Cyber Terror Plots & Patsies

Title: Zeus Trojan Arrests Highlight Sophisticated 'Money Mules' Operation
October 1, 2010
Computer World

Abstract: Court documents released in connection with indictments announced on Thursday in a massive international cybercrime operation that resulted in millions of dollars being plundered from domestic bank accounts provide a fascinating -- if scary -- glimpse into how the crooks operated.

The US Attorney's Office in Manhattan announced on Thursday that it had charged 37 individuals for their role in a scheme which involved the use of a sophisticated banking Trojan program and numerous "money mules" to steal from dozens of U.S. business accounts.

The charges in the US followed similar arrests in the UK, where authorities on Tuesday charged 11 Eastern European citizens in connection with the same scam. The operation in the U.S. was code-named ACHing Mules, in apparent reference to the fact that unauthorized automated clearing house (ACH) transactions were typically used to siphon money out of business accounts.

All of the individuals charged in the U.S. so far are from Russia and East European countries and were either money mules that helped transfer stolen money out of the U.S, or individuals who managed or recruited them.

Most of those charged on Thursday entered the country on J-1 non-immigrant visas, which are frequently used by students in cultural exchange programs and other short-term training programs. The visas allow those holding them to remain in the country for months at a time and permit them to open U.S. bank accounts.

A statement released by the Attorney's office said the actual thefts were perpetrated out of Eastern Europe by crooks who used the Zeus banking Trojan to break into computers at small businesses and small municipalities.

The malware was used to steal online banking credentials which were then used to access bank accounts belonging to the small business or municipality. The perpetrators would then withdraw money from the compromised accounts, typically in amounts just less than $10,000, and transfer it to fraudulent U.S. bank accounts set up by the money mules.

The mules would quickly withdraw the funds and send it to the perpetrators after retaining a portion of it -- about 10% -- for themselves.

One example is Ilya Karasev, a 22 year old Russian who has been charged with conspiracy to commit bank fraud, and two other charges. The conspiracy charge alone carries a maximum penalty of 30 years in prison.

Court documents describe Karasev as a mule who first entered the country on a J-1 Visa in May 2008 and then converted his status to a F-1 student Visa in December that year.

Karasev's misdeeds are alleged to have begun in April this year, when he opened a fraudulent bank account at TD Bank in New York using a fake Belgian passport issued under the fictitious name Fransoise Lewenstadd.

A few days later he opened another fraudulent bank account at another TD Bank branch this time using a Greek passport under the name of Alexis Harris. He opened a third account with the same bank a few months later this time using yet another foreign passport and the name Fortune Binot.

In addition to TD Bank, Karasev also opened several similar fraudulent accounts at Bank of America and JPMorgan Chase using his assumed identities. Over a matter of several months, the accounts were used to receive tens of thousands of dollars stolen from numerous small business accounts.

In each case Karasev would withdraw the bulk of the money almost as soon as it hit the fraudulent account using ATMs and over the counter transactions.

In some cases Karasev would make debit card purchases using the stolen funds. The court documents did not specify how Karasev would then transfer the money to the actual perpetrators in East Europe.

Karasev was one of over 24 individuals who belonged to an alleged money mule organization that was responsible for receiving funds stolen using the Zeus Trojan. The mules worked with computer hackers and individuals who could provide fake passports in helping them carry out their operations, according to court documents.

In many cases, the mules used three to four fake passports and identities to open multiple bank accounts, including two or three with the same bank.
One of the alleged ring leaders of the mule organization was Artem Tsygankov, a 22-year old Russia who like the others entered the U.S. on a J-1 visa. According to indictment papers, Tsygankov is alleged to have been responsible for recruiting numerous mules in the U.S.

Another individual, Sofia Dikova was described in court documents as the one in charge of obtaining the fake passports that were used in the scam. Dikova also acted as a mule occasion. Both Tsygankov, and Dikova face up to 30 years in prison if convicted on the consiparcy to commit fraud charges alone.

In addition to the charges by the U.S Attorney's office, Manhattan District Attorney Cyrus R. Vance, Jr., announced on Thursday the indictments of another 36 individuals for what was described as their participation in several large scale identity theft and cybercrime rings.

That group was allegedly responsible for stealing more than $860,000 from 34 corporate and individual accounts in the US, according to a statement from the District Attorney's office (Computer World, 2012).

Title: Zeus Trojan Still Active Despite High Profile Arrests
October 4, 2010
Computer World

Despite high-profile busts in the US, UK and Ukraine of cybercriminals using Zeus malware to steal from online accounts, Zeus will evolve and remain an effective theft tool for a long time, security experts say.

"There's a community building it and supporting it," says Eric Skinner, CTO of Entrust. "There's no one person to take down. If one person stops updating, somebody else will pick up the task. It's not like when you shut down a software company and the product ceases to be developed."

That about sums up the main strength of Zeus, which experts agree is the major malware framework available today. It's available, it's affordable, it works and its toolkit makes modifying it simple. And the core people who do the major development work have managed to elude capture, hiding behind layers of shifting command and control servers, ISPs, domain registrars and international borders.

“Even if we work with law enforcement, we're still not getting them," says Pedro Bueno, malware research scientist at McAfee Labs. "It takes several hops to get to them. We are real close to them but are never able to get to the final destination where they are."

The Zeus banking Trojan steals usernames and passwords from Windows machines so criminals can use them to illegally transfer money out of victims' accounts. A relatively small group of eastern Europeans are considered to be the main developers responsible for creating new releases of the platform, which has been around since 2007.

For example, researchers recently discovered that a Zeus add-on helps defeat attempts by banks to thwart access by thieves who have used Zeus to steal usernames and passwords of online banking customers. After users login, the banks send SMS messages to their cell phones containing one-time codes that the customers enter.

This two-factor authentication makes it more difficult for criminals to break into accounts, but the developers of Zeus found a way. A mobile Zeus Trojan grabs the one-time code and sends it to a ZeuS command and control server where criminals can use it to break into accounts, says Derek Manky, project manager for cyber-security and threat research at Fortinet. "That's an enhancement," he says.

Another recent development ties instances of the software to particular machines, so purchasers of ZeuS can't copy it endlessly or resell it. So far, there is no known way to break this licensing safeguard, Bueno says.

Developers also sell a ZeuS toolkit that lets purchasers customise it to their uses and modify its look so it can keep ahead of antivirus vendors trying to identify signatures that can be used to block it, Skinner says. They can also tailor the Trojan to the requirements of breaking the security of specific banks, he says.

Plus it's easy to use, Manky says. "It's easy for anybody to pick this up without any sort of qualifications," he says. "There's no need to be very technically adept." As Skinner notes, users of ZeuS can buy technical support for it. "It's pretty professional," he says.

The people behind ZeuS are good at hiding, says Manky. The use multiple ISPs, multiple command and control servers, multiple domains and base this infrastructure in multiple countries, all of which makes it difficult to trace their whereabouts. Compounding the problem, they frequently shift their infrastructure to new providers and new locations to start over, he says.

All of this portends a long life for ZeuS, says Skinner, but there are things that can be done to curb the success of criminals who use it:

  • Better educated users can help. Phishing, driveby downloads, email scams and malicious PDF files have all been used to spread the Trojan, says Bueno. More alert users avoiding behaviors that make them susceptible could help, he says.
  • Prosecute high profile cases with severe sentences. This will discourage those who might be tempted to create or join a ring, he says.
  • More takedowns of servers storing stolen information by putting the squeeze on ISPs hosting the servers. This makes it more difficult for criminals to set up their infrastructure, he says.
  • Better cooperation between researchers and banks that discover ZeuS rings and law enforcement agencies. Better cooperation between international law enforcement agencies is also needed so they can act quickly on intelligence about suspicious behaviour.
  • Go after criminal middlemen who aren't the ringleaders but who contract to do the technical work of setting up the network needed to carry out the criminal enterprises. Again, this makes it more difficult for the criminals to do business, he says.
  • Banks could take measures to blunt the effectiveness of the frauds. For example, they could contact customers via email or text message to confirm they have actually authorised suspicious transfers.
  • Develop detection systems that can spot ZeuS activity based on events not on malware signatures, Bueno says.
These measures could help, but the flexibility of ZeuS make it certain its attacks will keep coming. "There will be another one," Skinner says (Computer World, 2010).

Title: Scottish Botnet Mastermind Pleads Guilty
October 26, 2010
Computer World

The Scottish member of the infamous ‘mAnderson00p’ botnet gang has pleaded guilty to charges of distributing computer Trojans as part of a 2006 spam campaign.

Thirty-three year old Matthew Anderson, who adopted a variety of online names including ‘warpigs’ and ‘aobuluz’, used the cover of an apparently legitimate security business to plan campaigns that installed the ‘Ryknos’ Trojan (aka Breplibot/Stinkx).

These allowed the operation to set up spam botnets and open back doors for data theft. He is believed to have been able to spy on victims using a webcam, and to have stolen private documents for CVs, wills, password lists and personal photographs.

"This organised online criminal network infected huge numbers of computers around the world, especially targeting UK businesses and individuals,” said DC Bob Burls of the Police Central e-Crime Unit.

“Matthew Anderson methodically exploited computer users not only for his own financial gain but also violating their privacy. They used sophisticated computer code to commit their crimes.”

Anderson was aided by two accomplices from England and Finland arrested with him in June 2006, one later released without charge and the other given an 18-day community service order. Sentencing is set for 22 November and is unlikely to be as lenient given that Anderson is now seen as the key member.

At the time of the arrests in 2006, the bust was seen as a landmark in disrupting what was then still a relatively novel crime of creating criminal botnets. With the benefit of hindsight, this was merely an early warning of what has grown pretty much unchecked into a huge are of malware growth, that of hijacking ordinary PCs as spam relays. Botnets are now big business and form the core of e-crime (Computer World, 2010).

