Anonymous, LulzSec members and plenty of others sent to the slammer for
exploiting technology and human flaws
Prisons around the world this year made way for techie criminals alongside the
more garden variety murderers, thieves and schemers.
Here’s a rundown of those who got sent to the slammer this year for tech-related
crimes (based on a compilation of reports from the IDG News Service and Network
World’s other sister sites):
• Hacker sentenced to 18 months for peddling computer access to US national
security lab
A Pennsylvania man who hacked into multiple corporate, university and
government computer networks and tried to sell access to them, including
supercomputers from a U.S. national security laboratory, was sentenced in
December to 18 months in prison.
Andrew Miller, 24, pleaded guilty in August to one count of conspiracy and two
counts of computer fraud for actions committed between 2008 and 2011, when he
was part of the Underground Intelligence Agency hacking group, the U.S.
Department of Justice said. Miller asked an undercover FBI agent in 2011 for
$50,000 in exchange for access to two supercomputers at the Lawrence Livermore
National Laboratory, according to the DOJ.
*Man who hacked celebrity email accounts sentenced to prison
A man who admitted to illegally accessing email accounts belonging to more
than four dozen celebrities to steal their private photos and confidential
documents was sentenced in December to 10 years in federal prison by a U.S.
District Court judge in Los Angeles.
Christopher Chaney, 36, of Jacksonville, Fla. was also ordered to pay a fine of
more than $66,000 as restitution for his crimes. Chaney was arrested in November
2011 and has been in custody since March, when he pleaded guilty to nine felony
counts, including unauthorized access to computers and wiretapping. He faced a
maximum of more than 120 years in prison.
+ Also from Network World: Businesses offer best practices for escaping
Cryptolocker hell +
According to the U.S. Attorney's office in Los Angeles, Chaney gained access to
the email accounts of Mika Kunis, Scarlett Johansson, Renee Olstead and dozens
of other celebrities by resetting their passwords using the "forgot your
password" feature. Chaney apparently used publicly available information on the
celebrities to correctly answer the security questions needed to reset the
passwords on the Gmail, Apple and Yahoo email accounts they used.
(via Jaikumar Vijayan, Computerworld)
*Wisconsin man sentenced for participating in Anonymous DDoS
A man from Wisconsin was sentenced in December for participating in a DDoS
(distributed denial-of-service) attack by hacker group Anonymous on a Kansas
company.
Eric J. Rosol, 38, is said to have admitted that on Feb. 28, 2011, he took part
in a denial-of-service attack for about a minute on a Web page of Koch
Industries -- Kochind.com, using software called a Low Orbit Ion Cannon Code,
which was loaded on his computer. LOIC is a popular DDoS tool used by Anonymous
and other online attackers to overload websites with requests and disrupt the
target server.
*Judge sentences Anonymous hacker to 10 years in prison
A member of the hacker group Anonymous was sentenced in November to 10 years in
prison for hacking into the computers of a geopolitical analysis firm. Jeremy
Hammond, 28, in May pled guilty to one count of conspiracy to engage in computer
hacking under the Computer Fraud and Abuse Act. He was sentenced by Chief U.S.
District Judge Loretta Preska during a hearing at the federal district court for
the Southern District of New York in New York.
Hammond, of Chicago, was arrested in March 2012 and charged with hacking into
the computer system of analyst company Strategic Forecasting, also called
Stratfor, and obtaining subscriber and credit-card information and emails, among
other data. Ultimately, credit-card details, emails and cryptographic
representation of passwords were leaked. The credit cards were used to make
$700,000 in purchases.
* Two sentenced to prison for point-of-sale credit card theft
Two Romanian men were sentenced in September to serve prison sentences for
remotely hacking into hundreds of U.S. merchants' computers and stealing payment
card data, the U.S. Department of Justice said.
Adrian-Tiberiu Oprea, 29, of Constanta, Romania, was sentenced to serve 15 years
in prison, and Iulian Dolan, 28, of Craiova, Romania, was sentenced to serve
seven years in prison during proceedings in U.S. District Court for the District
of New Hampshire. The two men were charged with hacking into hundreds of
point-of-sale (POS) computer systems and stealing payment card data, with
co-conspirators compromising cards belonging to more than 100,000 customers, the
DOJ said in a press release. The compromises caused losses of more than $17.5
million in unauthorized charges and remediation expenses, the DOJ said.
*Bradley Manning sentenced to 35 years for classified document leaks
A military court judge sentenced U.S. Army Pfc. Bradley Manning to 35 years in
prison in August on charges related to his leaking a large store of classified
documents to Wikileaks, according to a number of published and broadcast
reports.
