Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/7/2011
09:11 PM
50%
50%

The Most Notorious Cybercrooks Of 2011 -- And How They Got Caught

A torrent of attacks from groups like Anonymous, LulzSec, Goatse Security, and Antisec has made it a busy year for cybercrime investigators

While there are plenty of elusive hackers that will forever manage to outrun the law, the good guys scored some impressive arrests, indictments, and convictions in 2011. Here are some of the highest profile cases to hit the headlines this year.

1. Anonymous and LulzSec Hacker: Ryan Cleary
Police raided the home of 19-year-old Brit Ryan Cleary and arrested him this summer for allegedly using distributed denial-of-service (DDoS) attacks to take down the British Serious Organised Crime Agency (SOCA) website this year, plus websites for the International Federation of the Phonographic Industry the British Phonographic Industry last year. His arrest was heralded by authorities as part of a crackdown against LulzSec, but the loosely organized group associated with Anonymous disavowed him as its leader. Cleary for sure had some affiliation with Anonymous, though. Acrimony between him and other Anonymous members for hacking into the group's AnonOps website and exposing its members IP addresses led to Anonymous exposing Cleary's full name, address, phone number, and IP on its site. These details were used by authorities to eventually find, arrest, and indict him.

2. Ivy League Academic Content Turbo Downloader: Aaron Swartz
A programmer and fellow at Harvard University's Safra Center for Ethics, 24-year-old Aaron Swartz faced indictment this year after he downloaded more than 4 million academic articles from the Massachusetts Institute of Technology (MIT) network connection to Jstor, an online academic repository. Swartz used anonymous log-ins on the network in September 2010 and actively worked to mask his log-ins when MIT and Jstor tried to stop the massive drain of copyrighted material. After Jstor shut down access to its database from the entire MIT network, Swartz visited the campus and directly plugged in a laptop the infrastructure at an MIT networking room and left it hidden there as it downloaded more content. It was this visit in the flesh that got him nabbed; authorities had been tipped off by an IT admin about the laptop and after searching the laptop left it there along with a hidden webcam to catch Swartz when he came back for his computer. But not everyone thought his actions were criminal.

3. DNSchanger Creators: Vladimir Tsastsin, Timur Gerassimenko, Dmitri Jegorov, Valeri Aleksejev, Konstantin Poltev and Anton Ivanvov
In a cybercrime bust that some security pros called one of the biggest ever, the six masterminds behind the DNSchanger malware were arrested in November for operating one of the longest running and most costly botnets to afflict the Internet. Lead by Tsastsin, this gang of thieves is accused of developing the DNSchanger malware to help perpetrate a profitable clickjacking scheme that netted it $14 million in stolen advertising views. The malware pioneered the method of using social engineering techniques to deliver unobtrusive payloads used to hijack victims' DNS settings in order to set up revenue streams based on their manipulated browsing. Law enforcement closed in on the takedown after a multiyear, public-private investigation it dubbed "Operation Ghost Click," which was initiated nearly five years ago after researchers with Trend Micro brought the gang's botnet to the attention of the Feds.

4. Sony Hacker: Cody Kretsinger
This September, authorities detained and indicted Cody Kretsinger (a.k.a. "recursion") for allegedly carrying out the summer attack against Sony Pictures on behalf of LulzSec. Authorities apparently hunted down Kretsinger through the U.K.-based HideMyAss proxy server service provider he used to help him "anonymously" carry out his SQL injection attack against Sony. The provider coughed up the logs to the authorities that allowed them to match time-stamps with IP addresses to pinpoint Kretsinger as the suspect in question.

Next Page: Anonymous' inside man at AT&T

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8015
PUBLISHED: 2020-04-02
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.
CVE-2020-1927
PUBLISHED: 2020-04-02
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
CVE-2020-8144
PUBLISHED: 2020-04-01
The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware u...
CVE-2020-8145
PUBLISHED: 2020-04-01
The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup� and “wizard� endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP ...
CVE-2020-8146
PUBLISHED: 2020-04-01
In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the win...