Title: Police Charge Alleged SpyEye Trojan Gang
April 11, 2011
Computer World

UK police arrested three men late last week in connection with using the SpyEye malware program to steal online banking details.

Two of the men were charged on Friday and appeared in Westminster Magistrates Court in London. Pavel Cyganoc, a 26 year old Lithuanian living in Birmingham, was charged with conspiracy to cause unauthorised modifications to computers, conspiracy to defraud and concealing proceeds from crime. Aldis Krummins, 45, a Latvian living in Goole, was charged with conspiracy to defraud and concealing proceeds of crime.

A third man, a 26 year old whose nationality was not revealed, was released on police bail but must return for further questioning in August, police said.

Police said the three were arrested by the Police Central e-Crime Unit "in connection with an international investigation into a group suspected of utilising malware to infect personal computers and retrieve private banking details."

The investigation began in January and revolved around the group's use of a uniquely modified variation of the SpyEye malware, which harvests personal banking details and sends the credentials to a remote server controlled by hackers, police said. As part of their investigation, police also seized computer equipment and data.

UK police have frequently teamed up with other agencies such as the US Federal Bureau of Investigation and police forces in other European countries to execute raids and arrest cybercrime suspects, but police wouldn't say if arrests were made in other countries as part of this operation.

Security analysts have kept watch on the SpyEye malware for some time. Some say it shares code with Zeus, widely considered the reference in banking malware. Zeus is designed to evade security software, grab online banking credentials and execute transactions as people log into their accounts.

Police have notched some successes against cybercrime organizations using Zeus. Last year, law enforcement agencies in the US and UK arrested dozens of "money mules," or people who were using their own personal accounts to receive stolen funds and transfer the money to other criminal accounts for a slice of the proceeds (Computer World, 2012).

Essex 'Hacker' Ryan Cleary Wanted For Questioning Over Facebook Cyber Attack
Date: June 22, 2011
Source: Telegraph

Abstract: FBI investigators who had been tracking the activities of a hacking group called LulzSec believe Mr Cleary, 19, might have targeted the social networking site which has 500 million users around the world.

He is also suspected of involvement in attacks on the computer systems of the CIA, the US Senate and Sony.

Last night Mr Cleary was charged with a string of cyber attacks on UK-based websites, but police sources said the investigation into attacks on foreign networks was “ongoing”.

Facebook refused to be drawn on whether anyone had managed to hack into its website or access any of its users’ profiles, many of which contain private information which can only be seen by selected friends.

A spokesman for the California-based firm said it had a regular “dialogue” with the FBI but “would not comment on individual cases”.

Asked whether Facebook had been successfully hacked by anyone, the spokesman said: “We just don’t comment on things like this and we don’t go into details.”

The multi-billion dollar social networking site has had to increase security recently to deal with an increasing number of attempted attacks by hackers.

Even if Mr Cleary is tried and convicted of crimes in the UK, he could still face extradition to the US, as the FBI, which was the driving force behind his arrest, want to question him themselves.

Karen Todner, the solicitor for Gary McKinnon, a hacker who has been fighting extradition to the US for six years, said she hoped the Foreign Office would have “learned lessons” from her client’s case, and that Mr Cleary would be dealt with in the UK.

Anil Rajani, an extradition law expert at IBB Solicitors, said Mr Cleary, who has a history of troubled behaviour, would have a strong case for fighting extradition on human rights grounds.

“There would appear to be medical grounds for an appeal against any attempt to extradite him. His age and his human rights under the European Convention would also be part of the argument.”

Mr Cleary, whose family say he suffers from ADHD and Emotional Behavioural Disorder, tried to hang himself when he was ten and was expelled from both his primary and secondary schools for disruptive behaviour before completing his education at a special school in Colchester.

Mr Cleary, of Wickford, Essex, was arrested at his family home on Monday in a joint operation by Scotland Yard and the FBI.

Last night he was charged with five offences under the Criminal Law Act and Computer Misuse Act, including an attack on the website of the Serious Organised Crime Agency on Monday.

He is also alleged to have attacked the website of the British Phonographic Industry, which organises the annual Brit Awards, last October and the website of the International Federation of the Phonographic Industry last November.

He will appear before Westminster Magistrates Court this morning (Telegraph, 2011).

Title: LulzSec Hacking: A Timeline
Date: August 1, 2011

Abstract: LulzSec, the hacking group, have been implicated in several major online security breaches in recent months. Here is a timeline of their activity.

April 29 Fox Broadcasting is hacked, with emails and passwords of hundreds of employees accessed.

May 29 PBS, the US public television station, has its website hacked into:LulzSec places a false story saying that the rapper Tupac Shakur, who was shot and killed in 1996, is alive on the PBS homepage.

June 2 The hackers break into Sony's intranet, accessing the private details of more than a million people and posting them online.

June 6 Nintendo becomes the latest victim of the group's hacking spree, although the group says: “We’re not targeting Nintendo. We like the N64 too much - we sincerely hope Nintendo plugs the gap.”

June 8 NHS patients face a potential security breach after the hackers gained access to health service passwords. LulzSec claims that it had accessed a system handling sensitive patient data. They say: “we mean you no harm and only want to help you fix your tech issues… we’re a somewhat known band of pirate-ninjas that go by LulzSec. Some time ago, we were traversing the internet for signs of enemy fleets. While you aren’t considered an enemy – your work is of course brilliant – we did stumble upon several of your admin passwords.”

June 16 The public website of the US Central Intelligence Agency goes down after the hacker group said it had launched an attack. The CIA site initially could not be accessed from New York to San Francisco, and Bangalore to London.

The same day, it is accused of hacking Sega's website, but denies involvement. A Twitter message from LulzSec said: “We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down.”

June 20 LulzSec apparently brings down the Serious and Organised Crime Agency (Soca) website.

June 21 Claims that Lulzsec stole the entire 2011 census database are denied by the group. Ryan Cleary, an alleged member of the hacking group, is arrested in Essex by specialist cyber crime officers from Scotland Yard. However, they deny involvement, saying on Twitter: "Just saw the pastebin of the UK census hack. That wasn't us - don't believe fake LulzSec releases unless we put out a tweet first."

June 26 LulzSec announces via Twitter that it will disband following its "50 day cruise" of "hope, inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love".

July 19 The website of The Sun newspaper is hacked and a spoof story announcing the death of Rupert Murdoch is published, including a reference to his supposed "famous topiary garden". LulzSec reemerges to claim credit.

July 20 A 16-year-old from south London is arrested for involvement in cyber attacks by both LulzSec and Anonymous. He is released on police bail pending further inquiries.

July 27 Met cyber crime officers travel to the Shetland Islands to arrest an 18-year-old who they allege is "Topiary", LulzSec's main spokesman and thought to be behind its nautically-themed public relations. He is taken to London for questioning, while a 17-year-old is also questioned under caution in Lincolnshire.

July 31 The Shetlander alleged to be "Topiary" is charged with offences relating to LulzSec's attack on the Soca website and named as Jake Davis.

August 1 Davis is bailed at City of Westminster Magistrates Court on conditions he wears an electronic tag and dopes not access the internet (Telegraph, 2011)

Title: FBI Arrests Suspect Over Sony Hacking
Date: September 23, 2011

Abstract: FBI agents arrested the suspect, named as Cody Kretsinger, 23, of Phoenix, Arizona, "without incident," said US Attorney in Los Angeles Andre Birotte Jr. and Steven Martinez, head of the FBI's Los Angeles office.

Mr Kretsinger was due in court in Arizona during the day, when authorities will request that he be transferred to Los Angeles to face prosecution over the attack on Sony Pictures, said a joint statement.

He has been charged with conspiracy and the unauthorized impairment of a protected computer, and could face up to 15 years in prison if convicted, they said.

The indictment alleges that Mr Kretsinger and others obtained confidential information in May and June from Sony Pictures' computer systems using a "SQL injection" attack, a technique commonly used by hackers to steal information.

Mr Kretsinger was believed to be a current or former member of LulzSec or Lulz Security, and used the moniker "recursion" as part of the attack between May 27-June 2 this year.

The indictment alleges that "Kretsinger and his co-conspirators distributed the stolen information, including by posting the information on LulzSec's website, and then announced the attack via its Twitter account," they said.

"The indictment further alleges that, in order to avoid detection by law enforcement, Kretsinger permanently erased the hard drive of the computer he used to conduct the attack on Sony Pictures," added the statement.

In an earlier attack, Sony's PlayStation Network, Qriocity music streaming service and Sony Online Entertainment were targeted by hackers beginning in April.

In that attack, over 100 million accounts were affected and Sony said it could not rule out that millions of credit card numbers may have been compromised. It has since restored its online services.

The cyberattacks threatened to cause deep damage to Sony's brand image and the company's efforts to link its gadgets to an online network of games, movies and music (Telegraph, 2011).

Title: Card 'Blackhat' Gets Prison For PIN Terminal Fraud
October 17, 2011
Computer World

One of Europe’s elite ‘blackhat’ card fraud engineers has been sentenced to three years in prison at London’s Old Bailey for helping European gangs steal money using tampered chip and PIN terminals.

Twenty-six year old German national, Thomas Beeckman, was a talented electronics engineer who became a mastermind on how to subvert the technology used in European PIN entry devices, the small machines that customers use to pay using plastic credit or debit cards in shops.

The modified terminals were then re-exported back to the countries from which they had been stolen and introduced back into the chip and PIN system, allowing financial theft on an unspecified scale.

The advance Beeckman’s electronics skill offered the gangs was that the terminals appeared genuine, delaying the point at which fraud would be traced to the physical PIN device itself.

The criminal networks also cloned cards which had been compromised, exporting them to countries such as the US, which has no PIN security at the point of sale.

"By putting this individual behind bars the Dedicated Cheque and Plastic Crime Unit has prevented them from defrauding the banking industry and its customers of significant sums of money,” said detective sergeant Richard Maynard of Scotland Yard’s Dedicated Cheque and Plastic Crime Unit (DCPCU).

