It’s been another busy week for the cybercops and e-crime lawyers, with a gang of suspected bank swindlers rounded up in London, a conviction under RICO law in Las Vegas, and a hefty fine for an Anonymous DDoS contributer from Wisconsin.
There have also been a pair of jail terms handed out in the US, on two pretty different scales.
A 24-year-old from Pennsylvania was given 18 months on Wednesday for hacking into a number of networks and selling on-access rights.
Systems penetrated by Andrew James Miller, aka “Green”, and his cohorts apparently included some at Google and American Express, a variety of corporate, government and academic networks as well as two supercomputers used for research by the US Department of Energy.
Miller was part of a hacker collective known as “Underground Intelligence Agency”, who sold on-access to the backdoors they put in place, mostly for a few hundred to a few thousand dollars, but asked for $50,000 for the supercomputers.
He was caught after one of his fellow hackers turned informant, and an undercover FBI agent posed as a potential buyer of access details.
At the other end of the scale is 49-year-old Ukrainian national Roman Vega, the pioneering co-founder of cybercrime “bazaar” CarderPlanet, who also pleaded guilty but had to wait rather longer to find out his sentence.
Vega was handed a sentence of 18 years by a New York court on Thursday, having already spent more than 10 years in US prisons. He was picked up in Cyprus in 2003, and his guilty plea was entered in 2009.
In the late nineties Vega, who went by the handle “Boa” as well as other pseudonyms, set up his own cybercrime trading post Boa Factory, then went on to be a founding member and high-ranking operator of CarderForum, set up in 2001.
The crew apparently used Mario Puzo-inspired mafia terminology, under which Vega ranked as a “don”.
CarderPlanet flourished for several years, accumulating over 6,000 members trading stolen card numbers and other cybercrook merchandise, inspiring later waves of carder forums such as ShadowCrew, linked to TJMaxx hacker Albert Gonzalez, and Carder.su, involved in the recent RICO case.
As well as helping run the site, Vega ran his own network of hackers stealing information to sell on through CarderForum and elsewhere, leading to him being described by the US Department of Justice as “one of the world’s most prolific cybercriminals”.
A man thought to have been one of Vega’s fellow founder-operators, Dmitry Golubov, was also jailed following the dissolution of the site in 2004, but was later released and went on to become a political party leader in his native Ukraine.
Outside of the US, a trio of Norwegians were found guilty of criminal damage charges after attacking the websites of a number of firms including the DNB Bank, which suffered an outage in its online services thanks to the hackers.
Their activities earned them community service sentences, making a rather stark contrast to the monstrous $183,000 fine handed out to a US man who played a small part in taking down corporate websites.
In Malaysia, a large group of suspects were rounded up in relation to cybercrimes and online scams. The haul included 36 men and 11 women, most of them apparently of Nigerian extraction.
Another Nigerian, this time resident in Manchester in the UK, was handed a sentence of almost four years by a London court for his part in a phishing campaign targeting students, with over 200 victims defrauded.
We seem to be seeing more and more arrests, indictments and sentencings related to cybercrime. This is surely a positive sign, despite highlighting what appears to be an ever-growing boom in digital malfeasance.
It looks like our lawmakers and law enforcers are slowly getting up to speed with the problem, and developing the laws, tools and skills needed to take on the bad guys.