Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/7/2011
09:11 PM
50%
50%

The Most Notorious Cybercrooks Of 2011 -- And How They Got Caught

A torrent of attacks from groups like Anonymous, LulzSec, Goatse Security, and Antisec has made it a busy year for cybercrime investigators

While there are plenty of elusive hackers that will forever manage to outrun the law, the good guys scored some impressive arrests, indictments, and convictions in 2011. Here are some of the highest profile cases to hit the headlines this year.

1. Anonymous and LulzSec Hacker: Ryan Cleary
Police raided the home of 19-year-old Brit Ryan Cleary and arrested him this summer for allegedly using distributed denial-of-service (DDoS) attacks to take down the British Serious Organised Crime Agency (SOCA) website this year, plus websites for the International Federation of the Phonographic Industry the British Phonographic Industry last year. His arrest was heralded by authorities as part of a crackdown against LulzSec, but the loosely organized group associated with Anonymous disavowed him as its leader. Cleary for sure had some affiliation with Anonymous, though. Acrimony between him and other Anonymous members for hacking into the group's AnonOps website and exposing its members IP addresses led to Anonymous exposing Cleary's full name, address, phone number, and IP on its site. These details were used by authorities to eventually find, arrest, and indict him.

2. Ivy League Academic Content Turbo Downloader: Aaron Swartz
A programmer and fellow at Harvard University's Safra Center for Ethics, 24-year-old Aaron Swartz faced indictment this year after he downloaded more than 4 million academic articles from the Massachusetts Institute of Technology (MIT) network connection to Jstor, an online academic repository. Swartz used anonymous log-ins on the network in September 2010 and actively worked to mask his log-ins when MIT and Jstor tried to stop the massive drain of copyrighted material. After Jstor shut down access to its database from the entire MIT network, Swartz visited the campus and directly plugged in a laptop the infrastructure at an MIT networking room and left it hidden there as it downloaded more content. It was this visit in the flesh that got him nabbed; authorities had been tipped off by an IT admin about the laptop and after searching the laptop left it there along with a hidden webcam to catch Swartz when he came back for his computer. But not everyone thought his actions were criminal.

3. DNSchanger Creators: Vladimir Tsastsin, Timur Gerassimenko, Dmitri Jegorov, Valeri Aleksejev, Konstantin Poltev and Anton Ivanvov
In a cybercrime bust that some security pros called one of the biggest ever, the six masterminds behind the DNSchanger malware were arrested in November for operating one of the longest running and most costly botnets to afflict the Internet. Lead by Tsastsin, this gang of thieves is accused of developing the DNSchanger malware to help perpetrate a profitable clickjacking scheme that netted it $14 million in stolen advertising views. The malware pioneered the method of using social engineering techniques to deliver unobtrusive payloads used to hijack victims' DNS settings in order to set up revenue streams based on their manipulated browsing. Law enforcement closed in on the takedown after a multiyear, public-private investigation it dubbed "Operation Ghost Click," which was initiated nearly five years ago after researchers with Trend Micro brought the gang's botnet to the attention of the Feds.

4. Sony Hacker: Cody Kretsinger
This September, authorities detained and indicted Cody Kretsinger (a.k.a. "recursion") for allegedly carrying out the summer attack against Sony Pictures on behalf of LulzSec. Authorities apparently hunted down Kretsinger through the U.K.-based HideMyAss proxy server service provider he used to help him "anonymously" carry out his SQL injection attack against Sony. The provider coughed up the logs to the authorities that allowed them to match time-stamps with IP addresses to pinpoint Kretsinger as the suspect in question.

Next Page: Anonymous' inside man at AT&T

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12551
PUBLISHED: 2019-07-22
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the Memcpy function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.
CVE-2019-12552
PUBLISHED: 2019-07-22
In SweetScape 010 Editor 9.0.1, an integer overflow during the initialization of variables could allow an attacker to cause a denial of service.
CVE-2019-3414
PUBLISHED: 2019-07-22
All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front en...
CVE-2019-10102
PUBLISHED: 2019-07-22
tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". Th...
CVE-2019-10102
PUBLISHED: 2019-07-22
aubio 0.4.8 and earlier is affected by: null pointer. The impact is: crash. The component is: filterbank. The attack vector is: pass invalid arguments to new_aubio_filterbank. The fixed version is: after commit eda95c9c22b4f0b466ae94c4708765eaae6e709e.