“There can be no doubt that the work of our specialist unit over the past few years has played a key part in driving card fraud down, and we continue to provide a clear warning to the organised gangs and those who work with them that we will track them down," he said.

How much Beeckman was paid in return for his Blackhat skills is unknown but he was reportedly able to support a wife and family in Thailand from the proceeds.

The German was eventually caught in June after a tip-off as he entered The Netherlands by bus from the UK. Modified terminals were found on his possession which police believe were to be planted in shops in Belgium and The Netherlands (Computer World, 2011).

Title: Zeus Trojan Masterminds Found Guilty Of £3 Million Online Fraud
November 3, 2011
Computer World

The last two people found guilty of being part of the gang behind the UK’s biggest ever cybercrime phishing spree have each been sentenced to nearly five years in jail.

Ukrainians Yuriy Konovalenko, 29, and Yevhen Kulibaba, 33, were the ringleaders of the largely UK-based gang that police believe managed to steal at least £4.3 million ($6.9 million) between September 2009 and March 2010 by deploying the Zeus Trojan to raid online bank accounts in several countries.

The full scale of their crimes might never be known with some estimates putting the sums stolen from the gang’s activities above £20 million, which would make it one of the largest crybercrime heists ever to reach court anywhere in the world. Police have connected the pair directly to almost £3 million of the uncovered thefts.

There has been a slow drip of sentences handed out to the gang members in what turned out to be a hugely complex investigation, ‘Operation Lath’, which saw 13 people charged with a variety of offences connected to the gang’s activities.

Last month, Kulibaba’s wife, Latvian national
Karina Kostromina, was sentenced to two years in prison for carrying out money laundering for the gang.

"These defendants were part of an organised network of computer criminals operating a state-of-the art international online banking fraud, through which they stole many millions of pounds from individuals and businesses in the UK and United States,” said detective inspector Colin Wetherill of the Metropolitan Police’s Police Central E-Crime Unit (PCeU).

"The investigation involved unprecedented levels of cooperation between the Metropolitan Police, the UK banks, the FBI and other UK and international law enforcement agencies,” he said.

The huge success of the gang’s attacks on online bank accounts probably had something to do with timing. The malware family used, Zeus (also known as SpyEye) was not easily detected by some security systems and the banks concerned clearly underestimated the speed with which it could compromise the accounts of users (Computer World, 2011).

Title: Harrogate Boy Arrested Over Royal Wedding 'Cyber Plot'
Date: November 18, 2011
Source: BBC 

Abstract: A 16-year-old boy from North Yorkshire has been arrested in connection with an alleged plot to corrupt the official website of the royal wedding, it has emerged.

The youth from Harrogate was questioned as part of an investigation by the Metropolitan Police's E-Crime Unit.

A police spokesman said the alleged offence was in connection with a suspected "denial of service" attack.

The youth was arrested in October and has been bailed until 15 December (November 18, 2011)

Title: FBI, Philippine Police Bust Hacking Ring Financed By Terror Group
Date: November 24, 2011
Gant Daily

FBI agents and Philippine police have arrested four hackers responsible for attacks on the AT&T in 2009.

Suspected hackers Macnell Gracilla, 31, Francisco Manalac, 25, Regina Balura, 21 and Paul Michael Kwan, 29, were arrested Wednesday in their homes in Quezon City and Caloocan City, the Philippine National Police (PNP) announced Thursday. Seized from their homes were computers and telecommunication equipment used for their hacking activities.

The PNP’s cyber crime unit chief Gilbert Sosa said the suspects were being paid by Jemaah Islamiyah (JI) to hack the trunk line of telecommunication companies. AT&T lost $2 million in the hacking done by the group.

The bank transactions between the Pakistani JI member Muhammad Zamir and the hackers enabled the FBI to trace their locations in Manila.

Zamir, who was arrested by FBI agents in Italy in 2007, also funded the terror attacks in Mumbai, India in 2008 (Gant Daily, 2011).

Title: FBI Arrest Computer Programmer For Stealing US Treasury Code
January 23, 2012
Computer World

The FBI said it arrested a computer programmer in New York this week and charged him with stealing proprietary software code from the Federal Reserve Bank of New York. The software known as the Government-Wide Accounting and Reporting Program (GWA) handles all manner of US government financial transactions.

Stealing the code for his own business

"As alleged in the complaint, between May 2011 and August 11, 2011, Bo Zhang was a contract employee assigned to the Federal Reserve Board of New York (FRBNY) to work on further developing a specific portion of the GWA's source code which the United States has spent approximately £6.1 million ($9.5 million) to develop. In the summer of 2011, Zhang allegedly stole the GWA Code," said the FBI in a statement.

"According to the complaint, Zhang admitted that in July 2011, while working at the FRBNY, he checked out and copied the GWA Code onto his hard drive at the FRBNY; he subsequently copied the GWA Code onto a bank-owned external hard drive; and he connected that external hard-drive to his private office computer, his home computer, and his laptop. Zhang stated that he used the GWA Code in connection with a private business he ran training individuals in computer programming."

"Zhang took advantage of the access that came with his trusted position to steal highly sensitive proprietary software. His intentions with regard to that software are immaterial. Stealing it and copying it threatened the security of vitally important source code," said FBI Assistant Director in Charge Janice Fedarcyk in a statement.

Previously worked for Goldman Sachs 

Now free on bond but due back in court in February, Zhang, 32, of Queens, New York, faces a maximum term of 10 years in prison and a £160,000 ($250,000) fine if guilty.

While the FBI didn't identify which company Zhang currently worked for, reported he in the past had worked for at Goldman Sachs Group Inc. (GS) and Bank of America Corp. also said Matt Anderson, a Treasury spokesman, said the department has worked to strengthen security procedures for Federal Reserve contractors working on Financial Management Service projects. "There was no compromise of any transaction data, personal identifying information or federal funds," Anderson said (Computer World, 2012).

Title: FBI Arrests Financial Software Copyright Fugitive On His Return To The US
February 3, 2012
Computer World

The FBI today said it arrested a man on charges of illegally reproducing and distributing more than 100 copyrighted commercial software programs who had fled the country after being indicted last year.

Naveed Sheikh, 31, formerly of Baltimore, was arrested at Dulles Airport as he was trying to get back into the US. According to the FBI, a year ago Sheikh knew he was under investigation and fled to Pakistan shortly before being indicted on 13 January, 2011.

According to the FBI, from February 2004 to April 2008, Sheikh reproduced and distributed more than 100 copyrighted commercial software programs for which he allegedly received over £167,000 ($265,000). The copyrighted works are said to be worth millions of pounds.

Sheikh allegedly advertised through his Internet website and sold infringing copyrighted commercial software at prices well below the suggested retail prices of legitimate, authorized copies of the software. Some of the copyrighted works included Microsoft Money 2006 Small Business, Adobe After Effects Pro 7.0, Veritas NetBackUp Pro 5.1, Solid Works Office 2000 Premium, Quicken Premier Home and Business 2006 and Apple iLife 2006.

The FBI said Sheikh advised purchasers that software programs could be mailed to purchasers on compact discs and downloaded from the Internet. Sheikh created DVD-Rs and CD-Rs with copyright infringing software programs and crack codes. Crack codes let people modify software to remove or disable security protections. Sheikh allegedly requested that purchasers send money orders for infringing software to a P.O. box he maintained in Towson, Md., the FBI stated.

Sheikh also permitted customers to pay for infringing software through credit card charges and electronic fund transfers. Sheikh paid a company that hosted Internet domains to register multiple Internet domains, including,, and Sheikh's computer server, which was located in Scranton, Pa., hosted his website. Sheikh used computers in Bel Air, Md., and other computers to contact and control his computer server, the FBI stated.

The indictment seeks the forfeiture of £167,000 and any property derived from or traceable to the proceeds of the scheme. He could get up to five years in prison. No hearing date has been set (Computer World, 2012).

Title: Symantec Source Code Hacker: We Always Planned To Release The Stolen Code
Date: February 7, 2012
The Verge

Abstract: Protracted 
extortion negotiations with a hacker threatening to release stolen source code for several Symantec products ended yesterday with the code for pcAnywhere surfacing on The Pirate Bay. While Symantec has claimed it never had any intention of paying the $50,000 fee, and that the negotiations were part of a law-enforcement operation, the hacker in question has now told Reuters that he was always going to release the code. "We tricked them into offering us a bribe so we could humiliate them," said YumaTough, thought to be part of the Anonymous-affiliated Lords of Dharamaja group.

According to the report, Symantec is already expecting the source code for additional programs to be released by the group as well — Norton AntiVirus was one application mentioned in email exchanges between YumaTough and a law-enforcement official posing as a Symantec employee — but the company again reiterated that any such leaks wouldn't put their customers in danger. "As we have already stated publicly, this is old code," company spokesperson Cris Paden said, "and Symantec and Norton customers will not be at an increased risk as a result of any disclosure." The code was originally stolen in a network breach in 2006, but Symantec claims all current versions of its software will be immune to any attacks based upon vulnerabilities discovered in the 2006 versions (The Verge, 2012).

Title: Interpol Says Suspected Anonymous Hackers Arrested
Date: February 28, 2012
Fox News

Abstract:  Interpol said Tuesday that 25 suspected members of the loose-knit Anonymous hacker movement have been arrested in a sweep across Europe and South America.

The international police agency said in a statement that the arrests in Argentina, Chile, Colombia and Spain were carried out by national law enforcement officers working under the support of Interpol's Latin American Working Group of Experts on Information Technology Crime.

The suspects, aged between 17 and 40, are suspected of planning coordinated cyberattacks against institutions including Colombia's defense ministry and presidential websites, Chile's Endesa electricity company and national library, as well as other targets.

The arrests followed an ongoing investigation begun in mid-February which also led to the seizure of 250 items of IT equipment and mobile phones in searches of 40 premises in 15 cities, Interpol said.

