Tag Archives: catching hackers world wide

FBI probes ‘mr.grey’ and 1.2 billion stolen web credentials

hacker image on dark screen www.intelagencies.com

That hacker was identified based on data from a cybersecurity firm. Photo: Rob Young

A hacker who once advertised having access to user account information for websites like Facebook and Twitter has been linked through a Russian email address to the theft of a record 1.2 billion internet credentials, the FBI said in court documents.

That hacker, known as “mr.grey”, was identified based on data from a cybersecurity firm that announced in August 2014 that it had determined an alleged Russian crime ring was responsible for stealing information from more than 420,000 websites, the documents said.

The papers, made public last week by a federal court in Wisconsin in the US, provide a window into the Federal Bureau of Investigation’s probe of what would amount to the largest collection of stolen user names and passwords.

The court papers were filed in support of a search warrant the FBI sought in December 2014 and that was executed a month later related to email records

The FBI investigation was prompted by last year’s announcement by Milwaukee-based cybersecurity firm Hold Security that it obtained information that a Russian hacker group it dubbed CyberVor had stolen the 1.2 billion credentials and more than 500 million email addresses.

The FBI subsequently found lists of domain names and utilities that investigators believe were used to send spam, the documents said.

The FBI also discovered an email address registered in 2010 contained in the spam utilities for a “mistergrey”, documents show.

A search of Russian hacking forums by the FBI found posts by a “mr.grey”, who in November 2011 wrote that if anyone wanted account information for users of Facebook, Twitter and Russian-based social network VK, he could locate the records.

Alex Holden, Hold Security’s chief information security officer, said this message indicated mr.grey likely operated or had access to a database that amassed stolen data from computers via malware and viruses.

Facebook and Twitter declined comment. The FBI declined to comment, and US Justice Department had no immediate comment.

The probe appears to be distinct from another investigation linked to Hold Security’s reported discovery that 420,000 websites, including one for a JPMorgan Chase & Co corporate event, were targeted by the Russian hackers.

In a case spilling out of the discovery of the JPMorgan breach, US prosecutors this month charged three men with engaging in a cyber criminal enterprise that stole personal information from more than 100 million people.

Prosecutors accused two Israelis, Gery Shalon and Ziv Orenstein, and one American, Joshua Samuel Aaron, of being involved in a variety of schemes fueled by hacking JPMorgan and 11 other companies.

An indictment in Atlanta federal court against Shalon and Aaron names as a defendant an unidentified hacker believed to be in Russia.

Reuters

OOO

Henry Sapiecha

U.S. charges three in huge cyberfraud targeting JPMorgan, others

U.S. prosecutors on Tuesday unveiled criminal charges against three men accused of running a sprawling computer hacking and fraud scheme that included a huge attack against JPMorgan Chase & Co and generated hundreds of millions of dollars of illegal profit.

Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein, all from Israel, were charged in a 23-count indictment with alleged crimes targeting 12 companies, including nine financial services companies and media outlets including The Wall Street Journal.

Prosecutors said the enterprise dated from 2007, and caused the exposure of personal information belonging to more than 100 million people.

“By any measure, the data breaches at these firms were breathtaking in scope and in size,” and signal a “brave new world of hacking for profit,” U.S. Attorney Preet Bharara said at a press conference in Manhattan.

The alleged enterprise included pumping up stock prices, online casinos, payment processing for criminals, an illegal bitcoin exchange, and the laundering of money through at least 75 shell companies and accounts around the world.

Tuesday’s charges expand a case first announced in July, and according to U.S. Attorney General Loretta Lynch target “one of the largest thefts of financial-related data in history.”

The charges are also the first tied to the JPMorgan attack, which prosecutors said involved the stealing of records belonging to more than 83 million customers, the largest theft of customer data from a U.S. financial institution.

Authorities said Shalon and Aaron executed that hacking, using a computer server in Egypt that they had rented under an alias that Shalon often used.

E*TRADE, TD AMERITRADE, NEWS CORP

A separate indictment unveiled in Atlanta against Shalon, Aaron and an unnamed defendant said the brokerages E*Trade Financial Corp and Scotttrade Inc were also targets, and personal information of more than 10 million customers was compromised.

TD Ameritrade Holding Corp and News Corp’s Dow Jones unit, which publishes The Wall Street Journal, said they were also targets. Fidelity Investments was also a target, a person familiar with the matter said.

 

Other targets could not be immediately verified.

Shalon, 31, of Savyon, Israel, and Orenstein, 40, of Bat Hefer, Israel, were arrested in July. Aaron, 31, a U.S. citizen who lives in Moscow and Tel Aviv, remains at large and is the subject of an FBI “wanted” poster.

Another defendant, Anthony Murgio, 31, of Tampa, Florida, was charged separately over the bitcoin exchange, Coin.mx. He was originally charged in July, and faces an arraignment on Friday. A co-defendant in that case, Yuri Lebedev, is in “discussions” with prosecutors, Bharara said.

Lawyers for the defendants were not immediately available for comment.

JPMorgan on Tuesday confirmed that the latest charges relate to the 2014 attack, and said it continues to cooperate with law enforcement efforts to fight cybercrime.

It also said that only contact information such as names, addresses and emails was accessed, and that account information, passwords or Social Security numbers were not compromised.

ooo

Henry Sapiecha