As Part of Coordinated Law Enforcement Efforts in 20
Countries, United States Charges 12 Defendants in Connection with Computer
Fraud Conspiracy
The computer hacking forum known as Darkode was dismantled,
and criminal charges have been filed in the Western District of Pennsylvania
and elsewhere against 12 individuals associated with the forum, announced
Assistant Attorney General Leslie R. Caldwell of the Justice Department’s
Criminal Division, U.S. Attorney David J. Hickton of the Western District of
Pennsylvania and Deputy Director Mark F. Giuliano of the FBI.
“Hackers and those who profit from stolen information use
underground Internet forums to evade law enforcement and target innocent people
around the world,” said Assistant Attorney General Caldwell. “This operation is a great example of what
international law enforcement can accomplish when we work closely together to
neutralize a global cybercrime marketplace.”
“Of the roughly 800 criminal internet forums worldwide,
Darkode represented one of the gravest threats to the integrity of data on
computers in the United States and around the world and was the most
sophisticated English-speaking forum for criminal computer hackers in the
world,” said U.S. Attorney Hickton.
“Through this operation, we have dismantled a cyber hornets’ nest of
criminal hackers which was believed by many, including the hackers themselves,
to be impenetrable.”
“This is a milestone in our efforts to shut down criminals’
ability to buy, sell, and trade malware, botnets and personally identifiable
information used to steal from U.S. citizens and individuals around the world,”
said Deputy Director Giuliano. “Cyber
criminals should not have a safe haven to shop for the tools of their trade and
Operation Shrouded Horizon shows we will do all we can to disrupt their
unlawful activities.”
As alleged in the charging documents, Darkode was an online,
password-protected forum in which hackers and other cyber-criminals convened to
buy, sell, trade and share information, ideas, and tools to facilitate unlawful
intrusions on others’ computers and electronic devices. Before becoming a member of Darkode,
prospective members were allegedly vetted through a process in which an
existing member invited a prospective member to the forum for the purpose of
presenting the skills or products that he or she could bring to the group. Darkode members allegedly used each other’s
skills and products to infect computers and electronic devices of victims
around the world with malware and, thereby gain access to, and control over,
those devices.
The takedown of the forum and the charges announced today
are the result of the FBI’s infiltration, as part of Operation Shrouded
Horizon, of the Darkode’s membership.
The investigation of the Darkode forum is ongoing, and the U.S.
Attorney’s Office of the Western District of Pennsylvania is taking a
leadership role in conjunction with the Criminal Division’s Computer Crime and
Intellectual Property Section (CCIPS).
The charges announced today are part of a coordinated effort
by a coalition of law enforcement authorities from 20 nations to charge, arrest
or search 70 Darkode members and associates around the world. The nations comprising the coalition include
Australia, Bosnia and Herzegovina, Brazil, Canada, Colombia, Costa Rica,
Cyprus, Croatia, Denmark, Finland, Germany, Israel, Latvia, Macedonia, Nigeria,
Romania, Serbia, Sweden, the United Kingdom and the United States. Today’s actions represent the largest
coordinated international law enforcement effort ever directed at an online
cyber-criminal forum.
The following defendants face charges in the Western
District of Pennsylvania:
Johan Anders
Gudmunds, aka Mafi aka Crim aka Synthet!c, 27, of Sollebrunn, Sweden, is
charged by indictment with conspiracy to commit computer fraud, conspiracy to
commit wire fraud, and conspiracy to commit money laundering. He is accused of serving as the administrator
of Darkode, and creating and selling malware that allowed hackers to create
botnets.Gudmunds also allegedly operated his own botnet, which at times
consisted of more than 50,000 computers, and used his botnet to steal data from
the users of those computers on approximately 200,000,000 occasions.
Morgan C.
Culbertson, aka Android, 20, of Pittsburgh, is charged by criminal information
with conspiring to send malicious code.
He is accused of designing Dendroid, a coded malware intended to
remotely access, control, and steal data from Google Android cellphones. The malware was allegedly offered for sale on
Darkode.