In Chile's capital, Subprefect Jamie Jara said at a news conference that authorities arrested five Chileans and a Colombian. Two of the Chileans are 17-year-old minors.

The case was being handled by prosecutor Marcos Mercado, who specializes in computer crime. He said the suspects were charged with altering websites, including that of Chile's National Library, and engaging in denial-of-service attacks on websites of the electricity companies Endesa and Hidroaysen. The charges carry a penalty of 541 days to five years in prison, he said.

Jara said the arrests resulted from a recently begun investigation and officials do not yet know if those arrested are tied to any "illicit group."

"For now, we have not established that they have had any special communications among themselves," he said.

Jara said authorities were continuing to investigate other avenues, but gave no details.

Gen. Carlos Mena, commander of Colombia's Judicial Police, said no one was arrested in Colombia, but he noted that some Colombians had been arrested elsewhere, including Chile.

He said he hadn't confirmed a report that one of those arrested in Argentina may have been from Colombia.

Mena did hint that there might be arrests in Colombia. He said other nations have been providing information and Colombian authorities are looking into it, but so far haven't arrested any hackers.

"You have to leave them alone, so when we have all the evidence, and the prosecutor makes the decision, we will be all over it and capturing them," he said.

No official statements have been released yet in Argentina. An Argentine media website based its story on the Interpol statement, which it quotes as saying that 10 people were arrested in Argentina.

Earlier Tuesday, police in Spain announced the arrest of four suspected Anonymous hackers in connection with attacks on Spanish political party websites. These four were among the 25 announced by Interpol.

A National Police statement said two servers used by the group in Bulgaria and the Czech Republic have been blocked.

It said the four included the alleged manager of Anonymous' computer operations in Spain and Latin America, who was identified only by his initials and the aliases "Thunder" and "Pacotron."

The four are suspected of defacing websites, carrying out denial-of-service attacks and publishing data on police assigned to the royal palace and the premier's office online.

Interpol is headquartered in Lyon, France. The organization has no powers of arrest or investigation but it helps police forces around the world work together, facilitating intelligence sharing.

Anonymous, whose genesis can be traced back to a popular U.S. image messaging board, has become increasingly politicized amid a global clampdown on music piracy and the international controversy over the secret-spilling site WikiLeaks, with which many of its supporters identify.

Authorities in Europe, North America and elsewhere have made dozens of arrests, and Anonymous has increasingly attacked law enforcement, military and intelligence-linked targets in retaliation.

One of Anonymous' most spectacular coups: Secretly recording a conference call between U.S. and British cyber investigators tasked with bringing the group to justice.

Anonymous has no real membership structure. Hackers, activists, and supporters can claim allegiance to its freewheeling principles at their convenience, so it's unclear what impact the arrests will have.

Some Internet chatter appeared to point to a revenge attack on Interpol's website, but the police organization's home page appeared to operating as normal late Tuesday.

One Twitter account purportedly associated with Anonymous' Brazilian wing said the sweep would fail.

"Interpol, you can't take Anonymous," the message read. "It's an idea" (Fox News, 2012)

Title: Five 'Top LulzSec Hackers' To Face Charges In New York
Date: March 6, 2012

Abstract: The five were either under arrest or being sought, a law enforcement official said. Unconfirmed reports claimed the five had been turned in by their leader, known as “Sabu”, dubbed one of the most powerful hackers in the world today.

It is not yet clear what the allegations against the alleged hackers are, but they are expected to be revealed in court on Tuesday.

The group also goes by the full name Lulz Security. Hackers associated with the group have claimed to be responsible for a variety of cyber attacks on big companies, law enforcement and government agencies - including Fox News and the CIA.

The law enforcement official spoke on condition of anonymity because the charges have not yet been officially announced.

LulzSec is a spin-off of the loosely organized hacking collective Anonymous. Its members attained notoriety last May by attacking the website of the public broadcaster PBS and posting a story claiming that the slain rapper Tupac Shakur was alive and living in New Zealand.

Some alleged associates of the group are already facing charges elsewhere. An English teenager, Ryan Cleary, was arrested by British law enforcement in June and charged with being linked to the group.

In July, an alleged LulzSec spokesman, Jake Davis, was arrested in Scotland (Telegraph, 2012)

Title: FBI Charges Alleged Anonymous Hackers After Supergrass Claims
Date: March 7, 2012

Abstract: The FBI has brought charges against six young men suspected of being leading lights in the loose network known as Anonymous, who are accused of having “waged a deliberate campaign of online destruction, intimidation and criminality”.

As alleged members of smaller hacking groups called LulzSec, Internet Feds and AntiSec, they are said to have been behind cyber attacks on the websites of major companies and world governments and the theft of confidential data.

Among the accused named in New York federal court documents as taking part in "computer hacking conspiarcy" are a 19 year-old from the Shetland islands, Jake Davis, and a 25 year-old from Doncaster, Ryan Ackroyd. They have already been arrested by British police but now face possible extradition to the US.

One of two Irish men facing charges, Donncha O'Cearrbhail, is accused of hacking a confidential conference call between the FBI and the Metropolitan Police in January and then releasing it onto the internet, in an incident that caused huge embarrassment to the authorities.

A sixth man, Jeremy Hammond of Chicago, is said to have been responsible for a hack of the Stratfor intelligence firm’s website that “affected approximately 860,000 victims”. Millions of sensitive emails were published after finding their way to the whistleblowing group WikiLeaks.

The charges, detailed in a 24-page indictment released on Tuesday, were brought after Hector Xavier Monsegur, alleged head of the elite LulzSec group, agreed to cooperate with the FBI in return for lesser charges.

Court documents reveal that Mr Monsegur, a 28 year-old from New York known as Sabu, secretly pleaded guilty to computer hacking conspiracy charges in August last year and began providing information to the FBI's investigation.

In a 24-page charge sheet, New York prosecutors accuse the six men of attacking websites ranging from an Irish political party to MasterCard and of stealing information from 70,000 potential contestants on the American X-Factor.

Mr Ackroyd, said to be known online as Kayla and Lolspoon, is accused of helping to identify weaknesses in targets' computer systems and breaking down their security to gain confidential information while Davis, who allegedly used the handle Topiary, is alleged to have used to have used Twitter to boast of the group's exploits and to have helped store stolen data.

Both are both charged with two counts of conspiracy to hack computers and under American law could face a maximum of 20 years in prison.

The US is known to aggressively pursue the extradition of alleged hackers and is currently seeking to bring Gary Mackinnon, a 46-year-old from Glasgow, into American jurisdiction to face charges of computers belonging to Nasa and the Pentagon.

The Home Office said it could not "confirm or deny" if an extradition request had been made (Telegraph, 2012).

Title: LulzSec-Linked Hacker Mocked September 11, Threatened To Burn Down White House
Date: March 8, 2012
Fox News

Abstract: A top hacker who worked closely with LulzSec leader Sabu is a committed anarchist who mocked the 9/11 attacks, spoke of burning down the White House and ridiculed pacifist protesters for not using violence to achieve their means, has learned.

Jeremy Hammond, whose online handles “Anarchaos” and “crediblethreat” and “tylerknowsthis” underscored his virulent anti-government beliefs, was arrested up Tuesday in Chicago as part of an international sweep netting top members of the hacker group LulzSec and its affiliates. The 27-year-old is a self-styled anarchist whose admirers call a modern day Robin Hood. He took credit for the massive attack on the global intelligence company Stratfor and even embraced being branded a “terrorist” in a speech at a 2004 hacker convention caught on video.

“One man’s freedom fighter is another man’s terrorist,” Hammond told the audience at the annual DefCon hackers conference in Las Vegas 2004. “So let them call us terrorists,” he added moments later. “I’ll still bomb their buildings.”

The tough talk is in sharp contrast to the image some have of LulzSec as a merry band of Internet mischief-makers. Hackers in the group were stunned on Tuesday when broke the story that LulzSec’s leader, Hector Xavier Monsegur, known to his minions as “Sabu,” had been secretly working for the FBI after being arrested. Chat logs included in Hammond’s indictment purport to show Hammond and Sabu’s numerous online conversations; in some, Hammond talks about the Stratfor hack and his previous arrests and time spent behind bars.  But even prison time did nothing to soften Hammond’s angry worldview.

“This guy is not some harmless kid living in his parents’ basement,” a law enforcement source said of Hammond. “He’s got a history and potential for violence.”

Chilling chatroom transcripts obtained by capture the dark and disturbing views of Hammond, whose mother said he has an IQ of 168 and called him a “genius without wisdom,” in a Chicago Tribune interview. In the discussions with an unknown audience, Hammond hailed the 2007 book “How Nonviolence Protects the State,” by self-proclaimed anarchist Peter Gelderloos, praising it for encouraging violence and sabotage.

“I didn't start the conversation about burning the white house, but I'll finish it,” vowed Hammond in one undated post.

In another post, Hammond calls for “organized, coordinated attacks against targets who are more directly responsible for our miserable conditions,” and proposes “a toast to the rich! with our choice of cocktail.”

Perhaps most disturbing is this chilling dialogue about 9/11:

“So what's the best way to celebrate 9/11? A jenga tournament!” Hammond posted. “We played a big 9/11 show on saturday, we had a pinata of the world trade towers … it was filled with candy and miniature plastic army men.”

In response to a request for comment, Hammond's attorney Jim Fennerty told via e-mail, "I know nothing about his postings on line."

In 2005, Hammond formed a group he dubbed the “Internet Liberation Front.” He hacked into a conservative website and stole 5,000 credit card numbers which he intended to use to make donations to liberal causes, according to authorities. Although he was caught before he could carry out the plan, which prompted comparisons to Robin Hood, he served two years in prison.

Hammond was arrested again in 2010 he was arrested for allegedly throwing a banner into a fire at a protest against the Olympics coming to Chicago. He was given 18 months probation.