Manning had faced a maximum potential sentence of 90 years. The judge in his
case reduced the maximum sentence from 136 years earlier this month. Manning was
also dishonorably discharged from the military.
* 'Western Express' credit-card fraud prosecution ends
The last member of a $5 million global credit-card fraud ring was sentenced in
August in New York state court, ending an eight-year investigation and
prosecution.
Douglas Latta, 40, was sentenced to between 22 and 44 years in state prison,
according to Manhattan District Attorney Cyrus R. Vance Jr. in a news release on
Thursday. Latta was part of a wide-ranging scheme that stole and sold more than
95,000 credit card numbers online as part of a group known as the "Western
Express."
* Pirate Bay co-founder sentenced to two years in prison for hacking
Gottfried Svartholm Warg
Gottfrid Svartholm Warg, the co-founder of Pirate bay, is pictured in Stockholm,
February 16, 2009. (Reuters)
Pirate Bay co-founder Gottfrid Svartholm Warg was sentenced in June to two years
in prison by a District Court in Sweden for multiple data intrusions, attempted
aggravated fraud and aggravated fraud. An appeal reduced the sentence to one
year.
The data intrusion charge is related to the hacking of a mainframe belonging to
Logica, now CGI, an IT firm that provided tax services to the Swedish
government, and a mainframe of Nordea bank. The fraud charges stem from a number
of attempted money transfers from accounts at Nordea, of which one was
successful. Two of the attempts that were part of the case were dismissed. The
receiving bank couldn't find a record of one transfer attempt, and the other
transfer was interrupted, according to prosecutor Henrik Olin.
* Phishing gang jailed for plundering woman's $1.6 million life savings
A heartless phishing gang that stole and frittered a British woman's entire $1.6
million life savings on items including "gold and cheeseburgers" was handed
heavy sentences in May by a judge at London's Southwark Crown Court.
Nominal ringleader, Nigerian national Rilwan Adesegun Oshodi, was sentenced to
eight years in prison and ordered to pay back $1.6 million under the Proceeds of
Crime Act, although this might prove difficult given that the stolen money has
reportedly already been spent.
The man who phished the victim's bank account details and then sold the
information to Oshodi, Egyption Tamer Hassanin Zaky Abdelhamid, was sentenced to
six years and ordered to pay a heavy fine under the Proceeds of Crime Act.
* Four former LulzSec members sentenced to prison in the UK
Four British men associated with the LulzSec hacker collective received
prison sentences in May for their roles in cyberattacks launched by the group
against corporate and government websites in 2011.
Mustafa al-Bassam
Mustafa al-Bassam arrives at Southwark Crown Court in central London May 15,
2013. (Reuters)
Ryan Cleary, 21, Jake Davis, 20, Ryan Ackroyd, 26, and Mustafa Al-Bassam, 18,
were sentenced Thursday in London's Southwark Crown Court after previously
pleading guilty to charges of carrying out unauthorized acts with the intention
of impairing the operation of computers.
Davis, who was known online as "Topiary," received a two-year prison sentence.
He acted as a spokesperson for LulzSec, writing some of the hacker group's
announcements and managing its website and Twitter account.
*Operator of German file-sharing site sentenced to almost four years in
prison
A 33-year-old man was sentenced in May to three years and 10 months in prison by
a German court for running the torrent site torrent.to between December 2005 and
April 2008. He was sentenced by the local court of Aachen on April 30 for the
commercial and unauthorized exploitation of copyrighted works, said the German
Society for the Prosecution of Copyright Infringement (GVU) in a news release.
The man, who was only identified by the GVU as Jens R., was the former owner of
torrent.to, a site that continues to operate under a new owner since 2008, and
the GVU still aims to take down.
* Former LulzSec member gets prison sentence for Sony Pictures hack
Cody Andrew Kretsinger, a 25-year-old man from Decatur, Illi., was sentenced in
April to one year in federal prison for his role in a May 2011 breach of a Sony
Pictures website and database.
At the time of the intrusion Kretsinger, who used the online alias "recursion,"
was a member of a hacker group called Lulz Security, or LulzSec, that went on a
hacking spree during the first half of 2011. The group was affiliated with the
international Anonymous hacktivist collective.
* AU Optronics executive sentenced for LCD price-fixing
A former executive with AU Optronics was sentenced in April to serve two years
in prison and pay a $50,000 fine for participating in a worldwide LCD screen
price-fixing conspiracy, the U.S. Department of Justice said.
