18 months for supercomputer hacker, 18 years for CarderPlanet boss

Filed Under: Featured, Law & order, Phishing

Gavel on keyboard, image courtesy of ShutterstockIt's been another busy week for the cybercops and e-crime lawyers, with a gang of suspected bank swindlers rounded up in London, a conviction under RICO law in Las Vegas, and a hefty fine for an Anonymous DDoS contributer from Wisconsin.

There have also been a pair of jail terms handed out in the US, on two pretty different scales.

A 24-year-old from Pennsylvania was given 18 months on Wednesday for hacking into a number of networks and selling on-access rights.

Systems penetrated by Andrew James Miller, aka "Green", and his cohorts apparently included some at Google and American Express, a variety of corporate, government and academic networks as well as two supercomputers used for research by the US Department of Energy.

Miller was part of a hacker collective known as "Underground Intelligence Agency", who sold on-access to the backdoors they put in place, mostly for a few hundred to a few thousand dollars, but asked for $50,000 for the supercomputers.

He was caught after one of his fellow hackers turned informant, and an undercover FBI agent posed as a potential buyer of access details.

He pleaded guilty in August, avoiding a possible 15-year sentence had he contested the charges, but also picked up a fine of $25,000.

At the other end of the scale is 49-year-old Ukrainian national Roman Vega, the pioneering co-founder of cybercrime "bazaar" CarderPlanet, who also pleaded guilty but had to wait rather longer to find out his sentence.

Vega was handed a sentence of 18 years by a New York court on Thursday, having already spent more than 10 years in US prisons. He was picked up in Cyprus in 2003, and his guilty plea was entered in 2009.

In the late nineties Vega, who went by the handle "Boa" as well as other pseudonyms, set up his own cybercrime trading post Boa Factory, then went on to be a founding member and high-ranking operator of CarderForum, set up in 2001.

The crew apparently used Mario Puzo-inspired mafia terminology, under which Vega ranked as a "don".

CarderPlanet flourished for several years, accumulating over 6,000 members trading stolen card numbers and other cybercrook merchandise, inspiring later waves of carder forums such as ShadowCrew, linked to TJMaxx hacker Albert Gonzalez, and Carder.su, involved in the recent RICO case.

As well as helping run the site, Vega ran his own network of hackers stealing information to sell on through CarderForum and elsewhere, leading to him being described by the US Department of Justice as "one of the world’s most prolific cybercriminals".

A man thought to have been one of Vega's fellow founder-operators, Dmitry Golubov, was also jailed following the dissolution of the site in 2004, but was later released and went on to become a political party leader in his native Ukraine.

DNB, image courtesy of ShutterstockOutside of the US, a trio of Norwegians were found guilty of criminal damage charges after attacking the websites of a number of firms including the DNB Bank, which suffered an outage in its online services thanks to the hackers.

Their activities earned them community service sentences, making a rather stark contrast to the monstrous $183,000 fine handed out to a US man who played a small part in taking down corporate websites.

In Malaysia, a large group of suspects were rounded up in relation to cybercrimes and online scams. The haul included 36 men and 11 women, most of them apparently of Nigerian extraction.

Another Nigerian, this time resident in Manchester in the UK, was handed a sentence of almost four years by a London court for his part in a phishing campaign targeting students, with over 200 victims defrauded.

We seem to be seeing more and more arrests, indictments and sentencings related to cybercrime. This is surely a positive sign, despite highlighting what appears to be an ever-growing boom in digital malfeasance.

It looks like our lawmakers and law enforcers are slowly getting up to speed with the problem, and developing the laws, tools and skills needed to take on the bad guys.

Image of gavel on keyboard and DNB Bank courtesy of Shutterstock.

, , , , ,

You might like

7 Responses to 18 months for supercomputer hacker, 18 years for CarderPlanet boss

  1. Matt Pullen · 658 days ago

    It's crazy, no matter how secure you think your system is, there's bound to be someone right around the corner trying to figure out how to get it. Sometimes even for no reason but the fact that they can.

    • Jamie A · 658 days ago

      For some of them it isn't the financial or any other motives, it's the challenge of breaking into it. I really think they need to sort out the varying levels of charges brought to people, because 3 people bringing down a bank service for a few hours only getting community service compared to one man (part of a much larger group) getting slapped with $183k fine for 15 mins downtime of a website (which only lost the buisness $5k in that period of time) is just too stark a contrast.

      • giselle · 658 days ago

        I guess Norway needs to take these cyber crimes more seriously and hand down more appropriate (read: more severe) sentences.

  2. Rick · 658 days ago

    If you don't want to do the time, don't do the crime. Whether the hefty sentences act as a deterrent to others is a moot point - they'll certainly deter the perpetrators. What needs to be added to the sentence, however, is a fine that will cover the cost of incarceration. Why should honest hard-working people foot the bill for warm accommodation and 3 square meals per day for these criminals.

  3. Anonymous · 656 days ago

    no mention if any of the stolen money was recovered by the various hackers...seems to be missing from reports. I wonder if any of the victims get anything back or are the coppers keeping it as evidence?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.