Eric L. Crocker,
aka Phastman, 39, of Binghamton, New York, is charged by criminal information
with sending spam.He is accused of being involved in a scheme involving the use
of a Facebook Spreader which infected Facebook users’ computers, turning them
into bots which Crocker controlled through the use of command and control
servers. Crocker sold the use of this
botnet to others for the purpose of sending out massive amounts of spam.
Naveed Ahmed, aka
Nav aka semaph0re, 27, of Tampa, Florida; Phillip R. Fleitz, aka Strife, 31, of
Indianapolis; and Dewayne Watts, aka m3t4lh34d aka metal, 28, of Hernando,
Florida, are each charged by criminal information with conspiring to send
spam. They are accused of participating
in a sophisticated scheme to maintain a spam botnet that utilized bulletproof
servers in China to exploit vulnerable routers in third world countries, and
that sent millions of electronic mail messages designed to defeat the spam
filters of cellular phone providers.
Murtaza Saifuddin,
aka rzor, 29, of Karachi, Sindh, Pakistan, is charged in an indictment with
identity theft.Saifuddin is accused of attempting to transfer credit card
numbers to others on Darkode.
The following defendant faces charges in the Eastern
District of Wisconsin:
Daniel Placek, aka
Nocen aka Loki aka Juggernaut aka M1rr0r, 27, of Glendale, Wisconsin, is
charged by criminal information with conspiracy to commit computer fraud.He is
accused of creating the Darkode forum, and selling malware on Darkode designed
to surreptitiously intercept and collect email addresses and passwords from
network communications.
The following defendants face charges in the District of
Columbia:
Matjaz Skorjanc,
aka iserdo aka serdo, 28, of Maribor, Slovenia; Florencio Carro Ruiz, aka NeTK
aka Netkairo, 36, of Vizcaya, Spain; and Mentor Leniqi, aka Iceman, 34, of
Gurisnica, Slovenia, are each charged in a criminal complaint with racketeering
conspiracy; conspiracy to commit wire fraud and bank fraud; conspiracy to
commit computer fraud, access device fraud and extortion; and substantive
computer fraud.Skorjanc also is accused of conspiring to organize the Darkode
forum and of selling malware known as the ButterFly bot.
The following defendant faces charges in the Western
District of Louisiana:
Rory Stephen
Guidry, aka k@exploit.im, of Opelousas, Louisiana, is charged with computer
fraud. He is accused of selling botnets on Darkode.
The charges and allegations are merely accusations. A defendant is presumed innocent until and
unless proven guilty.
This investigation, Operation Shrouded Horizon, is being
conducted by the FBI with assistance from Europol and their European Cyber
Crime Center (EC3). This case is being
prosecuted by Assistant U.S. Attorneys James T. Kitchen and Charles A. Eberle
of the Western District of Pennsylvania and Trial Attorneys Gavin A. Corn,
Marie-Flore Johnson and Harold Chun of CCIPS, Assistant U.S. Attorney Erica
O’Neil of the Eastern District of Wisconsin and Assistant U.S. Attorney Myers
Namie of the Western District of Louisiana.
The Criminal Division’s Office of International Affairs also provided
significant assistance.
*****
In a related case, Aleksandr Andreevich Panin, aka
Gribodemon, 26, of Tver, Russia; and Hamza Bendelladj, aka Bx1, 27, of Tizi
Ouzou, Algeria, pleaded guilty on Jan. 28, 2014, and June 26, 2015,
respectively, in the Northern District of Georgia in connection with
developing, distributing and controlling SpyEye, a malicious banking trojan
designed to steal unsuspecting victims’ financial and personally identifiable
information. Bendelladj and Panin
advertised SpyEye to other members on Darkode.
One of the servers used by Bendelladj to control SpyEye contained
evidence of malware that was designed to steal information from approximately
253 unique financial institutions around the world. Panin and Bendelladj will be sentenced at a
later date.
This case is being prosecuted by Assistant U.S. Attorneys
Steven Grimberg and Kamal Ghali of the Northern District of Georgia. All press inquiries relating to this case
should be directed to the U.S. Attorney’s Office for the Northern District of
Georgia at USAGAN.PressEmails@usdoj.gov
or (404) 581-6016.
Posts
No comments:
Post a Comment