A Singaporean man faces a 34-year jail sentence after being charged for running a cryptocurrency mining operation using stolen identity data to gain access to cloud computing services.
Ho Jun Jia, also known as Matthew Ho, was charged under an indictment of 14 counts, allegedly for mining digital assets using stolen Amazon Web Servies (AWS) and Google Cloud computing power. Ho paid for these services using a credit card and identity data stolen from multiple victims in California and Texas. The indictment explained:
“HO used victims’ personal and stolen credit card information, along with phony email addresses, which he created, designed to spoof the authentic email account of identity-theft victims, to open accounts and to obtain access to cloud computing services.”
The indictment added that HO used his access to these computing services to mine cryptocurrencies such as bitcoin and ether, which was sold and exchanged for fiat currency through online vendor websites. While the indictment didn’t disclose the amount of money made through these operations, it claimed that Ho consumed more than $5 million in unpaid cloud computing services.
Indeed, a U.S. Department of Justice press release said that for a brief period during the few months Ho’s scheme was active, it was one of AWS’s largest consumers of data by volume. The charges in the indictment remain allegations and the case is still being investigated by the Seattle office of the Federal Bureau of Investigation. HO faces a total of 34 years in prison – up to 20 years for wire fraud, up to 10 years for access device fraud, and aggravated identity theft all to run consecutively.
A Hacker Sells Personal Info From Databases Of Trezor, Ledger And Other Platforms
The hacker that breached the Ethereum.org forum is allegedly selling the databases for the three most-popular crypto hard wallets — Ledger, Trezor, and KeepKey. The three databases contain the name, address, phone number, and email for more than 80,000 users combined, however, they do not contain passwords for the accounts. The hacker has also recently listed the SQL database for the online investment platform, BnkToTheFuture.
On May 24, cybercrime monitoring website, Under the Breach, spotted the hacker’s new listings for the databases of the top hardware wallet providers. The hacker claims to be in possession of account information corresponding to nearly 41,500 Ledger users, over 27,100 Trezor users, and KeepKey’s 14,000 customers. Chat logs posted to Twitter indicate that the data was stolen through exploiting a vulnerability to the popular e-commerce website platform Shopify.
The hacker is now advertising the databases of 18 virtual currency exchanges and forums, in addition to the email lists of two crypto tax platforms. The databases include the full SQL for Korean exchange Korbit spanning 4,500 users, three databases for Mexican trading platform Bitso, and the complete account information including passwords for blockchain platforms Blockcypher, Nimirum, and Plutus. The hacker specifies he is only interested in premium bids, stating: “Don’t offer me low dollar, only big money allowed.”
Last week, BlockFi reported a data breach resulting from a Sim-swap attack. Customers’ full names, email addresses, dates of birth, and physical addresses were leaked. Client funds were not impacted. At the end of April, Etana, a custody firm that provides services to Kraken, also suffered a data breach that did not see any customer funds lost.
Plus Token Leaders Could Be Up For Criminal Prosecution in China
One of the ringleaders of Plus Token is now facing criminal charges in China. Plus Token is one of the largest apparent scams in the cryptocurrency industry’s history. According to local media, Zhou will face public prosecutors in the Court of Jianhu County, Yancheng City, Jiangsu Province.
As the local government only supplied Zhou’s family name, at press time we can’t confirm exactly which Zhou this refers to. Zhou reportedly publicized and promoted the PlusToken wallet App, a so-called cryptocurrency financial management application, through Wechat and other avenues over the internet. By registering four different accounts with SIM cards in the wallet, he allegedly lured more than 1.9 million people into the pyramid scam.
According to local authorities, the PlusToken wallet disguises itself as a cryptocurrency financial management app but allows criminals to recruit members by promising high returns based on the number of other investors they can pull in. Local police said that they received reports from the public regarding the scam as early as last year, explaining:
“In the name of providing a cryptocurrency appreciation service, the platform falsely claims that it has the function of mining cryptos, and requires members to pay certain value of cryptocurrencies such as Bitcoin, Ethereum, EOS, etc., so as to obtain high static income.”
New Ransomware Attack Method
A new study warns of a new ransomware attack method that runs a virtual machine on target computers in order to infect them with the ransomware. This may play the attack beyond the reach of the computer’s local antivirus software. According to the UK-based cybersecurity firm Sophos, the Ragnar Locker attack is quite selective when choosing its victims. Ragnar’s targets tend to be companies rather than individual users.
Ragnar Locker asks victims for large amounts of money to decrypt their files. It also threatens to release sensitive data if users do not pay the ransom. Sophos gave the example of the network of Energias de Portugal, who stole ten terabytes of sensitive data, demanding payment of 1,850 Bitcoin (BTC) in order not to filter the data. 1,850 BTC is worth roughly $11 million as of press time. The modus operandi of ransomware is to take advantage of vulnerabilities in the Windows remote desktop app, where they obtain administrator-level access to the computer. With the necessary permissions granted, attackers configure the virtual machine to interact with the files. They then proceed to boot up the virtual machine, running a stripped-down version of Windows XP called “Micro XP v0.82.”
Brett Callow, threat analyst at malware lab Emsisoft, provided more details on Ragnar Locker:
“The operators have recently been observed to launch the ransomware from within a virtual machine to avoid detection by security products. Like other ransomware groups, Ragnar Locker steals data and uses the threat of its release as additional leverage to extort payment. Should the company not pay, the stolen data is published on the group’s Tor site.”
Callow claims that the tactics deployed by ransomware groups are becoming ever more “insidious and extreme”, considering that the ransomware gangs behind Ragnar Locker now threaten to sell the data to the victim’s competitors or use it to attack their customers and business partners. The threat specialist from Emsisoft adds the following:
“Companies in this situation have no good options available to them. Even if the ransom is paid, they simply have a pinky-promise made by a bad faith actor that the stolen data will be deleted and not misused.”
Bitcoin News5 days ago
Does ISIS Have $300M In A Bitcoin ‘War Chest’?
Altcoin News5 days ago
Craig Wright Says He Did Not Transfer ‘Satoshi’ Coins, Leaving Him in Legal Catch-22
Blockchain News5 days ago
Algorand Is Going After Insurance Fraud With A New Partnership
Blockchain News5 days ago
Coinbase Will Let Their Employees Work Remotely After Lockdown
Blockchain News3 days ago
Overstock CEO Says That Immunity Passports May Be Blockchain’s Killer-App
Scam News23 hours ago
New Ransomware Attack Method
Blockchain News19 hours ago
Blockchain May Play A Huge Role In VR-Powered Social Media
Blockchain News3 days ago
New Legislation In Ukraine Will Let Crypto Firms Open Bank Accounts