The Federal Bureau of Investigation (FBI) is chasing hackers — including the founder of cryptocurrency mining marketplace NiceHash — over an alleged plot to create and distribute malware through major dark web forum Darkode.
Authorities say Darkode was a “criminal organization” powered by a password-protected online forum. It was used by “high-level international hackers” and other cybercriminals to buy, sell, trade, and share hacking tools, info, and related ideas.
American Thomas McCormack, Spaniard Florencio Carro Ruiz , and Slovenes Mentor Leniqi and Matjaz Skorjanc , have each been charged with racketeering conspiracy, as well as conspiracy to commit wire and bank fraud.
Each racketeering conspiracy charge includes extortion, identify theft, and access device fraud, a Department of Justice (DoJ) press release dated June 5 confirmed.
Most notably, Matjaz “iserdo” Skorjanc is the creator of cryptocurrency mining marketplace NiceHash. Skorjanc also built the malware that infected more than one million machines to form the impressive Mariposa botnet – one of the largest ever recorded.
Skorjanc and his crew are said to have marketed the malware with claims it could spread quickly to other computers upon infection, steal banking credentials, and even launch DDoS attacks, ZDNet reports.
“Darkode members allegedly used each other’s skills and products to infect computers and electronic devices of victims around the world with malware and, thereby gain access to, and control over, those devices,” said the DoJ.
Curiously, Skorjanc has already served almost five years in prison for creating the Mariposa botnet, and was released in late 2017.
The FBI‘s most-recent charge pertains to his efforts (and those of his accomplices) to disseminate malware through the Darkode hacking forum.
If convicted of racketeering conspiracy to commit bank fraud, each defendant stands to serve a maximum of 20 years in prison; conspiracies to commit wire and bank fraud carry 30 years maximum.
But that’s even if authorities can catch them. So far, they’ve managed to arrest just one of the four fugitives, namely the American Thomas McCormack.
Skorjanc and his two other accomplices are still on the run.
SIM-swappers face hundreds of years in prison for $2.4M cryptocurrency theft
An Irish man, part of a hacking group called “The Community,” is facing upwards of 100 years in a US prison after allegedly stealing over $2 million worth of cryptocurrencies in a series of SIM-swap attacks.
Conor Freeman, a 20 year-old Irish man, was named as part of the group and – if found guilty – could be extradited to the US and face over 100 years in prison, the Independent IE reports . Five other individuals were named as being part of The Community in documents from a Michigan, US court last week and face similar charges.
Court documents state the group committed seven SIM-swapping attacks which allowed them to steal $2,416,352 worth of cryptocurrency. What cryptocurrencies were stolen has not been disclosed.
The sextet have been indicted with 15 counts of wire fraud, conspiracy to commit wire fraud, and aggravated identity theft.
Each count of wire fraud carries a maximum sentence of 20 years in prison, as does conspiracy to commit wire fraud. Identity theft in support of wire fraud carries a maximum sentence of two years.
Given the number of indictments against The Community , the group could collectively face well-over 200 years in prison.
An inside job
Three employees of an unnamed mobile phone service provider have also been named in relation to the hacks.
Court documents state that Jarratt White, Robert Jack, and Fendley Joseph accepted bribes to assist The Community in carrying out their attacks.
White, Jack, and Joseph helped the hackers gain access to their victims’ mobile phone numbers using SIM-swapping techniques which reassign a phone number to a new sim card.
“The phone number was leveraged as a gateway to gain control of online accounts such as a victims’ email, cloud storage, and cryptocurrency exchange accounts,” the court documents read.
This allowed hackers to bypass the security measures protecting their victim’s cryptocurrency accounts and carry out the attacks.
SIM-swapping to steal cryptocurrency seems to be a growing trend.
Attackers used the technique to steal over $200,000 worth of cryptocurrency from a professional gamer. In another case, a group of 25 allegedly used SIM-swapping to steal $24 million from Michael Terpin, an early Bitcoin investor.
The threat of SIM-swapping has become such a concern that engineers at Google are looking at ways to protect people from future attacks.
Security firm releases flawed blockchain into the wild to help educate hackers
Despite their supposed security, there are still many exploitable vulnerabilities that can compromise a blockchain. But one security firm thinks it can fix that, and it believes the key to developing more secure blockchains is to start with a really insecure one.
Cybersecurity firm, Kudelski Security, has announced that it will be demonstrating its deliberately insecure blockchain at the Black Hat USA infosec convention in Las Vegas next month. The company claims it’s the industry’s first intentionally vulnerable blockchain.
Kudelski Security‘s blockchain, called FumbleChain , is designed to be deliberately vulnerable so that budding hackers can ply their trade and try to break it. In doing so, the security firm hopes to learn how hackers exploit the decentralized systems, and eventually learn how to make more secure blockchains.
“There is a common misconception that blockchains are inherently secure, but the reality is that the technology is incredibly nuanced and complex, and a great deal of attention must be paid to its underlying security and cryptography,” said Nathan Hamiel , head of cybersecurity research at Kudelski Security.
The FumbleChain is running a spoof ecommerce application called FumbleStore. In cybersecurity speak FumbleStore is a CTF (capture the flag) type hacking game. In CTF hacking games participants compete to either break or secure computer systems, and capture various components of digital real estate.
This approach to cybersecurity education is quite common in the industry. The DVWA (Damn Vulnerbale Web Application) is a deliberately broken web app design to teach users about web-based application security.
FumbleChain is written in Python, an easy to manipulate programming language, in an attempt to make it easier for CTF participants to read and modify its source code. The blockchain‘s code is also constructed in modules so new CTF or hacking challenges can be added over time, presumably as old ones run their course or become irrelevant.
Kudelski Security‘s blockchain is available as a code repository on GitHub and a web-based demo.
If you fancy yourself as a bit of a hacker, go and take a look at the FumbleChain demo and see if you can break the blockchain. But be careful, Kudelski says running the demo might expose your machine to attacks.