Security News

A former affiliate of the Netwalker ransomware has been sentenced to 20 years in prison in the U.S., a little over three months after the Canadian national pleaded guilty to his role in the crimes. Sebastien Vachon-Desjardins, 35, has also been ordered to forfeit $21,500,000 that was illicitly obtained from dozens of victims globally, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities.

Former Netwalker ransomware affiliate Sebastien Vachon-Desjardins has been sentenced to 20 years in prison and demanded to forfeit $21.5 million for his attacks on a Tampa company and other entities.Vachon-Desjardins, a 34 Canadian man extradited from Quebec, was sentenced today in a Florida court after pleading guilty to 'Conspiracy to commit Computer Fraud', 'Conspiracy to Commit Wire Fraud', 'Intentional Damage to Protected Computer,' and 'Transmitting a Demand in Relation to Damaging a Protected Computer.

In this case, we're referring to Elvis Eghosa Ogiekpolor, jailed for 25 years in Atlanta, Georgia for running a cybercrime group that scammed close to $10,000,000 in uunder two years from individuals and business caught up in so-called romance and BEC scams. BEC is short for business email compromise, an umbrella term for a form of online scam in which the attackers acquire login access to email accounts inside a company, so that the fraudulent emails they send don't just seem to come from the company they're attacking, but actually do come from there.

Seems it’s now common to sneak contraband into prisons with a drone.

Armed with bombs, Rocket Propelled Grenade and General Purpose Machine Guns, the attackers, who arrived at about 10:05 p.m. local time, gained access through the back of the prison, using dynamites to destroy the heavily fortified facility, freeing 600 out of the prison's 994 inmates, according to the country's defense minister, Bashir Magashi. What's interesting to me is how the defenders got the threat model wrong.

A California man who hacked thousands of Apple iCloud accounts was sentenced to 8 years in prison after pleading guilty to conspiracy and computer fraud in October 2021. Starting from as early as September 2014, 41-year-old Hao Kuo Chi from La Puente, California, started marketing himself as "Icloudripper4you," someone capable of breaching iCloud accounts and stealing anything contained in the linked iCloud storage.

A 33-year-old Illinois man has been sentenced to two years in prison for running websites that paying customers used to launch more than 200,000 distributed denial-of-services attacks. Gatrel, was convicted of owning and operating two websites - DownThem.org and AmpNode.com - that sold DDoS attacks.

An Illinois man was sentenced to two years in prison for operating a distributed denial of service platform that allowed threat actors to conduct over 200,000 attacks. The sentenced man, Matthew Gatrel, 33, had created and operated the websites "Downthem.org" and "Ampnode.com." The former sold subscriptions to a powerful DDoS arsenal, and the latter was a bulletproof hosting service that also aided customers in launching their own DDoS attacks.

Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage giant, has been sentenced to 7 years in prison for logging into corporate systems and deleting the company's data. Bing allegedly performed the act in June 2018, when he used his administrative privileges and "Root" account to access the company's financial system and delete all stored data from two database servers and two application servers.

Quite literally, the problem scales linearly, so that if it would take you 100 years to crack 1,000,000 passwords on your own computer, then it would take only one year using 100 computers; just over a month with 1000; and under an hour if you had 1,000,000 computers at your disposal. If we assume that many, if not most, of Tolpintsev's illegally-acquired passwords were cracked from password databases stolen from various cloud services, then it's reasonable to assume that many of the new passwords added to his online catalogue each week came from a randomly chosen pool of users.