2013 computer crime blotter

Anonymous, LulzSec members and plenty of others sent to the slammer for exploiting technology and human flaws


Prisons around the world this year made way for techie criminals alongside the more garden variety murderers, thieves and schemers.

Here’s a rundown of those who got sent to the slammer this year for tech-related crimes (based on a compilation of reports from the IDG News Service and Network World’s other sister sites):

Hacker sentenced to 18 months for peddling computer access to US national security lab

A Pennsylvania man who hacked into multiple corporate, university and government computer networks and tried to sell access to them, including supercomputers from a U.S. national security laboratory, was sentenced in December to 18 months in prison.

Andrew Miller, 24, pleaded guilty in August to one count of conspiracy and two counts of computer fraud for actions committed between 2008 and 2011, when he was part of the Underground Intelligence Agency hacking group, the U.S. Department of Justice said. Miller asked an undercover FBI agent in 2011 for $50,000 in exchange for access to two supercomputers at the Lawrence Livermore National Laboratory, according to the DOJ.

*Man who hacked celebrity email accounts sentenced to prison

A man who admitted to illegally accessing email accounts belonging to more than four dozen celebrities to steal their private photos and confidential documents was sentenced in December to 10 years in federal prison by a U.S. District Court judge in Los Angeles.

Christopher Chaney, 36, of Jacksonville, Fla. was also ordered to pay a fine of more than $66,000 as restitution for his crimes. Chaney was arrested in November 2011 and has been in custody since March, when he pleaded guilty to nine felony counts, including unauthorized access to computers and wiretapping. He faced a maximum of more than 120 years in prison.

+ Also from Network World: Businesses offer best practices for escaping Cryptolocker hell +

According to the U.S. Attorney's office in Los Angeles, Chaney gained access to the email accounts of Mika Kunis, Scarlett Johansson, Renee Olstead and dozens of other celebrities by resetting their passwords using the "forgot your password" feature. Chaney apparently used publicly available information on the celebrities to correctly answer the security questions needed to reset the passwords on the Gmail, Apple and Yahoo email accounts they used.

(via Jaikumar Vijayan, Computerworld)

*Wisconsin man sentenced for participating in Anonymous DDoS

A man from Wisconsin was sentenced in December for participating in a DDoS (distributed denial-of-service) attack by hacker group Anonymous on a Kansas company.

Eric J. Rosol, 38, is said to have admitted that on Feb. 28, 2011, he took part in a denial-of-service attack for about a minute on a Web page of Koch Industries -- Kochind.com, using software called a Low Orbit Ion Cannon Code, which was loaded on his computer. LOIC is a popular DDoS tool used by Anonymous and other online attackers to overload websites with requests and disrupt the target server. 

*Judge sentences Anonymous hacker to 10 years in prison

A member of the hacker group Anonymous was sentenced in November to 10 years in prison for hacking into the computers of a geopolitical analysis firm. Jeremy Hammond, 28, in May pled guilty to one count of conspiracy to engage in computer hacking under the Computer Fraud and Abuse Act. He was sentenced by Chief U.S. District Judge Loretta Preska during a hearing at the federal district court for the Southern District of New York in New York.

Hammond, of Chicago, was arrested in March 2012 and charged with hacking into the computer system of analyst company Strategic Forecasting, also called Stratfor, and obtaining subscriber and credit-card information and emails, among other data. Ultimately, credit-card details, emails and cryptographic representation of passwords were leaked. The credit cards were used to make $700,000 in purchases.

* Two sentenced to prison for point-of-sale credit card theft

Two Romanian men were sentenced in September to serve prison sentences for remotely hacking into hundreds of U.S. merchants' computers and stealing payment card data, the U.S. Department of Justice said.

Adrian-Tiberiu Oprea, 29, of Constanta, Romania, was sentenced to serve 15 years in prison, and Iulian Dolan, 28, of Craiova, Romania, was sentenced to serve seven years in prison during proceedings in U.S. District Court for the District of New Hampshire. The two men were charged with hacking into hundreds of point-of-sale (POS) computer systems and stealing payment card data, with co-conspirators compromising cards belonging to more than 100,000 customers, the DOJ said in a press release. The compromises caused losses of more than $17.5 million in unauthorized charges and remediation expenses, the DOJ said.