Shiu Lung Leung, former senior manager of AU Optronics' desktop display business
group, was sentenced for price fixing in U.S. District Court for the Northern
District of California. AU Optronics, based in Hsinchu, Taiwan, and its U.S.
subsidiary, AU Optronics America, headquartered in Milpitas, Calif., were found
guilty in March 2012, for participating in the thin-film transistor-liquid
crystal display (TFT-LCD) price-fixing conspiracy, after an eight-week trial.
*Romanian citizen sentenced to five years in phishing scheme
A 28-year-old Romanian man was sentenced in March to five years in prison for
his role in a phishing scheme, as part of a seven-year investigation by the U.S.
Department of Justice.
Cristian Busca, who was sentenced in U.S. District Court in New Haven, Conn.,
pleaded guilty last November to one count of conspiracy to commit access device
fraud, the DOJ said in a news release. He was extradited to the U.S. in December
2011. Prosecutors alleged that Busca possessed more than 10,000 stolen debit or
credit card numbers in his email accounts.
Busca was part of a group based in Craiova, Romania, that amassed victims'
payment card details, PINs and Social Security numbers. They used the
information to make fraudulent withdrawals from people's accounts by creating
counterfeit payment cards and taking out lines of credit.
* AT&T hacker 'Weev' sentenced to 41 months for iPad leak
Alleged hacker Andrew 'weev' Auernheimer in March was given an unforgiving
prison sentence of 41 months for his part in the hugely embarrassing 2010
compromise of 114,000 iPad-using AT&T customers.
Found guilty in November of 2012, 26-year-old Auernheimer’s prison sentence is
likely to become only the latest contentious chapter in complex story that has
sharply divided opinion. As part of the 'Goatse Security' group, Auernheimer
styled himself as a security researcher who did nothing more untoward than
reveal a weakness on AT&T’s website that was of its own making.
(via John Dunn of Techworld)
* Dutch man sentenced in US to 12 years in credit card scam
A 22-year-old Dutch man who sold credit card details online was sentenced in
February to 12 years in a US prison in a fraud prosecutors alleged caused more
than $63 million in damages, according to the Department of Justice.
David Benjamin Schrooten, who was extradited from Romania last June, was part of
a team that stole more than 100,000 credit card numbers and sold the details to
other criminals on Kurupt.su, a so-called "carding" website or underground
marketplace for stolen payment card data. He was sentenced in U.S. District
Court for the Western District of Washington in Seattle, a DOJ news release
said.
*Steve Jobs' house burglar gets seven-year sentence
The man who broke into the Palo Alto, Calif., home of late Apple CEO Steve Jobs
and stole laptops, iPads and other possessions was sentenced in January to seven
years in a California state prison.
Kariem McFarlin, 35, was arrested in August last year by officers from the Rapid
Enforcement Allied Computer Team, a Silicon Valley-based high-tech crime unit
formed by local, state and federal law enforcement agencies.
REACT officers found McFarlin with help from Apple security, which tracked where
the stolen devices were being used by matching their serial numbers with
connections to Apple iTunes servers. The IP address in use matched a line in
McFarlin's apartment in nearby Alameda that was also being used by an Apple
device registered to a member of his family, according to a police report.
* Internet piracy group leader sentenced to five years in prison
The leader of a U.S. online piracy group that covertly recorded movies showing
in theaters and offered them online was sentenced in January to five years in
prison.
Jeramiah Perkins headed a group that called itself "IMAGiNE," which used
camcorders as well as FM and infrared receivers to capture video and audio of
movies, according to an indictment filed April last year in U.S. District Court
for the Eastern District of Virginia, where he was sentenced. The captured files
were then uploaded to the group's servers and later pieced together and edited
to reproduce the movies.
* Two former Anonymous members jailed in UK for PayPal, Visa DDoS attacks
Three men were sentenced in the U.K. in January for their roles in a series of
distributed denial-of-service (DDoS) attacks launched against financial and
music industry organizations in 2010 by the Anonymous hacktivist collective.
Christopher Weatherhead, 22, of Northampton and Ashley Rhodes, 28, of Camberwell,
London, received prison sentences of 18 months and 7 months respectively for
conspiracy to impair the operation of computers, a representative of the
Southwark Crown Court Clerk's Office in London said Friday.
Another co-conspirator, Peter Gibson, 24, of Hartlepool, received a six-month
prison sentence suspended for two years and 100 hours of community service, the
court's representative said.
The conspiracy charges brought against the three men were in connection with
DDoS attacks launched in 2010 against PayPal, MasterCard, Visa, the British
Phonographic Industry (BPI), the Ministry of Sound record label and the
International Federation of the Phonographic Industry. These attacks were part
of an Anonymous DDoS campaign called Operation Payback.
