{"id":10691,"date":"2017-12-01T19:17:45","date_gmt":"2017-12-02T03:17:45","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/12\/01\/news-4463\/"},"modified":"2017-12-01T19:17:45","modified_gmt":"2017-12-02T03:17:45","slug":"news-4463","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/12\/01\/news-4463\/","title":{"rendered":"Carding Kingpin Sentenced Again. Yahoo Hacker Pleads Guilty"},"content":{"rendered":"

Credit to Author: BrianKrebs| Date: Sat, 02 Dec 2017 01:15:15 +0000<\/strong><\/p>\n

Roman Seleznev<\/strong>, a Russian man who is already serving a record 27-year sentence in the United States for cybercrime charges, was handed a 14-year sentence this week by a federal judge in Atlanta for his role in a credit card and identity theft conspiracy that prosecutors say netted more than $50 million. Separately, a Canadian national has pleaded guilty to charges of helping to steal more than a billion user account credentials from Yahoo<\/strong>.<\/p>\n

Seleznev, 33, was given the 14-year sentence<\/a> in connection with two prosecutions that were consolidated in Georgia: The 2008 heist<\/a> against Atlanta-based credit card processor RBS Worldpay<\/strong>; and a case out of Nevada where he was charged as a leading merchant of stolen credit cards at carder[dot]su<\/strong>, at one time perhaps the most bustling fraud forum where members openly marketed a variety of cybercrime-oriented services.<\/p>\n

\"\"<\/p>\n

Roman Seleznev, pictured with bundles of cash. Image: US DOJ.<\/p>\n<\/div>\n

Seleznev’s conviction comes more than a year after he was convicted in a Seattle court on 38 counts of cybercrime charges, including wire fraud and aggravated identity theft. The Seattle conviction earned Seleznev a 27-year prison sentence — the most jail time ever given to an individual convicted of cybercrime charges in the United States.<\/p>\n

This latest sentence will be served concurrently — meaning it will not add any time to his 27-year sentence. But it’s worth noting because Seleznev is appealing the Seattle verdict. In the event he prevails in Seattle and gets that conviction overturned, he will still serve out his 14-year sentence in the Georgia case because he pleaded guilty to those charges and waived his right to an appeal.<\/p>\n

Prosecutors say Seleznev, known in the underworld by his hacker nicknames “nCux” and “Bulba,” enjoyed an extravagant lifestyle prior to his arrest, driving expensive sports cars and dropping tens of thousands of dollars at lavish island vacation spots.\u00a0The son of an influential Russian politician, Seleznev made international headlines in 2014 after he was\u00a0captured<\/a>\u00a0while vacationing in\u00a0The Maldives<\/a>, a popular destination for Russians and one that\u00a0many Russian cybercriminals<\/a>\u00a0previously\u00a0considered<\/a>\u00a0to be\u00a0out of reach for\u00a0western law enforcement agencies.<\/p>\n

However, U.S. authorities were able to negotiate a secret deal with the Maldivian government to apprehend Seleznev. Following his capture, Seleznev was whisked away to Guam for\u00a0more than a month<\/a>\u00a0before being transported to Washington state to stand trial for computer hacking charges.<\/p>\n

The\u00a0U.S. Justice Department says the laptop found with him when he was arrested contained more than 1.7 million stolen credit card numbers, and that evidence presented at trial showed that Seleznev earned tens of millions of dollars defrauding more than 3,400 financial institutions.<\/p>\n

Investigators also reportedly\u00a0found a smoking gun: a password cheat sheet<\/a>\u00a0that linked Seleznev to a decade\u2019s worth of criminal hacking. For more on Seleznev’s arrest and prosecution, see The Backstory Behind Carder Kingpin Roman Seleznev’s Record 27-Year Sentence<\/a>, and Feds Charge Carding Kingpin in Retail Hacks<\/a>.<\/p>\n

In an unrelated case, federal prosecutors in California announced a guilty plea<\/a> from Karim Baratov<\/strong>, one of four men indicted in March 2017<\/a> for hacking into Yahoo beginning in 2014. Yahoo initially said the intrusion exposed the usernames, passwords and account data for roughly 500 million Yahoo users, but in December 2016 Yahoo said the actual number of victims was closer to one billion<\/a> (read: all of its users).\u00a0<\/span><\/p>\n

Baratov, 22, is a Canadian and Kazakh national who lived in Canada (he’s now being held in California). He was charged with\u00a0being hired by two Russian FSB<\/a> officer defendants in this case \u2014\u00a0Dmitry Dokuchaev,\u00a0<\/strong>33, and\u00a0Igor Sushchin<\/strong>, 43\u00a0\u2014 to hack into the email accounts of thousands of individuals. According to prosecutors,\u00a0Baratov\u2019s role in the charged conspiracy was to hack webmail accounts of individuals of interest to the FSB and send those accounts\u2019 passwords to Dokuchaev in exchange for money.<\/p>\n

