Attacks/Breaches

2/12/2016
11:22 AM
50%
50%

Man Admits To Laundering $19.6 Million in Hacking, Telecom Fraud Scam

Hacking increasingly being used as a way to enhance a variety of other criminal endeavors.

Thursday, a man admitted laundering over $19.6 million, in support of a massive international computer hacking and telecommunications fraud scheme.

Pakistani citizen Muhammad Sohail Qasmani, 47, formerly of Bangkok, Thailand, pleaded guilty before a US judge to one count of conspiracy to commit wire fraud.

According to court files, hackers first compromised businesses' PBX systems -- the computer systems that run internal telephone systems of the businesses. They would then identify unused extensions, reprogram them so they could be used to make long distance phone calls charged back to the victim business.

The hacked phones were then used to make calls to phony premium telephone numbers -- essentially recordings made to sound like the voicemail messages or prompts of phone sex, psychic hotlines, and other services that charge per-minute.

Qasmani laundered and transmitted money to approximately 650 individuals involved in the scheme over four years. If convicted, the maximum sentence is 20 years in prison and a $250,000 fine.

Hacking is being used to support other kinds of criminal enterprises more often.

In November, unsealed court documents revealed that the attackers behind the massive JP Morgan Chase breach that exposed data on 83 million customers were actually, "using hacking to support a diverse criminal conglomerate," according to the U.S. Attorney. The ringleaders were using cyber-espionage and data breaches to commit and enhance their securities fraud, illegal gambling, illegal Bitcoin exchange, and illegal payment processing operations. 

Interop 2016 Las VegasFind out more about security and cybercrime at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
New Mirai Version Targets Business IoT Devices
Dark Reading Staff 3/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Reading Schneier's Friday Squid Blog again?
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.