Authorities believe Hammond was the main player in the Stratfor hack last December, in which 5 million emails were stolen and handed over to Wikileaks. According to the federal complaint against Hammond, the attack was designed to bankrupt Stratfor, a Texas-based company that works with intelligence agencies around the world. This time, Hammond is facing up to 10 years in prison.

“The sheer amount of destruction we wreaked on Stratfor’s servers is the digital equivalent of a nuclear bomb: leveling their systems in such a way that they will never be able to recover,” wrote a LulzSec member in an online post (Fox News, 2012).

Title: BPAS: 'Hacker' Held Over Illegal Breach Of Abortion Website
Date: March 9, 2012

Abstract: The 27-year-old, who has not been named, was arrested during early morning raids on suspicion of offences under the Computer Misuse Act, Scotland Yard said.

It comes after the website of the British Pregnancy Advisory Service (BPAS) was hacked into and defaced yesterday. Data on the website, which is currently down and can not be viewed, was also compromised, police said.

BPAS said there were about 26,000 attempts to break into its website over a six-hour period, but confirmed that no medical or personal information relating to women who had received treatment was accessed.

The company was, however, forced to take out a court injunction after details of people who requested information via the website was compromised.

Officers from the Metropolitan Police's Central e-Crime Unit executed a search warrant at an address in Wednesbury, West Midlands, before arresting the suspect who is currently in custody at a West Midlands Police Station.

Police said they were alerted to allegations that the BPAS website was hacked on Thursday.

Claims later appeared on Twitter that the names of women who had undergone terminations had been accessed and might be released.

But police and the BPAS moved quickly to reassure the public saying none of the stolen data contained any medical details of women who had received treatment.

Detective Inspector Mark Raymond from the Met's e-Crime Unit said: "We have taken rapid action to identify and arrest a suspect involved in hacking.

"This was done to prevent personal details of people who had requested information from the BPAS website being made public.

"It should be stressed that the stolen data did not contain the medical details of women who had received treatment or why individuals had contacted the British Pregnancy Advisory Service."

BPAS is a non-statutory abortion provider and has a number of clinics across the country.

It also provides counselling for unplanned pregnancy and abortion treatment and gives advice about contraception, sexually transmitted infection testing and sterilisation.

A BPAS spokesman said: "The website does store details (names, addresses and phone numbers) of people who have requested information from BPAS via (the internet), including those making personal inquiries as well as health and education professionals, the media and students.

"These may have been inquiries relating to contraception, pregnancy, abortion, STI testing and sterilisation.

"Relevant authorities were informed and appropriate legal action taken to prevent the dissemination of any information obtained from the website."

He added: "While the confidentiality of women receiving treatment was never in danger, this episode was taken very seriously indeed.

"A court injunction was obtained to prevent the publication of the data and, in the early hours of this morning an arrest was made" (Telegraph, 2012).

Title: Police Arrest Online Banking Fraudster
March 14, 2012
Computer World

The Metropolitan Police Service's Police Central e-Crime Unit (PCeU) has arrested a man for committing online banking fraud.

A 37-year-old man from Belvedere in Kent was arrested in connection with computer misuse offences.

It follows a recent study from the UK Cards Association, which said that technology had helped to significantly reduce the amount of money lost through credit and debit card fraud to an 11-year low.

An unnamed high street bank had reported to the police that online accounts had been compromised over an 18-month period. The PCeU carried out an investigation which found that accounts had been accessed without authority, money stolen and personal details had been changed.

The police seized computer equipment from the suspect's address, and will now be examining the devices. The man has been taken into custody at a south London police station.

Detective Inspector Mark Raymond at the PCeU said: "Online crime is never victimless. Such offences are indiscriminate and will be fully investigated where allegations are made.

"Online banking is generally very safe providing individuals keep their operating systems and anti-virus software regularly updated to avoid online hackers and fraudsters. Sound independent advice can be found at ''" (Computer World, 2012).

Title: Two Arrested After Hackers Attacked Anti-Terror Hotline
Date: April 12, 2012

Abstract: The teenagers were being held in the West Midlands by officers from the Police Central e-Crime Unit on suspicion of offences under the Malicious Communications Act and the Computer Misuse Act.

Yesterday, an organisation called Team Poison claimed to have carried out a cyber-attack in response to the alleged detention of innocent people on terrorism charges and the recent ruling to deport a number of terror suspects to the United States.

The Daily Telegraph also understands that the group was angry at Government plans to introduce so-called snooping laws, allowing the authorities greater access to personal communications.

The group, which claims to have carried out a string of similar assaults on other organisations including Nato, launched a two day “phone bombing” exercise against the anti-terror hotline, jamming the network and preventing genuine callers from getting through.

It is understood Team Poison used readily available software to bombard the Scotland Yard phone line, but routed the activity through a computer server based in Malaysia in order to cover their tracks.

The hackers then claim to have exploited a “weakness” in the Scotland Yard’s phone system to eavesdrop and record a conversation between officials discussing the incident.

Recordings of the conversations were later posted on internet, suggesting an embarrassing lapse of security within Scotland Yard’s counter-terrorism unit.

Last night the Metropolitan Police insisted that their phone security had not been breached the integrity of the confidential anti-terror hotline remained intact.

In one recording, an alleged hacker, who has an American accent, is heard goading one of the hotline operatives about the phone-bombing exercise.

The caller, who claimed to be called Robert West, told the official:

“I got some terrorism for you here …. our philosophy is pretty simple, it’s knowledge is power.”

More worryingly for the security services however is the question of how hackers apparently managed to record a conversation between two officials within Scotland Yard discussing the incident.

One operative is heard telling another that the anti-terror hotline had been inundated with hundreds of calls from the hacking group.

In a recording posted on the internet he is heard to say: “We have been subjected to a barrage of calls from a group called Team Poison.

We have had about 700 calls over the last couple of nights. One of the conversations I had last night was leaked on YouTube.

"Everyone else calling was effectively shut out and could not through at all."

It is not clear how the group managed to listen in to the conversation, but one theory is that the receiving handset was compromised during the phone-bombing exercise.

One member of Team Poison allegedly claimed to have used a well established system of phone hacking known as Phreaking.

He said: “It was very easy, they were using an old phone system which was vulnerable to a private phreaking method that we discovered.

He added: “The guys at the Counter Terrorist Command are clowns, whilst listening in on them, all they do is socialise and joke around with other employees. But to be honest, they are the real terrorists, imprisoning innocent people without evidence and invading countries for their own benefit.”

Explaining what had motivated the attack, the alleged hacker claimed it was in response to Britain’s treatment of terror suspects.

He said: “We done it due to the recent events where the counter terrorist command and the UK court system have allowed the extradition of Babar Ahmad, Adel Abdel Bary (sic) and a few others – we also done it to due the new "snooping" laws where the GCHQ can "spy" on anyone and everyone.”

He added: “Our members come from all over the world, we have no religion, no race, we are not affiliated with any other groups, we believe in equality for all & were anarchists.”

It is the second time in a matter of months that hackers have gained access to private telephone conversations involving Scotland Yard personnel.

In February hackers from the group known as Anonymous released a recording of a conference call between the FBI and UK police in which they were discussing efforts to catch hackers.

Last night, Ailsa Beaton, Director of Information for the Metropolitan Police said: “We are confident the MPS communication systems have not been breached and remain, as they always have been, secure.

"We are satisfied that any recording would have been made via the receiving handset only and not from an attack on internal systems.

The public can remain confident in the ability to communicate in confidence and that the integrity of the Anti-Terrorist Hotline remains in place" (Telegraph, 2012).

Title: Team Poison: Profile Of The Hackers
Date: April 12, 2012

Abstract: They say they use “bullying tactics” on their “victims” to raise awareness of issues globally and are currently focused on what they believe is the unfair extradition of individuals to the United States.

One member, calling himself TriCk, said the group had already gained unauthorised access to organisations from Facebook to the United Nations.

Spelling their name "TeaMp0isoN" online, they include Blackberry, NATO, the English Defence League, British National Party and former Prime Minister Tony Blair in their list of hacks.

They have previously worked alongside other notorious hackers “Anonymous” to launch an assault on the banks under the codename “Operation Robin Hood”.

In this, they claimed to target the multi-national corporations to channel funds back to the “disenfranchised 99 per cent”.

In November last year, they claimed to crack two banks in America but reportedly did not touch databases or customer information in a “warning” for members of the public to “withdraw your money from banks”.

Under the name, Operation Free Palestine, the group have also announced they intend to target Israeli credit card holders.

The group has a well-publicised rivalry with hackers LulzSec, and have publicly threatened to reveal their true identities.

TriCk, who has claimed to be just 17 years old, said he believed the anti-terrorist police were the “real terrorists” and said: “Terrorism doesn’t exist. They create the terrorism and fabricate it to demonize a certain faith.

“We’ve shown them that it’s not only them that can listen in on people.”

He said the group don not have any religion, race and are not affiliated with any political group, but describe themselves as “anarchists”.

He added: “I fear no man or authority. My whole life is dedicated to the cause.”

Ailsa Beaton, Director of Information for the Metropolitan Police said: “We are confident the MPS communication systems have not been breached and remain, as they always have been, secure.

"We are satisfied that any recording would have been made via the receiving handset only and not from an attack on internal systems.

"The public can remain confident in the ability to communicate in confidence and that the integrity of the Anti-Terrorist Hotline remains in place" (Telegraph, 2012).

Title: Two Men Jailed Over SpyEye Banking Malware
July 2, 2012
Computer World

Two men who used malware SpyEye to steal and use personal banking and credit card data from unsuspecting victims’ online accounts have been jailed for offences under the Computer Misuse Act.

SpyEye is a computer Trojan horse that specifically targets online banking users. Like its older cousin Zeus, SpyEye is no longer being developed by its original author, but is still widely used by cybercriminals in their operations.

Pavel Cyganok, 28, a Lithuanian national living in Birmingham was sentenced to five years, while Ilja Zakrevski, 26, an Estonian national, has been sentenced to four years.

