hole in the cyber security of the UK’s healthcare system. But this was just one of a number of
incidences that have affected British citizens in recent memory.

The most widespread cyber attack ever, hackers managed to gain access to the NHS’ computer system in
mid-2017, causes chaos among the UK’s medical system. The same hacking tools were used to attack
world-wide freight company FedEx and infected computers in 150 countries. Ransomware affectionately
named “WannaCry” was delivered via email in the form of an attachment. Once a user clicked on the
attachment, the virus was spread through their computer, locking up all of their files and demanding
money before they could be accessed again. As many as 300,000 computers were infected with the
virus. It was only stopped when a 22-year-old security researcher from Devon managed to find the kill
switch, after the NHS had been down for a number of days.


Hackers steal £650 million from global banks, 2015

For a period of two years, ending in early 2015, a group of Russian-based hackers managed to gain
access to secure information from more than 100 institutions around the world. The cyber criminals
used malware to infiltrate banks’ computer systems and gather personal data, They were then able to
impersonate online bank staff to authorise fraudulent transfers, and even order ATM machines to
dispense cash without a bank card. It was estimated that around £650 million was stolen from the
financial institutions in total.


Sony Pictures crippled by GOP hackers, 2014

In late 2014, major entertainment company Sony Pictures were hit with a crippling virus.

Cyber crime group Guardians of Peace (GOP) were behind the apparent blackmail attempt, which saw
around 100 terabytes of sensitive data stolen from the company.

It is largely thought that the attack was related to North Korea’s disapproval of the film ‘The Interview’,
which humorously predicted Kim Jong-un and contained a plot where main characters attempted to
assassinate the head of state.

US government agencies investigated the claim that North Korea had authorised the cyber attack in an
attempt to prevent the film from being released.


One billion user accounts stolen from Yahoo, 2013

In one of the largest cases of data theft in history, Yahoo had information from more than one billion
user accounts stolen in 2013. Personal information including names, phone numbers, passwords and
email addresses were taken from the internet giant.

Yahoo claimed at the time that no bank details were taken.

Releasing information of the breach in 2016, it was the second time Yahoo had been targeted by hackers,
after the accounts of nearly 500 million users were accessed in 2014.


JP and Morgan Chase & Co target of giant hacking conglomerate, 2015

Late in 2015, three men were charged with stealing date from millions of people around the world, as
part of a hacking conglomerate that spanned the best part of a decade. The trio themselves allegedly
described the incident as “one of the largest thefts of financial-related data in history”. Thought to have
been operating out of Israel, the trio targeted major corporations, including major US bank JP Morgan
Chase & Co, stealing personal data and then selling it on to a large network of accomplices.

The group stole information from more than 83 million customers from JP Morgan alone, and are
thought to have made hundred of millions of dollars in illegal profits. Along with personal data, the
hacking group also stole information related to company performance and news, which allowed them to
manipulate stock prices and make enormous financial gain.

Using more than 200 fake identity documents, they were able to facilitate large scale payment
processing for criminals, an illegal bitcoin exchange, and the laundering of money through approximately
75 shell compaines and accounts globally.