*Bradley Manning sentenced to 35 years for classified document leaks

A military court judge sentenced U.S. Army Pfc. Bradley Manning to 35 years in prison in August on charges related to his leaking a large store of classified documents to Wikileaks, according to a number of published and broadcast reports.

Manning had faced a maximum potential sentence of 90 years. The judge in his case reduced the maximum sentence from 136 years earlier this month. Manning was also dishonorably discharged from the military.

* 'Western Express' credit-card fraud prosecution ends

The last member of a $5 million global credit-card fraud ring was sentenced in August in New York state court, ending an eight-year investigation and prosecution.

Douglas Latta, 40, was sentenced to between 22 and 44 years in state prison, according to Manhattan District Attorney Cyrus R. Vance Jr. in a news release on Thursday. Latta was part of a wide-ranging scheme that stole and sold more than 95,000 credit card numbers online as part of a group known as the "Western Express."

* Pirate Bay co-founder sentenced to two years in prison for hacking

Gottfried Svartholm Warg

Gottfrid Svartholm Warg, the co-founder of Pirate bay, is pictured in Stockholm, February 16, 2009. (Reuters)

Pirate Bay co-founder Gottfrid Svartholm Warg was sentenced  in June to two years in prison by a District Court in Sweden for multiple data intrusions, attempted aggravated fraud and aggravated fraud. An appeal reduced the sentence to one year

The data intrusion charge is related to the hacking of a mainframe belonging to Logica, now CGI, an IT firm that provided tax services to the Swedish government, and a mainframe of Nordea bank. The fraud charges stem from a number of attempted money transfers from accounts at Nordea, of which one was successful. Two of the attempts that were part of the case were dismissed. The receiving bank couldn't find a record of one transfer attempt, and the other transfer was interrupted, according to prosecutor Henrik Olin.

* Phishing gang jailed for plundering woman's $1.6 million life savings

A heartless phishing gang that stole and frittered a British woman's entire $1.6 million life savings on items including "gold and cheeseburgers" was handed heavy sentences in May by a judge at London's Southwark Crown Court.

Nominal ringleader, Nigerian national Rilwan Adesegun Oshodi, was sentenced to eight years in prison and ordered to pay back $1.6 million under the Proceeds of Crime Act, although this might prove difficult given that the stolen money has reportedly already been spent.

The man who phished the victim's bank account details and then sold the information to Oshodi, Egyption Tamer Hassanin Zaky Abdelhamid, was sentenced to six years and ordered to pay a heavy fine under the Proceeds of Crime Act.

(via John Dunn of Techworld)

* Four former LulzSec members sentenced to prison in the UK

Four British men associated with the LulzSec hacker collective received prison sentences in May for their roles in cyberattacks launched by the group against corporate and government websites in 2011.

Mustafa al-Bassam

Mustafa al-Bassam arrives at Southwark Crown Court in central London May 15, 2013. (Reuters)

Ryan Cleary, 21, Jake Davis, 20, Ryan Ackroyd, 26, and Mustafa Al-Bassam, 18, were sentenced Thursday in London's Southwark Crown Court after previously pleading guilty to charges of carrying out unauthorized acts with the intention of impairing the operation of computers.

Davis, who was known online as "Topiary," received a two-year prison sentence. He acted as a spokesperson for LulzSec, writing some of the hacker group's announcements and managing its website and Twitter account.

*Operator of German file-sharing site sentenced to almost four years in prison

A 33-year-old man was sentenced in May to three years and 10 months in prison by a German court for running the torrent site torrent.to between December 2005 and April 2008. He was sentenced by the local court of Aachen on April 30 for the commercial and unauthorized exploitation of copyrighted works, said the German Society for the Prosecution of Copyright Infringement (GVU) in a news release.

The man, who was only identified by the GVU as Jens R., was the former owner of torrent.to, a site that continues to operate under a new owner since 2008, and the GVU still aims to take down.