Meanwhile, a third man, Aldis Krummins, 45, a Latvian living in Goole, was found guilty of money laundering in relation to the investigation, and sentenced to two years.

The investigation began in January and revolved around the group's use of a uniquely modified variation of SpyEye, which harvests personal banking details and sends the credentials to a remote server controlled by hackers, police said. As part of their investigation, police also seized computer equipment and data.

Detective Constable Bob Burls from the Metropolitan Police Central e-crime Unit (PCeU) said: “The defendants, during the course of their enterprise, developed a highly-organised IT infrastructure to enable their criminality, including in some cases, the automatic infection of innocent computer users with their malicious code.”

The PCeU was first contacted by Estonian Police in March 2010 about Zavrevski, whom they suspected was targeting UK financial institutions with SpyEye.

The stolen data was stored in databases, known as Command and Control servers, around the world, with one server in the UK.

An investigation found that about 1,000 computers had been infected and connected to this server, and detectives were also able to identify compromised bank accounts of UK, Danish and Dutch citizens, and how they had been misused and defrauded.

The culprits used the stolen banking details to buy additional IT infrastructure and pay for their domestic utilities and lifestyles.

They also used the credit card data to purchase luxury goods online in bulk, which they resold via online auction sites. Some of the £100,000 made from these sales was laundered within online accounts that the cybercriminals controlled.

Zakrevski was linked to the investigation when the police found a computer located in Estonia connected to his online username, ASAP911, which was periodically checking how many infected computers were connecting to the server. He was extradited to the UK and charged in July 2011.

Meanwhile, Cyganok was arrested at his home address in April 2012, and was found to be logged into a number of the command and control servers at the time (Computer World, 2012).

Title: Chinese Police Arrests 10,000 For Cybercrimes
Date: July 27, 2012
Times of India

Abstract: Chinese police arrested over 10,000 suspects and 600 criminal gangs during its latest crackdown on cybercrime.

The ministry of public security said the crackdown targeted pornography and the illegal sale of personal details. The ministry said that as of June, 3.2 million 'harmful' messages had been deleted and 30 internet service providers punished for granting access to unlicensed sites.

"Although illegal and harmful information on the internet has been sharply reduced through intensified crackdowns, fraudulent messages are still seen occasionally," the official Xinhua news agency quoted a ministry statement, as saying.

"And some telecom service providers are not strict enough when managing websites," it added.

According to BBC, the statement coincides with reports from some of the country's local authorities about their own efforts.

Beijing Police said it had arrested 5,007 people suspected of internet-related crimes and closed 263 internet cafes as part of its efforts to 'protect the physical and mental health of young people' using the web (Times of India, 2012).

Title: Lloyds Head Of Security For Online Banking Admits £2.5M Fraud
August 7, 2012
Computer World

A former head of fraud and security for digital banking at Lloyds Bank has admitted to committing £2.5 million fraud.

Jessica Harper, 50, was accused of filing false invoices to claim payments for more than three years, between September 2008 and December 2011.

Earlier this year, she was charged with one count of fraud by abuse of position for the false claims, which amounted to £2,463,750 in total. She has pleaded guilty of this charge at Southwark Crown Court, according to the BBC.

According to her lawyer Carol Hawley, Harper is currently selling her £700,000 home to repay some of the stolen money.

Harper will be sentenced on 21 September (Computer World, 2012).

Dallas “Anonymous Hacktivist” Believed To Be In Custody
Date: September 14, 2012

Abstract: A Dallas man is believed to be in federal custody after allegedly threatening an FBI agent on the internet.

That person, Barrett Brown is also a sometime spokesman for the “hacktivist” group called “Anonymous.”

In a recent YouTube posting railing against the FBI and the Zetas drug cartel, Brown said of federal agents, “And I will shoot all of them and kill them if they come and do anything because they are engaged in a criminal conspiracy.”

According to D-Magazine publisher Tim Rogers, Brown’s online rant was triggered when he felt the FBI was targeting his mother when agents recently searched both Brown’s home and his mother’s.

“And so he posted a video online where he threatened one agent in particular, threatened to look into his children,” Rogers said.

On the YouTube posting Brown is heard to say, “When I say his [the agent’s] life is over, I don’t say I’m going to kill him; but I’m going to ruin his life and look into his [expletive deleted] kids.”

Brown is a published author who’s written for national magazines, as well as Dallas’ D-Magazine.

Rogers did an award-winning profile on the author when Brown emerged as an occasional spokesman for the loosely organized computer hacking group known as Anonymous.

Much like Wikileaks, Anonymous hacks and posts government and corporate secrets…but it has also identified members of dangerous Mexican drug cartels; so Anonymous members fear reprisals.

The “hactivist” group has become such a force, that only this year, Time Magazine named Anonymous as one of the most influential groups of people in the world.

Brown was actually online in his Uptown apartment chatting with other individuals when the FBI came to arrest him. An unidentified woman was on his webcam when agents came in and while she shut the lid on her laptop the scuffle could still be heard.

“Get your head down,” people presumed to be agents are heard shouting at one point. Rogers observes, “You can hear the audio, and it’s hard to understand what’s happening but clearly they were wrestling him to the ground and a lot of swearing.”

Brown was held briefly in the Dallas County Jail then transferred into federal custody. E-mails and phone calls to the U.S. Attorney and Brown’s lawyer have so far gone unanswered. The FBI isn’t commenting.

Rogers believes deep down that Brown is trying to do good things. “I think Barrett’s heart is in the right place, he really is trying to make a difference, bring attention to how our government operates and how it operates with large corporations, but he’s also a troublemaker…. in many ways I think he’s kind of a sweetheart who wants to have friends online and sometimes he takes things too far. And he took things too far this time.”

Rogers added, “I think he’s a good guy who made a really big mistake that he’s going to pay for.”

Brown’s attorney reportedly said he expects his client to be charged with making threats to a federal agent (CBS DFW, 2012).

Title: RSA: Cybercriminals Plot Massive Banking Trojan Atack
October 8, 2012
Computer World

An international gang of cyber crooks is plotting a major campaign to steal money from the online accounts of thousands of consumers at 30 or more major US banks, security firm RSA warned.

In an advisory Thursday, RSA said it has information suggesting the gang plans to unleash a little-known Trojan program to infiltrate computers belonging to US banking customers and to use the hijacked machines to initiate fraudulent wire transfers from their accounts.

If successful, the effort could turn out to be one of the largest organized banking-Trojan operations to date, Mor Ahuvia, cybercrime communications specialist with RSA's FraudAction team, said today. The gang is now recruiting about 100 botmasters, each of whom would be responsible for carrying out Trojan attacks against US banking customers in return for a share of the loot, she said.

Each botmaster will be backed by an "investor" who will provide money to buy the hardware and software needed for the attacks, Ahuvia said.

"This is the first time we are seeing a financially motivated cyber crime operation being orchestrated at this scale," Ahivia said. "We have seen DDoS attacks and hacking before. But we have never seen it being organized at this scale."

RSA's warning comes at a time when US banks are already on high alert. Over the past two weeks, the online operations of several major banks, including JP Morgan Chase, Bank of America, Citigroup and Wells Fargo were disrupted by what appeared to be coordinated denial-of-service attacks.

A little-known group called "Cyber fighters of Izz ad-din Al qassam" claimed credit for the attacks, but some security experts think a nation may have been behind the campaign because of the scale and organized nature of the attacks.

In mid-September, the Financial Services Information Sharing and Analysis Center (FS-ISAC) warned banks to be on guard against cyberattackers seeking to steal employee network login credentials to conduct extensive wire transfer fraud. Specifically, the alert warned banks to watch out for hackers using spam, phishing emails, Remote Access Trojans and keystroke loggers to try and pry loose bank employee usernames and passwords.

FS-ISAC also noted that the FBI had seen a new trend where cyber criminals use stolen bank employee credentials to transfer hundreds of thousands of dollars from customer accounts to overseas locations.

Over the past few years, cyber crooks have siphoned off millions of dollars from small businesses, school districts and local governments by stealing online usernames and passwords and using those credentials to make the transfers.

The latest discussion suggests that they now have individual consumer accounts in their crosshairs, Ahuvia said, warning that the gang plans to attempt to infiltrate computers in the US with a little known Trojan malware program called Gozi Prinimalka.

The malware is an updated version of a much older banking Trojan, Gozi, which was used by cyber criminals to steal millions of dollars from US banks. The group's plan apparently is to plant the Trojan program on numerous websites and to infect computers when users visit those sites.

The Trojan is triggered when the user of an infected computer types out certain words -- such as the name of a specific bank -- into a URL string.

Unlike the original Gozi, the new version is capable not only of communicating with a central command-and-control server but also of duplicating the victim's PC settings. The Trojan essentially supports a virtual machine cloning feature that can duplicate the infected PC's screen resolutions, cookies, time zone, browser type and version and other settings. That allow the attacker to access a victim's bank website using a computer that appears to have the infected PC's real IP address and other settings, Ahuvia said.

"Impersonated victims' accounts will thus be accessed via a SOCKS proxy connection installed on their infected PCs, enabling the cloned virtual system to take on the genuine IP address when accessing the bank's website," she said in her alert.

Victims of fraudulent wire transfers will not immediately know of the theft because the gang plans on using VoIP flooding software to prevent victims from getting bank notifications on their mobile devices, she added.

Consumers need to ensure that their browsers are properly updated to protect against drive by downloads, she said. They also need to watch for any suspicious behavior or transactions on their accounts.

RSA has also notified US law enforcement and its own FraudAction Global Blocking Network about the threat, she said. Banks, meanwhile, should consider implementing stronger authentication procedures and anomaly detection tools for spotting unusual wire transfers (Computer World, 2012).

Title: ‘Terrorist Organization’? Turkish Hackers Face Quarter-Century Prison Terms
October 10, 2012

Members of the RedHack group are facing up to 24 years in prison after prosecutors qualified their activity as aiding “an armed terrorist organization.” The defense claims the allegations are part of state policy of targeting the opposition.

