Attacks/Breaches

10/16/2018
12:55 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Stanford Man Sentenced to 30 Months for Computer Intrusion Crimes

LEXINGTON, Ky. – Colton Grubbs, 21, of Stanford, Kentucky, was sentenced to 30 months in federal prison, by United States District Judge Joseph M. Hood, for conspiracy to unlawfully access computers in furtherance of a criminal act, conspiracy to commit money laundering, and the illegal removal of property to prevent its lawful seizure.

Grubbs previously admitted to designing, marketing, and selling a software, called LuminosityLink, that Grubbs knew would be used by some customers to remotely access and control their victims’ computers without the victims’ knowledge or consent.  Among other malicious features, LuminosityLink allowed Grubbs’ customers to record the keys that victims pressed on their keyboards, surveil victims using their computers’ cameras and microphones, view and download the computers’ files, and steal names and passwords used to access websites.  Directly and indirectly, Grubbs offered assistance to his customers on how to use LuminosityLink for unauthorized computer intrusions through posts and group chats on websites such as HackForums.net.  In his plea agreement, Grubbs admitted to selling this software for $39.99 apiece to more than 6,000 customers.  These customers, and their victims, were located throughout the United States and around the world. 

“Our modern society is dependent on computers, mobile devices, and the use of the internet,” said Robert M. Duncan, Jr., United States Attorney for the Eastern District of Kentucky.  “People simply have to have confidence in their ability to use these modern instruments to transact their business, privately communicate, and securely maintain their information.  It is essential that we vigorously prosecute those who erode that confidence and illicitly gain access to computer systems and the electronic information of others.  Everyone benefits when this deceitful conduct is discovered, investigated, and prosecuted.”

“The sentence announced today would not have been possible without the cooperation of our partners in the private sector and international law enforcement, specifically the Palo Alto Networks Unit 42 and the United Kingdom’s Southwest Regional Cyber Crime Unit,” said Michael A. Christman, Acting Special Agent in Charge, Federal Bureau of Investigation, Louisville Division.  “The FBI is committed to strengthening these relationships and finding innovative ways to counter cybercrime.  Cybercrime is worldwide epidemic, and this case is an example how strong partnerships can hold criminals accountable no matter where they are.”  

Under federal law, Grubbs must serve 85 percent of his prison sentence; and upon his release, he will be under the supervision of the United States Probation Office for a term of three years.  In addition to his sentence of incarceration, Grubbs must also forfeit the proceeds of his crimes, including 114 bitcoin, presently valued at more than $725,000, which was seized by the Federal Bureau of Investigation.

United States Attorney Duncan and Special Agent in Charge Christman jointly made the announcement.  The case was investigated by the FBI and additional assistance was provided by Palo Alto Networks Unit 42 the United Kingdom’s Southwest Regional Cyber Crime Unit.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
The Case for a Human Security Officer
Ira Winkler, CISSP, President, Secure Mentem,  12/5/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-8651
PUBLISHED: 2018-12-12
A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka "Microsoft Dynamics NAV Cross Site Scripting Vulnerability." This affects Microsoft Dynamics NAV.
CVE-2018-8652
PUBLISHED: 2018-12-12
A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka "Windows Azure Pack Cross Site Scripting Vulnerability." This affects Windows Azure Pack Rollup 13.1.
CVE-2018-8617
PUBLISHED: 2018-12-12
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8...
CVE-2018-8618
PUBLISHED: 2018-12-12
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8...
CVE-2018-8619
PUBLISHED: 2018-12-12
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Exp...