* Former LulzSec member gets prison sentence for Sony Pictures hack

Cody Andrew Kretsinger, a 25-year-old man from Decatur, Illi., was sentenced in April to one year in federal prison for his role in a May 2011 breach of a Sony Pictures website and database.

At the time of the intrusion Kretsinger, who used the online alias "recursion," was a member of a hacker group called Lulz Security, or LulzSec, that went on a hacking spree during the first half of 2011. The group was affiliated with the international Anonymous hacktivist collective.

* AU Optronics executive sentenced for LCD price-fixing

A former executive with AU Optronics was sentenced in April to serve two years in prison and pay a $50,000 fine for participating in a worldwide LCD screen price-fixing conspiracy, the U.S. Department of Justice said.

Shiu Lung Leung, former senior manager of AU Optronics' desktop display business group, was sentenced for price fixing in U.S. District Court for the Northern District of California. AU Optronics, based in Hsinchu, Taiwan, and its U.S. subsidiary, AU Optronics America, headquartered in Milpitas, Calif., were found guilty in March 2012, for participating in the thin-film transistor-liquid crystal display (TFT-LCD) price-fixing conspiracy, after an eight-week trial.

*Romanian citizen sentenced to five years in phishing scheme

A 28-year-old Romanian man was sentenced in March to five years in prison for his role in a phishing scheme, as part of a seven-year investigation by the U.S. Department of Justice.

Cristian Busca, who was sentenced in U.S. District Court in New Haven, Conn., pleaded guilty last November to one count of conspiracy to commit access device fraud, the DOJ said in a news release. He was extradited to the U.S. in December 2011. Prosecutors alleged that Busca possessed more than 10,000 stolen debit or credit card numbers in his email accounts.

Busca was part of a group based in Craiova, Romania, that amassed victims' payment card details, PINs and Social Security numbers. They used the information to make fraudulent withdrawals from people's accounts by creating counterfeit payment cards and taking out lines of credit.

* AT&T hacker 'Weev' sentenced to 41 months for iPad leak

Alleged hacker Andrew 'weev' Auernheimer in March was given an unforgiving prison sentence of 41 months for his part in the hugely embarrassing 2010 compromise of 114,000 iPad-using AT&T customers.

Found guilty in November of 2012, 26-year-old Auernheimer’s prison sentence is likely to become only the latest contentious chapter in complex story that has sharply divided opinion. As part of the 'Goatse Security' group, Auernheimer styled himself as a security researcher who did nothing more untoward than reveal a weakness on AT&T’s website that was of its own making.

(via John Dunn of Techworld)

* Dutch man sentenced in US to 12 years in credit card scam

A 22-year-old Dutch man who sold credit card details online was sentenced in February to 12 years in a US prison in a fraud prosecutors alleged caused more than $63 million in damages, according to the Department of Justice.

David Benjamin Schrooten, who was extradited from Romania last June, was part of a team that stole more than 100,000 credit card numbers and sold the details to other criminals on Kurupt.su, a so-called "carding" website or underground marketplace for stolen payment card data. He was sentenced in U.S. District Court for the Western District of Washington in Seattle, a DOJ news release said.

*Steve Jobs' house burglar gets seven-year sentence

The man who broke into the Palo Alto, Calif., home of late Apple CEO Steve Jobs and stole laptops, iPads and other possessions was sentenced in January to seven years in a California state prison.

Kariem McFarlin, 35, was arrested in August last year by officers from the Rapid Enforcement Allied Computer Team, a Silicon Valley-based high-tech crime unit formed by local, state and federal law enforcement agencies.

REACT officers found McFarlin with help from Apple security, which tracked where the stolen devices were being used by matching their serial numbers with connections to Apple iTunes servers. The IP address in use matched a line in McFarlin's apartment in nearby Alameda that was also being used by an Apple device registered to a member of his family, according to a police report.

* Internet piracy group leader sentenced to five years in prison

1 2 Page 1
Page 1 of 2
SD-WAN buyers guide: Key questions to ask vendors (and yourself)