Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

3/19/2015
12:20 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New York City Police Department Auxiliary Officer Charged with Hacking into NYPD Computer and FBI Database

Defendant Obtained Personal Identifying Information of Traffic-Accident Victims and Fraudulently Posed as an Attorney Soliciting Clients

Earlier today, a criminal complaint was unsealed charging Yehuda Katz, a New York City Police Department (NYPD) Auxiliary Deputy Inspector assigned to the 70th Precinct in Brooklyn, with executing a scheme to hack into a restricted NYPD computer and other sensitive law enforcement databases. The defendant was arrested earlier this morning and will have his initial appearance this afternoon at the U.S. Courthouse, 225 Cadman Plaza East, Brooklyn, New York, before United States Magistrate Judge James Orenstein.

The charges and arrest were announced by Loretta E. Lynch, United States Attorney for the Eastern District of New York, Diego G. Rodriguez, Assistant Director-in-Charge, Federal Bureau of Investigation (FBI), New York Field Office, and William J. Bratton, Commissioner of the New York City Police Department.

“The defendant allegedly used his position as an auxiliary officer to hack into restricted computers and networks in order to obtain the personal information of thousands of citizens in a scheme to enrich himself through fraud,” stated United States Attorney Lynch. “The threat posed by those who abuse positions of trust to engage in insider attacks is serious, and we will continue to work closely with our law enforcement partners to vigorously prosecute such attacks.” Ms. Lynch expressed her grateful appreciation to the FBI and the NYPD’s Internal Affairs Bureau, which worked together closely to investigate the case.

“As alleged, Katz illegally accessed sensitive law enforcement computer systems for his own personal gain. This type of behavior betrays the public’s trust and cannot be tolerated. We entrust our public servants to safeguard confidential information and not prey upon victims, and we will continue to work with our partners to prosecute those who engage in this type of criminal activity,” stated FBI Assistant Director-in-Charge Rodriguez.

“This case is a clear example of the collaborative effort between federal prosecutors, the FBI, and the NYPD’s Internal Affairs Bureau to weed out individuals who allegedly violate the Department’s trust,” said Police Commissioner Bratton.

According to the complaint, the defendant surreptitiously installed multiple electronic devices in the Traffic Safety Office of the NYPD’s 70th Precinct that allowed him to remotely access restricted NYPD computers and law enforcement databases, including one maintained by the FBI, that he did not have permission to access. One of the electronic devices installed by the defendant contained a hidden camera that captured a live image of the Traffic Safety Office and was capable of live-streaming that image over the Internet. The second electronic device was connected to one of the computers in the Traffic Safety Office and allowed the computer to be accessed and controlled remotely.

As alleged in the complaint, investigators with the NYPD’s Internal Affairs Bureau and the FBI determined that the devices had been used to allow the defendant to remotely log onto an NYPD computer using usernames and passwords belonging to NYPD uniformed officers. Thereafter, the defendant ran thousands of queries in databases, including a restricted law enforcement database maintained by the FBI, for information, including the personal identifying information of victims, related to traffic accidents in the greater New York City area.

The complaint further alleges that, after the defendant accessed the NYPD computer and law enforcement databases, he contacted individuals who had been involved in traffic accidents and falsely claimed to be, among others, an attorney with the fictitious “Katz and Katz law firm” who could assist them with potential legal claims. Letters sent by the defendant to accident victims included claims such as “I can advise you with 100% confidence that I can resolve this claim in your favor,” and “My fee is 14 percent only when you collect. And I know that you will collect.” All told, according to the complaint, between May and August 2014, the defendant ran over 6,400 queries in sensitive law enforcement databases that he accessed remotely via the compromised NYPD computer for information related to traffic accidents.

The charges in the complaint are merely allegations, and the defendant is presumed innocent unless and until proven guilty. If convicted, the defendant faces a maximum sentence of 10 years.

The government’s case is being prosecuted by Assistant United States Attorneys Samuel P. Nitze and Peter W. Baldwin, with assistance provided by the Computer Crime and Intellectual Property Section of the Department of Justice.

The Defendant:

YEHUDA KATZ 
Age: 45 
Brooklyn, New York

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26854
PUBLISHED: 2021-03-03
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
CVE-2021-26855
PUBLISHED: 2021-03-03
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
CVE-2021-26857
PUBLISHED: 2021-03-03
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
CVE-2021-26858
PUBLISHED: 2021-03-03
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078.
CVE-2021-27065
PUBLISHED: 2021-03-03
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078.