­Turkish hacker group RedHack is being held responsible for taking down the central Turkish police website in February, while simultaneously attacking 350 additional police websites across the country. The hackers are also suspected of various other illegal online activities including attacks on government agencies and leaking sensitive information from the interior and justice ministries.

In July, the group leaked the identities of some foreign diplomatic personnel working in Turkey. Following the incident, the prosecutor requested that the group be listed as a terrorist organization.

The group has denied the allegations via social networking websites, saying 10 people, including three university students currently being tried, have no ties with the group and that the allegations of terrorism are simply part of Ankara's policy against all of its opponents in the country.

“We just demand freedom and unlimited information. That’s why they call us terrorists. Those ten people have no ties with us;  they are only innocent people who shared the news [online] about us,” a RedHack member told the Hürriyet Daily.

A tweet from the organization also read, “even if we had broken in and destroyed their computers with an axe, they wouldn’t ask for such punishment,” and added, “They are trying to intimidate.”

RedHack is a political, left-wing, online alliance founded in 1997 that uses "defacement hacking" to "raise awareness of the poor against the elite that tries to strip our rights and freedoms," the group claims on its website.

Their aim is to attack and delete all files from sites that "belong to fascists, individuals that are the enemies of the people, government, legal parties" and so on.

As such, it has been linked by the government to other alleged extremist organizations such as the Revolutionary People’s Liberation Party/Front (DHKP/C) and the outlawed Kurdistan Workers’ Party (PKK).

“It has been determined that [RedHack] has lent support to Marxist, Leninist, Maoist, leftist and separatist terrorist organizations,” the official indictment read. “Hence, even though they are not members of those terrorist organizations, RedHack members can be considered to have perpetrated crimes in the name of those organizations.”

Some lawyers believe that the eight- to twenty-four-year prison sentences demanded by the prosecution do have a legal basis.

“When political hacking attacks were taken into account under Turkey’s present anti-terror laws, there was no doubt that suspects could receive long prison terms,” lawyer Yavuz Mavioğlu told the Daily News.
Others say that the indictment linking RedHack to armed organizations makes no sense.

“When none of the protests involve arms, the indictment’s plea for imprisonment is nonsensical,“ Yusuf Güzel, one of the lawyers from the RedHack, trial told YurtTR. 

The trial, which is scheduled for November 26, has also sparked a fierce debate in the country, especially as three of the defendants have already been held in custody for seven months. A politician from the main opposition Republican People's Party has accused the government of building an empire of fear, and asserted that the entire operation was a sham set up to “recover, over a couple of youngsters, the damage done to the public opinion after the police hacking” (RT, 2012).

Title: Pentagon Hacker McKinnon Wins 10-Year Extradition Battle
October 16, 2012

Accused British hacker Gary McKinnon has won his 10-year battle to resist extradition to the U.S. on charges that he hacked Pentagon computers in the U.S.

U.K. Home Secretary Theresa May announced on Tuesday that her office would block the U.S. extradition request on human rights grounds, since McKinnon, 46, was at high risk of suicide were he to be sent to the U.S. to face trial.

“I have concluded that Mr. McKinnon’s extradition would give rise to such a high risk of him ending his life, that the decision to extradite would be incompatible with Mr. McKinnon’s human rights,” May said.

It marks the first time that the U.K. has blocked an extradition request since signing a treaty with the U.S. in 2003, according to the Guardian.

McKinnon, who was dubbed the “biggest military computer hack of all time” by U.S. authorities, has admitted to accessing U.S. government computers more than a decade ago, but claims he did so only to find proof of a military coverup regarding the existence of UFO’s.

McKinnon has been accused of hacking into more than 90 unclassified Pentagon and NASA systems in 2001 and 2002, causing some of them to crash. Authorities say his actions led to $900,000 in damages.

McKinnon allegedly left a message on one Army computer he breached in 2002, saying, “U.S. foreign policy is akin to government-sponsored terrorism these day…. It was not a mistake that there was a huge security stand down on September 11 last year…. I am SOLO. I will continue to disrupt at the highest levels.”

McKinnon was facing a sentence of between six months and six-and-a-half years in prison under federal sentencing guidelines, but in 2003, he rejected a plea offer that would have had him serving a prison sentence in the U.S. of just six to 12 months at a low-security facility, followed by a transfer back to the U.K. for a six-month parole.

He fought extradition in part by insisting that the U.S. planned to ship him off to Guantanamo Bay, and has spent a decade – nine years more than he would have spent in prison had he accepted the plea deal – keeping the case alive in the U.K. media.

McKinnon and his supporters argued that he should be tried in the U.K., since that was the location from which he allegedly committed his crimes.

McKinnon lost previous appeals in the High Court, the House of Lords and European Court of Human Rights. But two years ago a High Court judge ruled that McKinnon, who suffers from Asperger’s syndrome and depression, could be at risk of suicide if he were extradited to the U.S., which led the Home Office to conduct a psychiatric investigation. Psychiatric examiners concurred that McKinnon was at risk of suicide if extradited.

McKinnon’s case has shone a spotlight on the U.S.-U.K. extradition treaty, which U.K. critics say make it too easy for U.S. authorities to extradite U.K. citizens. May announced on Tuesday that she would introduce a so-called “forum bar” to determine if a British court should be given the power to bar prosecutions overseas if it believes the accused would get a more fair trial in the U.K. (Wired, 2012).

Title: Oregon Student Pleads Guilty To Hacking School District System
November 16, 2012
Fox News

A psychiatric evaluation has been ordered for a 16-year-old North Eugene High School who pleaded guilty of hacking into his school district's computer system and then posting the confidential information of hundreds of students on a webpage.

The Eugene Register-Guard reports that the student pleaded guilty Thursday to a felony computer crime for June hacking event.

A second computer crime count against the student was dismissed under a plea deal, which requires the student to show school officials and Eugene police "what he did and how he did it."

Soon after posting the data on June 9, the boy sent taunting messages to Eugene schools Superintendent Sheldon Berman, to the district's then-technology director and to its network security specialist, directing them to the webpage of an unsuspecting student (Fox News, 2012).

Title: 'Red October' Cyberspies Sucked Data From Governments Worldwide, Researchers Say
Date: January 14, 2013
Fox News

Abstract: A group of Russian-speaking coders built a sophisticated spy network that has been sucking data from governments, embassies, and aerospace and research institutions around the world, researchers say -- and the five-year-old campaign is still actively siphoning info from the U.S. and Western Europe.

“We estimate the total amount of exfiltrated data to be in the petabytes,” Roel Schouwenberg, a senior researcher with Kaspersky Lab, told

A petabyte is 1 million gigabytes, the data equivalent of hundreds of academic research libraries.

'These guys knew very much what they were after.'

- Roel Schouwenberg, a senior researcher with Kaspersky Lab

Kaspersky released a research report on Monday identifying Operation “Red October,” said the group had written its own highly sophisticated malware, dubbed “Rocra.”

“It’s very, very well executed -- a truly sophisticated attack,” Schouwenberg said. Rocra’s unique, modular architecture is comprised of more than 30 pieces of malware -- malicious extensions, info-stealing modules and backdoor Trojans, he explained.

“This is custom-created malware with novel ideas on how to pull Internet responders, how to get access, and how to regain access to machines that have been cleaned off of malware -- which is really a very interesting approach,” he said.

One part of the spyware even targets classified software most of the world has never heard of: a classified government application used to encrypt sensitive communications. Schouwenberg said Rocra was “Hoovering" up anything it could get its hands on: credentials, passwords, office documents, archives, data from Internet phones and more.

It was even seeking out file types his group had never heard of before.

“These file types belong to a piece of software that’s classified, used by the European parliament and NATO. There’s very little information about it on the Internet,” Schouwenberg told “These guys knew very much what they were after.”

Kaspersky Labs said it couldn’t concretely identify which nation state was responsible for the spy network. Rocra uses code similar to that used by Chinese hackers, Schouwenberg noted, but the malware has Russian references as well, slang words, and so on.

“We are really quite confident that the attackers behind this were Russian-speaking, but we have no idea about their geographic location -- whether they’re in the Ukraine, or Brooklyn, New York,” he told

His company’s software has blocked this type of attack generically for a long time, he said, and they specific fix ha

s been shared with other security researchers.

The five-year-old spy network, while far more advanced than the average attack one sees on a daily basis from China, is highly advanced, he said.

“One can only imagine the sophistication of the stuff that’s being developed now by nation states” (Fox News, 2013).

Title: Matthew Keys 'Fine' After Indictment On Hacking Charges
Date: March 15, 2013
LA Times

Abstract: Matthew Keys, the Thomson Reuters deputy social media editor indicted Thursday for allegedly conspiring with members of the hacking group “Anonymous” to infiltrate a Tribune site, reassured friends on Twitter that he is "fine."

He said that it would "business as usual" on Friday. But Reuters quoted a company employee as saying the computer in Keys' New York office was "dismantled" Thursday and his security pass deactivated.

Keys, 26, was charged with three hacking-related counts and faces up to 10 years in prison if convicted in the December 2010 incident. The hack appeared on a news story on the website of the Los Angeles Times, which is also owned by Tribune.

Prosecutors alleged that Keys conspired with Anonymous members to access the company's servers "for the purpose of learning how to alter and damage it."

According to federal authorities, Keys provided a username and password for Tribune servers to hackers on an online chat room after he left KTXL FOX 40 in late October of that year. With the information from Keys, prosecutors say, a hacker accessed a news story on The Times' website and changed a headline on a tax-cut related story to read: "Pressure builds in House to elect CHIPPY 1337."

"[T]hat was such a buzz having my edit on the LA Times," the hacker using the screen name "sharpie" wrote to Keys, according to the indictment.

