Posts Tagged: Zeekill


8
Jul 15

Finnish Decision is Win for Internet Trolls

In a win for Internet trolls and teenage cybercriminals everywhere, a Finnish court has decided not to incarcerate a 17-year-old found guilty of more than 50,000 cybercrimes, including data breaches, payment fraud, operating a huge botnet and calling in bomb threats, among other violations.

Julius "Ryan" Kivimaki.

Julius “Ryan” Kivimaki.

As the Finnish daily Helsingin Sanomat reports, Julius Kivimäki — a.k.a. “Ryan” and “Zeekill” — was given a two-year suspended sentence and ordered to forfeit EUR 6,558.

Kivimaki vaulted into the media spotlight late last year when he claimed affiliation with the Lizard Squad, a group of young hooligans who knocked offline the gaming networks of Microsoft and Sony for most of Christmas Day.

According to the BBC, evidence presented at Kivimaki’s trial showed that he compromised more than 50,000 computer servers by exploiting vulnerabilities in Adobe’s Cold Fusion web application software. Prosecutors also said Kivimaki used stolen credit cards to buy luxury goods and shop vouchers, and participated in a money laundering scheme that he used to fund a trip to Mexico.

Kivimaki allegedly also was involved in calling in multiple fake bomb threats and “swatting” incident — reporting fake hostage situations at an address to prompt a heavily armed police response to that location. DailyDot quotes Blair Strater, a victim of Kivimaki’s swatting and harassment, who expressed disgust at the Finnish ruling.

Speaking with KrebsOnSecurity, Strater called Kivimaki “a dangerous sociopath” who belongs behind bars.

Although it did not factor into his trial, sources close to the Lizard Squad investigation say Kivimaki also was responsible for making an August 2014 bomb threat against former Sony Online Entertainment President John Smedley that grounded an American Airlines plane. That incident was widely reported to have started with a tweet from the Lizard Squad, but Smedley and others say it started with a call from Kivimaki.

In a phone interview, Smedley said he was disappointed that the judicial system in Finland didn’t do more.

“I personally got to listen to a recording of him calling in to American Airlines, and I know it was him because I talked to him myself,” Smedley said. “He’s done all kinds of bad stuff to me, including putting all of my information out on the Internet. He even attempted to use my credit numerous times. The harassment literally just did not stop.”

In an online interview with KrebsOnSecurity, Kivimaki denied involvement with the American Airlines incident, and said he was not surprised by the leniency shown by the court in his trial.

“During the trial it became apparent that nobody suffered significant (if any) damages because of the alleged hacks,” he said.

The danger in a decision such as this is that it emboldens young malicious hackers by reinforcing the already popular notion that there are no consequences for cybercrimes committed by individuals under the age of 18.

Case in point: Kivimaki is now crowing about the sentence; He’s changed the description on his Twitter profile to “Untouchable hacker god.” The Twitter account for the Lizard Squad tweeted the news of Kivimaki’s non-sentencing triumphantly: “All the people that said we would rot in prison don’t want to comprehend what we’ve been saying since the beginning, we have free passes.” Continue reading →


27
Jun 15

A Busy Week for Ne’er-Do-Well News

We often hear about the impact of cybercrime, but too seldom do we read about the successes that law enforcement officials have in apprehending those responsible and bringing them to justice. Last week was an especially busy time for cybercrime justice, with authorities across the globe bringing arrests, prosecutions and some cases stiff sentences in connection with a broad range of cyber crimes, including ATM and bank account cashouts, malware distribution and “swatting” attacks.

Ercan Findikoglu, posing with piles of cash.

Ercan Findikoglu, posing with piles of cash.

Prosecutors in New York had a big week. Appearing in the U.S. court system for the first time last week was Ercan “Segate” Findikoglu, a 33-year-old Turkish man who investigators say was the mastermind behind a series of Oceans 11-type ATM heists between 2011 and 2013 that netted thieves more than $55 million.

