Last week was a busy one for cyber law enforcement as UK authorities arrested dozens of accused cyber criminals and US judicial officials unsealed an indictment of three foreign nationals for what they're calling the largest data breach in history.
According to officials with the UK's National Crime Agency (NCA), the agency's National Cyber Crime Unit (NCCU) coordinated with numerous regional and local forces in England, Scotland and Wales to arrest 57 people in 25 operations throughout the week. Some of the crimes alleged include network intrusion and data theft from multinational companies and government agencies, DDoS attacks, development of malicious software, and cyber-enabled fraud.
“Criminals need to realize that committing crime online will not make them anonymous to law enforcement," said Andy Archibald, deputy director of the NCA NCCU. "We are continuously working to track down and apprehend those seeking to utilize computers for criminal ends, and to disrupt the technical networks and infrastructures supporting international cyber crime."
Among the arrested individuals is a 23-year-old man who authorities say may have been involved in an intrusion in June 2014 of US Department of Defense (DOD) networks that resulted in the theft of information from the DOD's Enhanced Mobile Satellite Services global communication system, which is used for communication with international DoD employees.
Additionally, a 21-year-old man was arrested for NCCU's belief in playing a part in an attack by "D33Ds Company" against Yahoo! in 2012 to steal and publish 400,000 email addresses and passwords from the web giant. Another arrest involved an 18-year-old man who authorities suspect was responsible for the development and administration of the Titanium and Avenger tools, used to commit a number of DDoS attacks on public sector websites.
“Cyber-crime is not victimless. A high-end cyber-attack against financial institutions could have a far-reaching impact on our economy," said Peter Goodman, deputy chief constable for the National Policing Lead for Cybercrime, who reports that the actions last week were evidence of the UK's work to transform response to cybercrime. "Small and medium-sized businesses can be bankrupted by a cyber-attack with owners and staff losing their jobs. You could be seriously affected by the publication of your personal information."
Meanwhile, in the US, the Department of Justice (DOJ) unsealed court documents for an indictment of three men involved in a hacking scheme against email service providers across the US that led to the theft of over a billion email addresses to be spammed in order to pump up results of an affiliate marketing business.
“These men — operating from Vietnam, the Netherlands, and Canada — are accused of carrying out the largest data breach of names and email addresses in the history of the Internet,” said Assistant Attorney General Leslie Caldwell. “The defendants allegedly made millions of dollars by stealing over a billion email addresses from email service providers. This case again demonstrates the resolve of the Department of Justice to bring accused cyber hackers from overseas to face justice in the United States.”
The indictments allege that between February 2009 and June 2012, Viet Quoc Nguyen hacked into eight service providers to steal the email addresses. Authorities say he then worked with Giang Hoang Vu to send spam to tens of millions of recipients. From there, Vu and Nguyen allegedly brokered a deal with David-Manuel Santos Da Silva, owner of affiliate marketing firm 21 Celcius Inc., to spam links to websites that paid 21 Celcius commissions for promoting them. The DOJ says it believes that between May 2009 and October 2011, Ngyuen and Da Silva made $2 million from the efforts.
A Vietnamese citizen, Vu was arrested in the Netherlands in 2012 and extradited to the US in 2012. Also a Vietnamese citizen, Nguyen is still on the run. Meanwhile, Da Silva, a Canadian citizen, was arrested at the Ft. Lauderdale, Fla. airport last month and indicted last week by the DOJ.