"Nice," Keys, using the screen name "AESCracked," allegedly replied. Keys said he was using a virtual private network "to cover my tracks," according to the indictment.

Keys did not respond to requests for comment. In a post on his Twitter account Thursday afternoon, he said he learned of the indictment through Twitter.

"I am fine," Keys wrote. "Tonight I'm going to take a break. Tomorrow, business as usual."

Prosecutors wrote in the indictment that Tribune spent more than $5,000 responding to the attack and restoring its systems. Authorities are seeking forfeiture of the tools Keys used in committing the alleged offenses, including his MacBook Pro.

Keys also faces a $250,000 fine for each count.

According to the indictment, Keys conspired with hackers via a chat room known as "internetfeds." Keys had written about gaining access to the chat room and communicating with hackers in a blog post for Reuters last year.

Keys said the chat room was a "top-secret" place where "elite hackers assembled."

"If there was a political or economic reason behind their mayhem, so much the better. If not, they did it for kicks," he wrote of the hackers' motivations for their attacks.

He wrote in the post of the hack on The Times' site, without acknowledging any personal involvement.

A spokesman for Reuters noted that Keys joined the company in 2012, more than a year after the alleged conduct. In an e-mailed statement, the spokesman declined further comment, citing ongoing investigations. A Times spokeswoman also declined comment.

Computer security experts said the breach was minor and may have drawn authorities' attention because of Anonymous' notoriety. "It's a trivial breach, it's not highly technical," said Philip Lieberman, president of L.A.-based security firm Lieberman Software.

Jay Leiderman, a Ventura-based criminal defense attorney who has represented hackers, including members of Anonymous, said Keys may have simply been "low-hanging fruit" that prosecutors could easily go after.

"It was a prank. It really could have been handled civilly through a lawsuit," he said (LA Times, 2013).

Title: Anonymous Hacker Jeremy Hammond Pleads Guilty To Stratfor Breach
Date: May 28, 2013

Abstract: Hacker and activist Jeremy Hammond pleaded guilty Tuesday morning in a New York courtroom to violating the Computer Fraud and Abuse Act as a member of the Internet collective known as Anonymous.

Hammond, 28, was arrested last March and charged with hacking into the computers of Strategic Forecasting Inc., or Stratfor — a global intelligence company based out of Austin, Texas. He has been held in jail for nearly 15 months since being apprehended and faced a potential life sentence if convicted by a jury. After spending more than a year behind bars — with weeks spent in solitary confinement — Hammond pleaded guilty early Tuesday for his role in the Stratfor hack as well as eight other computer network intrusions.

"I took and disseminated information in a way I knew was against the law,” Hammond told the court, according to tweets sent by eyewitness Nicky Ocean. 

Hammond is now slated to be sentenced on September 6 and faces no more than 10 years in prison.

When Anonymous successfully infiltrated the networks of Stratfor in 2011 as part of “Operation AntiSec” the group uncovered a trove of personal emails between the company’s executives in which a number of
shadowy operations were revealed, including evidence of Stratfor being contracted by corporations and government entities alike to surveil political protestors and activists, including members of People for the Ethical Treatment of Animals (PETA) and Occupy Wall Street.

Corporate-government surveillance is one of the most rapidly expanding threats to civil liberties
” Abi Hassen, mass defense coordinator for the National Lawyers Guild, said in a statement Tuesday. “The Stratfor leak is a glimpse into a secret world of corporate spying that is incompatible with this country’s democratic values.”

Anonymous would go on to release personal information pertaining to thousands of subscribers of Stratfor’s consulting service on Christmas 2011, and the following year whistleblower website WikiLeaks began publishing the executive’s emails as part of the “Global Intelligence Files.” When WikiLeaks began publishing the correspondence last February, the website described Stratfor as “a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations.”

The emails,” wrote WikiLeaks “expose the revolving door that operates in private intelligence companies in the United States. Government and diplomatic sources from around the world give Stratfor advance knowledge of global politics and events in exchange for money. The Global Intelligence Files exposes how Stratfor has recruited a global network of informants who are paid via Swiss banks accounts and pre-paid credit cards. Stratfor has a mix of covert and overt informants, which includes government employees, embassy staff and journalists around the world.” 

In a statement penned by Hammond and released by his Defense Committee after the plea was made, the hacktivist explained that he opted to make a plea in lieu of letting his case go to trial to avoid complicating his legal woes even further.

If I had won this trial I would likely have been shipped across the country to face new but similar charges in a different district. The process might have repeated indefinitely,” he wrote. “Ultimately I decided that the most practical route was to accept this plea with a maximum of a ten year sentence and immunity from prosecution in every federal court.”

In addition to pleading guilty for the Stratfor hack, Hammond said he also took the blame for compromising the computers of military and police equipment suppliers, information security firms and law enforcement agencies.

I did this because I believe people have a right to know what governments and corporations are doing behind closed doors,” Hammond wrote. “I did what I believe is right.”

According to Twitter user @subverzo, who was in attendance during Tuesday’s hearing, one of those other eight hacks involved the compromising of Combined Tactical Systems, a Pennsylvania-based munitions manufacturer that has exported weapons to repressive regimes across the Middle East. In 2011, Amnesty International said the company shipped roughly 46 tons of ammunition to Egyptian security forces, including “chemical irritants and riot control agents such as tear gas.” 

In the indictment filed against Hammond in March 2012, he was accused of also participating in hacks that targeted the California Statewide Law Enforcement Association, as well as computer servers used by various New York State police chiefs. 

California police have a notorious history of brutality and therefore have been on our hit list for a good minute now," Anonymous members wrote after the January 2012 hack of CSLEA. In response, CSLEA President Alan Barcelona called Anonymous “criminal terrorists.”

Before taking up arms with Anonymous, Hammond spoke at the 2004 DefCon hacker convention in Las Vegas to discuss electronic civil disobedience. When someone in the crowd had words for Hammond similar to what Barcelona would say eight years later, a then-19-year-old hacktivist said, "One man's freedom fighter is another man's terrorist."

Elsewhere in his statement released this week, Hammond wrote, “I believe in the power of the truth
and explained that by pleading guilty he is once and for all able to discuss his crimes — which, as suggested by the testimony published on his behalf on Tuesday, he still stands by.

This non-cooperating plea agreement frees me to tell the world what I did and why, without exposing any tactics or information to the government and without jeopardizing the lives and well-being of other activists on and offline,” Hammond wrote.

Previously, Hammond
wrote his supporters from prison to urge for reform of the Computer Fraud and Abuse Act, the law used to target information activist Aaron Swartz, security researcher Andrew Auernheimer and others.

The sheer number of everyday computer users who could be considered criminals under these broad and ambiguous definitions enables the politically motivated prosecution of anyone who voices dissent. The CFAA should be found unconstitutional under the void-for-vagueness doctrine of the due process clause. Instead, Congress proposed bills last year which would double the statutory maximum sentences and introduce mandatory minimum sentences, similar to the excessive sentences imposed in drug cases which have been widely opposed by many federal and state judges,” Hammond wrote in February.

Although Swartz took his own life before his CFAA trial came to a head, Auernheimer was sentenced to 41 months in prison earlier this year. Under his plea deal, Hammond faces roughly triple that.

Jason Hammond, Jeremy’s twin brother, said in a statement that his sibling “has taken responsibility for what he’s done, but he should not face such a harsh sentence for an act of protest from which he did not personally benefit.”

I’m glad he’s moved one step closer to freedom but today I’m asking for the judge to consider a sentence appropriate to what is nothing other than a non-violent political protest,” he said.

Hammond was arrested on March 5, 2012 as part of an international raid that targeted alleged members of Anonymous and the hacker offshoot LulzSec. After arrests were made, it was
revealed that the alleged “ringleader” of LulzSec, a hacker using the alias Sabu, had been feeding information about the groups’ activities to the Federal Bureau of Investigation. Sabu has been identified as Hector Xavier Monsegur, a single father from New York, who as recently as this year was still cooperating with the FBI.

Earlier this month, Britain residents Ryan Cleary, Jake Davis, Mustafa al-Bassam and Ryan Ackroyd were
sentenced for a handful of crimes conducted under the umbrella of LulzSec. None of their sentences
exceeded 32 months. Barrett Brown of Dallas, Texas is expected to stand trial starting this
September for a number of charges, including one relating to the release of Stratfor subscribers’ credit card numbers. He faces a maximum of 100 years in prison (RT, 2013).

Title: Pirate Bay Founder Sentenced To 2 Years In Sweden Hacking Case
Date: June 20, 2013

Abstract: A co-founder of file-sharing website Pirate Bay was sentenced to two years in jail on Thursday for hacking into
computers at a company that manages data for Swedish authorities and making illegal online money transfers, a court said.

Gottfrid Svartholm Warg was extradited to Sweden last year from Cambodia to begin a one-year jail sentence after being convicted in 2009 of internet piracy. He was then charged by authorities as part of the separate hacking investigation.

"The hacking has been very extensive and technically advanced," the Nacka district court said in a statement. "The attacker has affected very sensitive systems."

He had denied the charges.

Prosecution documents say Warg, a 28-year-old Swede, managed to transfer 24,200 Danish crowns ($4,300) online, but also attempted, in several different transactions, to transfer a total of around 683,000 euros ($915,500).

The investigation was into data infringement involving outsourcing firm Logica.

Swedish authorities have said the hackers gained access to information on several people with protected identities.

In the 2009 trial, a court in Sweden - where The Pirate Bay was founded in 2003 - fined and sentenced to jail Warg and two co-founders then behind the site for breaching copyright in a case brought by firms including Sony Universal Music and EMI.

Swedish prosecutors in May launched a new attempt to close down Pirate Bay, which provides links to music and movie files stored on other users' computers.

The site is now run by an unknown group and uses a domain name registered in Sint Maarten, a Dutch territory in the Caribbean.

($1 = 5.5648 Danish crowns) ($1 = 0.7461 euros) (Reuters, 2013).