According to prosecutors, Findikoglu organized the so-called “ATM cashouts” by hacking into networks of several credit and debit card payment processors. With each processor, the intruders were able to simultaneously lift the daily withdrawal limits on numerous prepaid accounts and dramatically increase the account balances on those cards to allow ATM withdrawals far in excess of the legitimate card balances.

The cards were then cloned and sent to dozens of co-conspirators around the globe, who used the cards at ATMs to withdraw millions in cash in the span of just a few hours. Investigators say these attacks are known in the cybercrime underground as “unlimited operations” because the manipulation of withdrawal limits lets the crooks steal literally unlimited amounts of cash until the operation is shut down.

Two of the attacks attributed to Findikoglu and his alleged associates were first reported on this blog, including a February 2011 attack against Fidelity National Information Services (FIS), and a $5 million heist in late 2012 involving a card network in India. The most brazen and lucrative heist, a nearly $40 million cashout against the Bank of Muscat in Oman, was covered in a May 2013 New York Times piece, which concludes with a vignette about the violent murder of alleged accomplice in the scheme.

Also in New York, a Manhattan federal judge sentenced the co-creator of the “Blackshades” Trojan to nearly five years in prison after pleading guilty to helping hundreds of people use and spread the malware. Twenty-five year old Swedish national Alexander Yucel was ordered to forfeit $200,000 and relinquish all of the computer equipment he used in commission of his crimes.

As detailed in this May 2014 piece, Blackshades Users Had It Coming, the malware was sophisticated but marketed mainly on English language cybecrime forums to young men who probably would have a hard time hacking their way out of a paper bag, let alone into someone’s computer. Initially sold via PayPal for just $40, Blackshades offered users a way to remotely spy on victims, and even included tools and tutorials to help users infect victim PCs. Many of Yucel’s customers also have been rounded up by law enforcement here in the U.S. an abroad. Continue reading →


16
Jan 15

Another Lizard Arrested, Lizard Lair Hacked

Several media outlets are reporting that authorities in the United Kingdom early this morning arrested an 18-year-old in connection with the denial-of-service attacks on Sony Playstation and Microsoft Xbox systems over Christmas. The arrest is one of several tied to a joint U.K. and U.S. law enforcement investigation into a group calling itself the “Lizard Squad,” and comes as the group’s attack-for-hire online service was completely compromised and leaked to investigators.

A BBC story does not name the individual, saying only that the youth was arrested at an address in Southport, near Liverpool, and that he was accused of unauthorized access to computer material and knowingly providing false information to law enforcement agencies in the United States. The notice about the arrest on the Web site of the Southeast Regional Organized Crime Unit states that this individual has been actively involved in several “swatting” incidents — phoning in fake hostage situations or bomb threats to prompt a police raid at a targeted address.

U.K. police declined to publicly name the individual arrested. But according to the Daily Mail, the youth is one Jordan Lee-Bevan. Known online variously as “Jordie,” “EvilJordie” and “GDKJordie,” the young man frequently adopts the persona of an African American gang member from Chicago, as evidenced in this (extremely explicit) interview he and other Lizard Squad members gave late last year. Jordie’s Twitter account also speaks volumes, although it hasn’t been saying much for the past 13 hours.

Update: Added link to Daily Mail story identifying Jordie as Lee-Bevan.

Original post:

An individual using variations on the “Jordie” nickname was named in this FBI criminal complaint (PDF) from Sept. 2014 as one of three from the U.K. suspected in a string of swatting attacks and bomb threats to schools and universities across the United States in the past year. According to that affidavit, Jordie was a member of a group of males aged 16-18 who called themselves the “ISISGang.”

In one of their most appalling stunts from September 2014, Jordie and his ISIS pals allegedly phoned in a threat to Sandy Hook Elementary — the site of the 2012 school massacre in Newtown, Ct. in which 20 kids and 6 adults were gunned down. According to investigators, the group told the school they were coming to the building with an assault rifle to “kill all your asses.”

