We are continuously watching how law enforcement agencies around the world fight cybercrime. With help from the IT industry and experience gained over the years, these agencies have been able to put attackers behind bars, and swiftly, as individuals of some recent attacks have already been jailed.
A wide scale, dramatic Hollywood scheme was recently used to steal over $45 million from ATMs around the world. In the first stage, attackers compromised the processing center of a few Middle Eastern banks and lifted limits on debit cards’ cash withdrawal. Using a small army of mercenaries and self-made copies of debit cards they took cash from ATMs in 27 countries, including Canada, Japan, Russia and the United States. Seven gang members were arrested in the USA, but their ringleader ran off to Dominican Republic where he was later found dead.
Don’t mess with eBay
Up to 20 years of jail – that’s the potential sentence for Shawn Hogan who has been committing affiliate program fraud for many years. eBay offers a program, like most online shops, that allows website owners to earn money if their visitors buy something via eBay. Hogan used a cookie-stuffing trick with WhoLinked, a popular widget amongst blog owners, which made each visitor of any blog also using it to appear to be a client of Hogan’s on eBay. Having earned almost $30 million in last 13 years, Hogan became the biggest eBay partner, but his suspicious activities were investigated by eBay and the FBI, and soon after he was arrested.
Anonymous doesn’t mean unpunished
Italian police arrested four attackers who were supposedly connected to the hacktivist movement, Anonymous. This group proclaimed responsibility for numerous famous attacks of different sites, including those of the Vatican and Italian government, in which site owners infringed upon human rights – at least by the judgment of Anonymous. All four attackers were placed under house arrest for the entirety of the investigation.
Latvian Neo arrested
Another hacktivist was charged and prosecuted three years after his attacks. Ilmar Poykans (also known as Neo) illegally penetrated the State Income Service database and downloaded about 250 documents. He then published data he obtained, which included information regarding work and home addresses and the income of Latvian citizens. Neo has become a local celebrity after publicizing confidential information regarding salaries in state agencies, so we can assume that those stolen documents contain data about high-profile government employees. Latvian legislation contains various punishments for this crime from fine to forced labor.
Got off easy
An attacker allegedly penetrated the PlayStation Network back in 2008 and was sentenced to 1 year of house arrest. This sentence was not for the attack, but for the obstruction of a federal investigation after he smashed all of his computers when the FBI started to investigate his involvement. If his involvement had been proven, he could have been sentenced to 20 years of jail. The attacker, Todd Miller, 23, has said that he was “immature and ignorant” at the time. A judge additionally sentenced Miller to three years probation and mandated he get his high school diploma or equivalent.
Sven Kamphuis, 35, was recently arrested in his apartment near Barcelona under the suspicion of organizing one of the biggest DDoS attacks known, targeting spammers’ blacklist SpamHaus. Kamphuis owns and operates CyberBunker web hosting, which specializes in hosting ambiguous websites like The Pirate Bay and WikiLeaks. To protect itself from attack, SpamHaus hired the provider Cloudflare, which calls this attack the “biggest cyberattack in history,” and claims it “nearly broke the Internet.” Both claims are quite questionable, but no doubt the scale of the attack was large and required law enforcement agencies from four countries to take part in the investigations. Spanish police extradited Kapmhuis to the Netherlands, where he will face the court. Amusingly, Kamphuis calls himself a diplomat belonging to “Telecommunications and Foreign Affairs Ministry of the Republic of Cyberbunker,” and has requested immunity. Of course those claims have had no effect. The positive is that this attack was quite recent and the attacker is already on his way to court.