\"\"<\/p>\n

Karim Baratov, a.k.a. “Karim Taloverov,” as pictured in 2014 on his own site, mr-karim.com.<\/p>\n<\/div>\n

Baratov operated several business that he advertised openly online that could be hired to hack into email accounts at the world’s largest email providers, including Google, Yahoo and Yandex.\u00a0As part of his plea agreement, Baratov not only admitted to agreeing and attempting to hack at least 80 webmail accounts on behalf of one of his FSB co-conspirators, but also to hacking more than 11,000 webmail accounts in total from in or around 2010 until his arrest by Canadian authorities.<\/p>\n

Shortly after Baratov’s arrest and indictment, KrebsOnSecurity examined many of the email hacking services he operated<\/a>\u00a0and that were quite clearly tied to his name. One such business advertised the ability to steal email account passwords without actually changing the victim’s password. According to prosecutors, Baratov’s service relied on “spear phishing” emails that targeted individuals with custom content and enticed recipients to click a booby-trapped link.<\/p>\n

For example, one popular email hacking business\u00a0registered to Baratov was\u00a0xssmail[dot]com<\/strong>, which for several years advertised the ability to break into email accounts of virtually all of the major Webmail providers. XSS is short for \u201ccross-site-scripting.\u201d XSS attacks rely on vulnerabilities\u00a0in Web sites that don\u2019t properly parse data submitted by visitors in things like search forms or anyplace one might enter data on a Web site.<\/p>\n

\"\"<\/p>\n

Archive.org’s cache of xssmail.com<\/p>\n<\/div>\n

In the context of phishing links, the user clicks the link and is actually taken to the domain he or she thinks she is visiting (e.g., yahoo.com) but the vulnerability allows the attacker to inject malicious code into the page that the victim is visiting.<\/p>\n

This can include fake login prompts that send any data the victim submits directly to the attacker. Alternatively, it could allow the attacker to steal \u201ccookies,\u201d text files that many sites place on visitors\u2019 computers to validate\u00a0whether they have visited the site previously, as well as if they have authenticated to the site already.<\/p>\n

Baratov pleaded guilty to nine counts, including one count of aggravated identity theft and eight violations of the Computer Fraud and Abuse Act<\/a>. His sentencing hearing is scheduled for Feb. 20, 2018. The aggravated identity theft charge carries a mandatory two-year sentence; each of the other counts is punishable by up to 10 years in jail and fines of $250,000, although any sentence he receives will likely be heavily tempered by U.S. federal sentencing guidelines<\/a>.<\/p>\n

Meanwhile, Baratov’s co-defendant Dokuchaev is embroiled in his own legal worries in Russia, charges that could carry a death sentence. He and his former boss\u00a0Sergei Mikhailov <\/strong>—\u00a0once deputy chief of the FSB’s Center for Information Security — were arrested in December 2016 by Russian authorities and charged with treason. Also charged with treason in connection with that case was Ruslan Stoyanov<\/strong>, a senior employee at Russian security firm Kaspersky Lab<\/strong>.<\/p>\n

There are many competing theories for the reasons behind their treason charges, some of which are explored in this Washington Post story<\/a>. I have my own theory, detailed in my January 2017 piece, A Shakeup in Russia’s Top Cybercrime Unit<\/a>.<\/p>\n

https:\/\/krebsonsecurity.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: BrianKrebs| Date: Sat, 02 Dec 2017 01:15:15 +0000<\/strong><\/p>\n

Roman Seleznev, a Russian man who is already serving a record 27-year sentence in the United States for cybercrime charges, was handed a 14-year sentence this week by a federal judge in Atlanta for his role in a credit card and identity theft conspiracy that prosecutors say netted more than $50 million. Separately, a Canadian national has pleaded guilty to charges of helping to steal more than a billion user account credentials from Yahoo.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10642],"tags":[12071,11645,11648,11649,3493,12073,16696,16803,16804,12074,11134,16805,11643],"class_list":["post-10691","post","type-post","status-publish","format-standard","hentry","category-independent","category-krebs","tag-bulba","tag-dmitry-dokuchaev","tag-karim-baratov","tag-karim-taloverov","tag-kaspersky-lab","tag-ncux","tag-neer-do-well-news","tag-pharma-wars","tag-rbs-worldpay-hack","tag-roman-seleznev","tag-ruslan-stoyanov","tag-sergei-mikhailov","tag-yahoo-hack"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10691","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=10691"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10691\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=10691"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=10691"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=10691"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}