In an unrelated development, not long after this publication broke the news that the Lizard Squad’s attack infrastructure is built on a network of thousands of hacked home Internet routers, someone hacked LizardStresser[dot]su, the Web site the group uses to coordinate attacks and sell subscriptions to its attacks-for-hire service. As I noted in a previous story, the attacks on Microsoft and Sony were merely meant to be commercials for this very “stresser” (a.k.a. “booter”) service, which allows paying customers to knock any Web site or individual offline for a small fee.

A copy of the LizardStresser customer database obtained by KrebsOnSecurity shows that it attracted more than 14,241 registered users, but only a few hundred appear to have funded accounts at the service. Interestingly, all registered usernames and passwords were stored in plain text. Also, the database indicates that customers of the service deposited more than USD $11,000 worth of bitcoins to pay for attacks on thousands of Internet addresses and Web sites (including this one).

One page of hundreds of support ticket requests filed by LizardStresser users.

One page of hundreds of support ticket requests filed by LizardStresser users.

Continue reading →


29
Dec 14

Who’s in the Lizard Squad?

The core members of a group calling itself “Lizard Squad” — which took responsibility for attacking Sony’s Playstation and Microsoft‘s Xbox networks and knocking them offline for Christmas Day — want very much to be recognized for their actions. So, here’s a closer look at two young men who appear to be anxious to let the world know they are closely connected to the attacks.

Kim Dotcom offers Lizard Squad members vouchers to stop the attack.

Kim Dotcom offers Lizard Squad members vouchers to stop the attack.

The LizardSquad reportedly only called off their attacks after MegaUpload founder Kim Dotcom offered the group some 3,000 vouchers for his content hosting service. The vouchers sell for $99 apiece, meaning that Dotcom effectively offered the group the equivalent of $300,000 to stop their seige.

On Dec. 26, BBC Radio aired an interview with two young men who claimed to have been involved in the attacks. The two were referred to in the interview only as “Member 1” and “Member 2,” but both have each given on-camera interviews previously (more on that in a bit).

The BBC’s Stephen Nolan asks Member 2, “It was nothing really to do with exposing a company for the greater good? You took the money and you ran, didn’t you, like a petty criminal?”

M2: “Well, we didn’t really expect money from it in the first place. If we really cared about money we could have used the twitter accounts that we generated over 50,000 followers within 24-48 hours we could have used that for monetization, you know? We could have easily sent out a couple of linked….profiles or whatever where each click could gain us three to six cents.”

Vinnie Omari, speaking to Sky News on Dec. 27.

Vinnie Omari, speaking to Sky News on Dec. 27.

Nolan: “So why did you take the vouchers, then?

M2: “It was just an offer. It’s hard to say. It was just a one-time thing. It’s $300,000 worth of vouchers.”

Nolan: “Dirty, grubby, greed?”

M2: “Well, that’s what happens, I’m afraid. That’s what it is like in the security business.”

Member2, the guy that does most of the talking in the BBC interview, appears to be a 22-year-old from the United Kingdom named Vinnie Omari. Sky News ran an on-camera interview with Omari on Dec. 27, quoting him as a “computer security analyst” as he talks about the attacks by LizardSquad and their supposed feud with a rival hacker gang.

The same voice can be heard on this video from Vinnie’s Youtube channel, in which he enthuses about hackforums[dot]net, a forum that is overrun with teenage wannabe hackers who spend most of their time trying to impress, attack or steal from one another.

In a thread on Hackforums that Omari began on Dec. 26 using the Hackforums username “Vinnie” Omari says he’s been given vouchers from Kim Dotcom’s Mega, and wonders if the Hackforums rules allow him to sell the vouchers on the forum.

Hackforums user "Vinnie" asks about selling MegaUpload vouchers.

Hackforums user “Vinnie” asks about selling MegaUpload vouchers.

vinnie-profit

Continue reading →