Cyber Fails: 5 Cyber Sinners Caught Out by Their Own Mistakes
From a self-proclaimed ‘Baron’ to a real-life domain hijacker, not all cyber offenders succeed in maintaining a low profile. We look at some recent offenders who were caught out by their own mistakes.
While we often hear stories of cyber criminals who managed to infiltrate businesses or steal data, not all cyber criminals succeed in having a “successful” criminal career, with many making it easy for the authorities to catch up with them. Several examples of these inept cyber fails have come up in the press in recent months…
The Bitcoin Baron
Dubbed “the internet’s most inept criminal” by the New York Observer, the self-styled “Bitcoin Baron” was recently sentenced to 20 months in prison in the U.S., as well as being ordered to pay $70,000 in restitution.
The Bitcoin Baron, real name Randall Charles Tucker (23), was imprisoned for launching distributed denial of service (DDoS) attacks against the city of Madison, Wisconsin. The DDoS attacks caused delays and outages to various services, including the city’s 911 emergency call center.
Charges were filed against Tucker in August 2016. At that point Tucker had spent two years defacing websites and launching DDoS attacks against various websites. Unlike most cyber crims, Tucker didn’t even try to hide his actions, even announcing upcoming and past attacks on Twitter and in public and private chatrooms.
Due to Tucker’s poor opsec, law enforcement was able to gather a lot of information about his past actions to support the prosecution’s case. Some of Tucker’s carelessness may have been on purpose though, as there are indications he was partly driven by wanting to make a name for himself on the internet.
The grudge
Someone who clearly knows how to hold a grudge is a man called William Stanley. In January 2016, Stanley received a 37-month prison sentence after he pleaded guilty to one count of extortion against a company called Generational Equity (GE), a Texas-based financial services firm off whom he had demanded money on threats of posting and promoting negative reviews of the firm, according to The Register.
The 53-year-old was released to a halfway house after serving half of his sentence but just one month later was accused of targeting the same firm with a negative Yelp review and an SEO-optimized blog page that collected and displayed negative articles about it. He used his real name in the review and alleged he had carried out black-hat SEO work for the targeted firm.
Cops were able to trace the internet traffic for the review and the blog to the halfway house where Stanley was staying. As a result, he was charged with retaliation against a witness, victim, or informant and sentenced to 97 months in prison — almost three times as long as his original sentence. He was also ordered to pay restitution to the affected company of $5.6 million.
Obvious insider
A bit different to the others on this list, and not someone who would fall under the definition of cyber criminal, Sudhakar Reddy Bonthu (44) of Cumming, Georgia, a former Equifax engineer, was recently indicted for insider trading by the SEC.
Bonthu worked for Equifax from September 2003 to March 2018. In August 2017, according to Bleeping Computer, he was asked to work on a project dubbed “Project Sparta”. He was told this was a major project for one of the company’s clients that had suffered a major breach that exposed details of more than 100 million users.
He was tasked with creating an online user interface that would allow users to input information to determine whether or not they had been affected by the breach. To work on this he was given test data and included in mailing lists to exchange information about the secret breach, and he deduced that the impacted firm was Equifax itself.
Using this information, he used his wife’s brokerage account to sell Equifax stock and eventually made more than $75,000, a return of more than 3,500 percent on his initial investment, according to the SEC.
Bonthu has agreed to a permanent injunction and to return his ill-gotten gains, plus interest. If the settlement is approved by a judge, that will terminate the SEC civil charges.
Putting the brute into brute force
A man who broke into an individual’s house and held him up at gunpoint in an attempt to get an internet domain name transferred to him was recently jailed for 20 years. Sherman Hopkins Jr (43) broke into the Cedar Rapids, Iowa, apartment of his victim brandishing a gun and demanded he transfer the ownership of the domain DoItForState.com.
Hopkins pistol whipped and Tasered his victim before the other man got the upper hand and managed to shoot Hopkins several times and call police. Hopkins survived the shooting and subsequently pleaded guilty to one count of interference and attempted interference with commerce by threats and violence.
Default fault
I think this would count as a #OpsecFail. A security researcher was able to take over a command and control (C&C) server of an IoT botnet due to the operator’s poor operational security practices. The MySQL server used to control the Owari botnet had an open port (3306) and used the default credentials of “root” for both the user name and password, according to Newsky Security’s Ankit Anubhav.
Anubhav was able to use the access he gained to observe the inner workings of the botnet. He could view a list of customers who had paid to use the botnet for DDoS attacks, as well as a list of previous attacks carried out.
The irony here is that Owari infects IoT devices by brute forcing credentials and using a list of default user names and passwords. However, unfortunately, Owari will continue to infect IoT devices as Anubhav explained that botnet operators regularly change their C&C related IP addresses to “stay under the radar.”
Check out the Security Response blog and follow Threat Intel on Twitter to keep up-to-date with the latest happenings in the world of threat intelligence and cyber security.
Like this story? Recommend it by hitting the heart button so others on Medium see it, and follow Threat Intel on Medium for more great content.
