Cybercriminals are often able to stay ahead of law enforcement as they leverage new techniques to steal sensitive data from users and businesses. On some occasions, however, police and other federal agencies can catch-up to hackers and bring them to justice for their malicious actions. Let's examine a few of the times that cyberthieves have been unable to escape the long arm of the law.
Nearly 100 cybercriminals arrested
In one of the largest cybercrime sweeps in recent memory, the Federal Bureau of Investigations – with the help of other global law enforcement agencies – arrested 97 hackers in connection with the Blackshades malware software tool. The Verge contributor Adrianne Jeffries reported that the malware sample had infected almost a half million individual devices before being seized by the FBI.
Blackshades was considered a powerful malware software system, providing both legitimate and malicious abilities. In some settings, the program is used to remotely access desktop computers from a second location. In cybercrime circles, however, it can be leveraged to launch distributed-denial-of-service attacks, control webcams and log victims' keystrokes. Blackshades can also redirect online traffic or block certain URLs, download additional malware on an infected device and lock down a workstation until a ransom is paid.
"The tool was advertised for spying on spouses, children, and anyone who might be tampering with your computer," Jeffries wrote. "Of course, hackers weren't just installing it on their own machines."
During its lifecycle, Blackshades generated about $350,000 for cybercriminals before being shut down by the FBI in April, 2014. In addition to the 96 other arrested in the sweep, Alex Yucel – the alleged owner and operator of the Blackshades malware – was also taken into custody.
Two "Anonymous" hackers arrested in Australia
The Anonymous hacker group made a name for themselves after infiltrating international and Australian websites earlier this year. However, according to RT, two men associated with the cybercrime ring have been arrested after stealing sensitive information from the Web pages, defacing them and forcing them offline.
The website attacks began in 2012, and mainly involved data leakage, vandalization, and page blackouts. Oftentimes, the victims were Internet service providers, hosting vendors, or government websites. The two police believe are responsible for the attacks – 40-year-old Scarborough resident Adam John Bennett and an 18-year-old individual from Pernith whose name has yet to be released – could spend up to two years in prison if found guilty.
Before being arrested, the two individuals' homes were searched by police, who uncovered "several computer hard drives and other equipment" that was seized for further analysis. Tim Morris, national manager of the High Tech Crime Operations, noted that the hacking was not "harmless fun" and the men could face "serious consequences."
"These acts can cause serious disruption to government and business networks, which in turn can be catastrophic for people who rely on these networks to run their small business or administer their entitlements or personal finances," Morris told Australian Federal Police.
Hacker arrested in connection with U.S. credit card data theft
Another cybercriminal was arrested back in the states by the U.S. Secret Service, according to CBS News. Law enforcement are calling Russian national Roman Valerevich Seleznev "one of the world's most prolific traffickers of stolen financial information," as he is allegedly responsible for attacking American retailers to steal payment card details over more than a year.
Seleznev – also known as "Track2" in cybercrime circles – was indicted in Washington in March 2011. As of early July 2014, he was still in custody awaiting trial. Among other attacks, Seleznev was responsible for the 2010 Broadway Grill breach, which racked up $1.7 million in bank and credit card company losses.
Overall, Seleznev will face a range of charges, including bank fraud, intentionally causing damage to a protected computer and aggravated identity theft. He is also being charged with racketeering in Nevada.
"This important arrest sends a clear message: Despite the increasingly borderless nature of transitional organized crime, the long arm of justice – and this Department – will continue to disrupt and dismantle sophisticated criminal organizations," said Jeh Johnson, Secretary of Homeland Security.
Hacker arrested after attacking security industry professional
In one of the most high-profile cases yet, Naked Security reported that a hacker responsible for an attack on industry expert and security journalist Brian Krebs had been arrested in Italy. The man Italian police arrested – Sergei Vovnenko, A.K.A. Fly – was taken into custody for suspicion of trafficking in stolen credit card and planning to send narcotics to Krebs.
The well-known journalist had been the victim of multiple attacks in the past, as noted by New York Times reporter Nicole Perlroth in a February 2014 profile.
"In the last year, Eastern European cybercriminals have stolen Brian Kreb's identity a half dozen times, brought down his website, included his name and some unpleasant epithets in their malware code, sent fecal matter and heroin to his doorstep, and called a SWAT team to his home just as mother was arriving for dinner," Perlroth wrote.
Naked Security noted that Krebs was able to foil the plan to frame him for illegal drugs after flying under the radar to gain access to Fly's secret forum. Krebs found out about the plan to purchase the narcotics on Silk Road and ship them to his residence. Once delivered, Vovnenko would place a call to police posing as Kreb's neighbor in an attempt to have him arrested. As Krebs discovered the plot before it was carried out, he was able to contact law enforcement first.
Currently, Vovnenko is in custody, being held in a jail in Italy until his extradition to the U.S.
These cases show that law enforcement is constantly working to keep up with and catch the cybercriminals responsible for malicious online activities. While these efforts have been bolstered in recent years, there's no substitute for being aware of and protecting against advanced persistent threats. Understanding the advanced targeted threats that could affect a user or business can help in establishing robust APT protection to mitigate the risk of attack.