Criminality in Russian style (Russian hackers?)

Romania forest murder as battle over logging turns violent

https://www.bbc.com/news/world-europe-50094830

By Stephen McGrath, Romania

21 October 2019

I think it has been too silent for this forum.

Michael Winn’s  interests will rule.

Sorry for my broken English,

HOWDY

KEVIN POULSEN
SECURITY
02.12.10 01:52 PM

Record 13-Year Sentence for Hacker Max Vision

-https://www.wired.com/2010/02/max-vision-sentencing/-

PITTSBURGH – A skilled San Francisco computer intruder was sentenced here Friday to 13 years in federal prison for stealing nearly two million credit card numbers from banks, businesses and other hackers – in what is the longest hacking sentence in U.S. history.

Max Ray Vision, 37, was also ordered to pay $27.5 million in restitution, and to serve five years under court supervision following his release, during which time he’ll be allowed to use computers only for legitimate employment or education.

Vision, who changed his name from Max Butler shortly before his arrest, ran an online forum for thousands of identity thieves called CardersMarket, where he sold credit card magstripe data to the underground for about $20 a card. He was caught with 1.8 million stolen credit card numbers belonging to a thousand different banks, who tallied the fraudulent charges on the cards at $86.4 million.

The hacker faced up to life in prison under federal sentencing guidelines. But prosecutor Luke Dembosky on Friday recommended the significantly lower 13-year sentence, noting that Vision has provided substantial assistance to the government during his time in pre-trial custody.

“I was quite impressed by the cooperation shown by Mr. Butler,” agreed U.S. District Judge Maurice Cohill Jr.

Dressed in orange jail clothes, the soft-spoken hacker said little at Friday’s hearing, which at times felt more like an awards ceremony than a sentencing. Vision’s lawyer, prosecutor and judge took turns praising the hacker for his computer skills, and his apparent remorse over his crimes.

“I have a lot of regrets, but I think my essential failing was that I lost touch with the accountability and responsibility that comes with being a member of society,” Vision wrote in a letter (.pdf) to the judge on Thursday.

“I’ve changed,” Vision said in court Friday.
“He’s a likable person,” said prosecutor Dembosky. “Almost wide-eyed and optimistic in his view of the world.”

Vision’s 13-year term is the longest U.S. hacking sentence, though that record likely will be eclipsed next month when confessed TJX hacker Albert Gonzalez faces the first of two sentencing hearings. One of Gonzalez’s plea agreements contemplates a term of 17 to 25 years in prison.

The defendant’s sentence is longer than the one given to Michigan hacker Brian Salcedo. He was handed a then-unprecedented, nine-year term in 2004 for cracking the corporate network of the Lowe’s chain of home improvement stores.

In the late 1990s, Vision was a superstar in the computer security community, billing himself as an $100-an-hour computer security consultant. He gave the FBI information on security and piracy threats, and earned the respect of his peers for creating and curating an open source library of attack signatures used to detect computer intrusions.

But it turned out Vision was staging recreational hacks on the side, and in 2001 he was sent to federal prison for 18 months for launching a scripted attack that closed security holes on thousands of Pentagon systems, and left backdoors and packet-sniffers behind for his own use.

While in prison, Vision met more serious criminals, and after his release one of them introduced him to an Orange County, California entrepreneur and former bank robber named Chris Aragon, who became Vision’s partner.

Aragon, who’s pending trial on related state charges in Southern California, used Vision’s stolen credit card data to create near-perfect counterfeit cards, complete with holograms, and recruited a crew of shoppers who used the cards to snap up designer merchandise for resale on eBay. Aragon earned at least $1 million in the business, police say.
Vision also sold the credit card data online under the handles “Generous” and “Digits.” He stole data from restaurant point-of-sale terminals and other targets, including competing hackers.

“From what I know, his actual income from this entire event is probably not even a million dollars,” federal public defender Michael Novara said Friday.

The hacker became a priority to federal law enforcement officials in 2006 when, under the handle “Iceman,” he staged a brazen takeover of the competing online carder forums where hackers and fraudsters buy and sell stolen data, fake IDs and specialized underground services.
He hacked into the forums, wiped out some of their databases, and absorbed their content and membership into his own site, CardersMarket.

On one of the sites he hacked, called DarkMarket, Vision later discovered that an administrator named “Master Splyntr” was logging in from an FBI office here in Pittsburgh. The defendant partnered with a Canadian hacker to try and expose Master Splyntr as a fed, but his claim was largely dismissed in the underground as inter-forum rivalry. DarkMarket went on to become a full-blown undercover FBI operation, and the FBI and Secret Service began an investigation into “Iceman.”

