The Good, the Bad and the Ugly in Cybersecurity – Week 29

The Good

Cybercriminals often enjoy the fruits of their labor, and few ever get to pay for their malicious deeds, so this week we celebrate two victories for the forces of good. 32-year old Russian national Yevgeny Nikulin, who stole 117 million user details from LinkedIn and Dropbox in 2012, lived a luxurious lifestyle in Moscow, driving his Lamborghini Huracan around the city streets. Nikulin was arrested in the Czech Republic in 2016 and extradited to the US in 2018, where his lawyers tried to avoid trial due to his mental condition. Nevertheless, after undergoing psychiatric evaluation, he was tried and has now been convicted. He is scheduled to be sentenced on September 29, although his lawyers said they would file an appeal in the interim.

U.S Attorney David L. Anderson told CBS station that the conviction was a warning to would-be-hackers, and that “Computer hacking is not just a crime, it is a direct threat to the security and privacy of Americans. American law enforcement will respond to that threat regardless of where it originates.”

The penalty for his crimes could be up to 30 years in prison plus a hefty fine.

On the same day as Nikulin’s conviction, a UK court found Lewis Howe, 27, guilty of hacking his former employer as a retaliation for being let go from the “Flying Trade Group”.

Howe was fired on October of 2018 and launched a cyber attack on November 16 where he gained unauthorised access to the domain controller, which he utilized for deleting key user accounts and knocking computers off the network. He then tried to cover his tracks by deleting the server history. The disruption lasted several days, costing an estimated £180,000 in damages. He was sentenced to 10 months prison time, suspended for 24 months, and is required to complete 240 hours of community service and 30 rehabilitation days. He is also on a 6-month long curfew between 7pm to 7am and will be electronically monitored.

On both sides of the Atlantic, it seems that cybercrime doesn’t pay!

The Bad

This week saw an unprecedented, coordinated attack against the verified Twitter accounts of multiple celebrities and big-name companies, which were then used in concert to perpetrate a large-scale Bitcoin scam.

Hackers were able to gain control of 130 Twitter accounts belonging to some of the platform’s most prominent users, including the likes of Democratic presidential candidate Joe Biden, former President Barack Obama, Elon Musk, Kim Kardashian West, Kanye West, Bill Gates and the verified Twitter accounts of corporate giants Apple and Uber. Once the accounts were under the control of the attackers, they were used to tweet one of several versions of the following scam:

The net gain for the attackers so far has been USD $117,000, or around 13 Bitcoins at the current price, collected over a period of 24 hours from 392 transactions.

After realizing they had been hacked, Twitter immediately blocked all verified accounts across the service, not just those that had sent out the scammers’ message. While it is known that Twitter’s internal tools were leveraged in the attack, it is still unclear how the hackers gained access to Twitter internal systems, other than that “a coordinated social engineering attack” targeted some Twitter employees. The investigation continues as Twitter seek both to understand what happened and to improve security. Law enforcement agencies are also conducting their own investigations.

The Ugly

The world races to find a vaccine for Covid-19, and thousands of scientists are working day and night to help the world to return to normality. But some prefer to take shortcuts and simply steal the research done by others. In a very unusual public announcement by the UK National Cyber Security Centre (NCSC), Russian intelligence services were accused of targeting vaccine research and development organizations in the US, Canada and UK.

The UK Foreign Secretary, Dominic Raab, said: “It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic. While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health. The UK will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account”.

The actors said to be responsible are the infamous cyber espionage group variously known as APT29, Cozy Bear and The Dukes. Canada’s Communications Security Establishment (CSE), responsible for Canada’s foreign signals intelligence, said that the Russian APT group “is likely to continue to target organizations involved in COVID-19 vaccine research and development”.

For their part, Kremlin spokesperson Dmitry Peskov said Thursday that Russia “has nothing to do” with the hacking attacks targeting organizations involved in coronavirus vaccine development.