When it comes to protecting against cybercrime, most of the time, organizations turn to cybersecurity software and antivirus programs to guard their networks. However, when big events happen that put IT outfits and government organizations in danger, sometimes law enforcement has to step in. That said, there have been a string of arrests recently, connected to various forms of malware and the people who have spread them.
October is Cybersecurity Awareness Month, and to celebrate, let’s take a look at some recent notable arrests in the realm of cybercriminal activity:
BEC mastermind apprehended in Nigeria
Trend Micro, in conjunction with INTERPOL and the Economic and Financial Crime Commission in Nigeria, has had its hands full with finding and apprehending the culprits responsible for multiple business email compromise scams. According to Trend Micro researchers, officials in Nigeria recently arrested the 40-year-old mastermind behind a troubling number of BEC, 419 and romance scams – a Nigerian native named “Mike” (a fake name, as he also went by Chinaka Onyeali and Beasley Martyn). Mike, along with a ring of cybercriminals in Nigeria, Malasia and South Africa, allegedly stole more than $60 million from companies around the world.
“Our investigation on ‘Mike’ … started in late 2014 when we were looking at Predator Pain and Limitless – malware known to be used in BEC scams,” Trend Micro researchers wrote. “Analyzing the command-and-control infrastructure used by the malware allowed us to track ‘Mike’ down. All information gathered on mike was then given to INTERPOL in late 2014. This, combined with information from other researchers, led to his arrest in June of 2016.”
BEC scams, as Trend Micro recently noted, have generated a lot of attention in the past few months. This kind of scam, which typically involves hackers gaining access to a high-level employee’s email account, often a member of the C suite, and sending spurious emails and financial requests on behalf of said employee, resulting in money getting placed in offshore accounts that the hacker has access to. According to figures released by the FBI in June 2016, BEC scams have been responsible for at least $3.1 billion in total losses, affecting around 22,000 enterprises around the world.
The arrests made in this ongoing fight against BEC are a critical step to ensuring that enterprises and government organizations aren’t falling victim to these kinds of threats. The hope is that eventually, the scams will be a thing of the past and all of the architects behind these and similar hacks will be brought to justice, potentially saving global enterprises millions of dollars.
Arrest made in FBI computer hack case
Sometimes malicious actors aren’t middle-aged men. According to The Hacker News contributor Rakesh Krishnan, a 15-year-old boy in Scotland was apprehended earlier this year in relation to an attack made on the FBI’s computer systems. As of February, it was possible the boy would have to be extradited to the U.S. in order to answer for the grave crime of hacking into confidential government documents.
The boy was believed to be a main member of the hacker group that calls itself “Crackas with Attitude.” According to Motherboard, this teen’s arrest happened a week after U.K. police, in conjunction with the FBI, arrested a 16-year-old believed to be the hacker named “Cracka,” another critical member of the group. The two hackers claimed in November 2015 to have broken into the email of the CIA’s director, John Brennan, and they were also connected to a breach at the U.S. Department of Justice, which ended up with the dump of nearly 29,000 names, titles, email addresses and phone numbers from the FBI and the Department of Homeland Security.
More CWA arrests
Speaking of “Crackas with Attitude,” it seemed that this hacker group also had insurgents in the U.S. In September 2016, the police arrested 22-year-old Andrew Boggs and 24-year-old Justin Liverman, both from North Carolina. According to CNN Money, Liverman and Boggs used social engineering techniques to gain access to the email accounts of several high-profile members of the CIA and FBI between October 2015 and February 2016. Court documents revealed that the gentlemen posted personal information online and harassed victims via social media and over the phone.
“According to court filings, the two alleged hackers conspired with other members of Crackas with Attitude to break into the personal online accounts of US government officials, family members, and a number of U.S. government computer systems,” wrote ZDNet contributor Charlie Osborne in an article about the arrests. “Prosecutors say that social engineering techniques, including phishing campaigns, were employed to impersonate victims and gain access to these accounts.”
The demise of the Angler exploit kit
The Angler exploit kit first appeared in 2013 and has been a pretty big player in the market for these kinds of malicious programs. In fact, in May 2015, Angler accounted for 80 percent of the kits found by one cybersecurity firm. However, since June 7, not a peep has been heard from Angler. Shier noted that the disappearance coincided with nearly 50 arrests orchestrated by Russia’s Federal Security Service around the same time. Those arrested were suspected of being part of a criminal group called Lurk, which had stolen almost $50 million through the use of banking malware.
With all of these arrests and some forms of malware being retired for good, it’s certainly clear: Law enforcement is making great strides to catch up with cybercriminals, but enterprises should still make certain they’re doing everything in their power to protect their networks from unwanted intrusion. Creating a strong cybersecurity infrastructure can go a long way toward keeping your network safe from harm.