Using informants and some genuine electronic gumshoe work, the feds identified Iceman as Vision about a year later, and arrested him in September 2007 at a corporate apartment he used as a hacking safe house. When the feds seized his computer, they found five terabytes of encrypted data. Experts at Carnegie Mellon University’s Computer Emergency Response Team eventually cracked Vision’s crypto.

Vision’s plea deal wraps up a separate federal case in Virginia, where Vision was charged with staging the first documented “spear phishing” attack against employees of a financial institution by unlawfully accessing the corporate network of Capital One bank.

With credit for time served and good behavior, Vision could be released in December 2018.

Mystery blurs dump of over 1 billion people’s personal data

by Nancy Cohen , Tech Xplore

NOVEMBER 25, 2019

https://techxplore.com/news/2019-11-mystery-blurs-dump-billion-people.html

Two security sleuths last month discovered an enormous amount of data that was left exposed on a server. Data found on the server belonged to around 1.2 billion people.

Kartikay Mehrotra wrote about it on Friday for Bloomberg, in a story, along with one from Wired, that was frequently quoted over the weekend. The data was left unprotected on a Google Cloud server.

The FBI were contacted and the server was shut down. Not trivial. Wired referred to the situation as a “jumbo” data leak. Wired said the information was sitting exposed and easily accessible on an unsecured server.

The data left unprotected was actually a database, aggregating 1.2 billion users’ personal information, e.g., social media accounts, email addresses and phone numbers.

The incident was relayed on the Data Viper blog.

“On October 16, 2019 Bob Diachenko and Vinny Troia discovered a wide-open Elasticsearch server containing an unprecedented 4 billion user accounts spanning more than 4 terabytes of data. A total count of unique people across all data sets reached more than 1.2 billion people.”

They were out to do just a routine scan for unprotected data and that is when the trove was spotted. The FBI were contacted.

Appearing in a Bloomberg interview, Troia, Data Viper founder, elaborated on the discovery. “To be honest this was just a part of our normal research process where we were just looking through open web servers to look for any databases that potentially have valuable information in them, and we just kind of came across it.”

The 4 terabytes of personal information, about 1.2 billion records, did not include passwords, credit card numbers, or Social Security numbers, said Lily Hay Newman in Wired.

She spelled out what it did reveal. “It does, though, contain profiles of hundreds of millions of people that include home and cell phone numbers, associated social media profiles like Facebook, Twitter, LinkedIn, and Github, work histories seemingly scraped from LinkedIn, almost 50 million unique phone numbers, and 622 million unique email addresses.”

Bloomberg quoted Troia. “There are no passwords related to this data, but having a new, fresh set of passwords isn’t that exciting anymore. Having all of this social media stuff in one place is a useful weapon and investigative tool.”

After all, just nabbing names, phone numbers and account URLs delivers ample information to get attackers started.

Harrison Van Riper, analyst at security firm Digital Shadows, made a similar point in Wired. “Van Riper notes that while passwords, credit card numbers, and government IDs are the most obviously threatening pieces of information for scammers to have, it’s important not to underestimate the significance of all the supporting data that helps build out profiles of consumers.”

Who owned the server? It is unclear how the records got there in the first place, said Wired. The data that Troia discovered seemed to be four data sets cobbled together. Welcome to the world of those who abuse “data enrichment.”

Jacob J in International Business Times noted a “vastly unprotected and unregulated data enrichment business scene.” The data sets appeared to originate from different data enrichment companies.

Cory Doctorow in Boing Boing also drew a blank: “No one knows who owns the Google Cloud drive that exposed 1.2 billion user records,” he wrote. Doctorow explained that data-brokers like People Data Labs and Oxydata “may have simply sold the data to a customer that performed the merge operation and then stuck the resulting files on an unprotected server.”

“The owner of this server likely used one of our enrichment products, along with a number of other data-enrichment or licensing services,” said Sean Thorne, cofounder of People Data Labs, in the Wired report.

So, whose trail does one pursue to figure out how the data was exposed in the first place? Experts said good luck with that.

“Identification of exposed/nameless servers is one of the most difficult parts of an investigation. In this case, all we can tell from the IP address…is that it is (or was) hosted with Google Cloud,” said the Data Viper blog. “Because of obvious privacy concerns cloud providers will not share any information on their customers, making this a dead end.”

Robert Prigge, President of Jumio, discussed the news with Digital Journal:

“We live in an era where information from disconnected data breaches, as well as legitimate data-selling companies, are often combined to create comprehensive identity profiles on the dark web, incorporating everything from personal identifiable information, to job history, to shopping preferences, to dating profiles, and more. The deep level of intel available is frightening, and it’s making it extremely easy for criminals to commit digital identity fraud via a number of different ways.”

© 2019 Science X Network