Friday, 29 April 2011

HACKER PLEADS GUILTY TO IDENTITY THEFT AND CREDIT CARD FRAUD RESULTING IN LOSSES OF MORE THAN $36 MILLION

WASHINGTON – Rogelio Hackett Jr., 26, of Lithonia, Ga., pleaded guilty today before U.S. District Judge Anthony J. Trenga in Alexandria, Va., to trafficking in counterfeit credit cards and aggravated identity theft, announced Assistant Attorney General Lanny A. Breuer of the Criminal Division and U.S. Attorney Neil H. MacBride for the Eastern District of Virginia.

According to court documents, U.S. Secret Service special agents executing a search warrant in 2009 at Hackett’s home found more than 675,000 stolen credit card numbers and related information in his computers and email accounts. Hackett admitted in a court filing that since at least 2002, he has been trafficking in credit card information he obtained either by hacking into business computer networks and downloading credit card databases, or purchasing the information from others using the Internet through various “carding forums.” These forums are online discussion groups used by “carders” to traffic in credit card and other personal identifying information.

Hackett also admitted that he sold credit card information, manufactured and sold counterfeit plastic cards, and used the credit card information to acquire gift cards and merchandise. According to court documents, credit card companies have identified tens of thousands of fraudulent transactions using the card numbers found in Hackett’s possession, totaling more than $36 million.

At sentencing, scheduled for July 22, 2011, Hackett will face maximum penalties of 10 years in prison and a $250,000 fine, or twice the gross gain or loss, on the access device fraud charge, and an additional mandatory two years in prison and a $250,000 fine on the identity theft charge.


The case was investigated by the U.S. Secret Service and prosecuted by Michael J. Stawasz, a Senior Counsel for the Criminal Division’s Computer Crime and Intellectual Property Section and a Special Assistant U.S. Attorney for the Eastern District of Virginia.

 http://www.cybercrime.gov/
Posted by at No comments:

Friday, 22 April 2011

FORMER SECURITY GUARD, WHO HACKED INTO HOSPITAL’S COMPUTER SYSTEM, IS SENTENCED TO 110 MONTHS IN FEDERAL PRISON

Defendant Posted Video of Himself
Compromising a Hospital’s Computer System on YouTube
 
DALLAS -- Jesse William McGraw, a former contract security guard at the North Central Medical Plaza on North Central Expressway in Dallas, who admitted hacking into that hospital’s computer systems, was sentenced late yesterday afternoon by U.S. District Judge Jane J. Boyle to 110 months on each of two counts, to be served concurrently, announced U.S. Attorney James T. Jacks of the Northern District of Texas. In reaching this sentence, Judge Boyle cited the need for those who commit computer crimes to understand the potentially devastating consequences of their actions, to promote respect for the law, and to deter others involved in or contemplating hacking. Judge Boyle ordered McGraw to make restitution to the occupants in the building affected by his criminal conduct, specifically the W.B. Carrell Memorial Clinic, the North Central Surgery Center, and the Cirrus Group.

In May 2010, McGraw, a/k/a “Ghost Exodus,” 26, of Arlington, Texas pleaded guilty without a plea agreement to an indictment charging two counts of transmitting a malicious code. He has been in custody since his arrest in June 2009.

During his 11:00 p.m. to 7:00 a.m. shift at the North Central Medical Plaza, McGraw gained physical access to more than 14 computers, including a nurses’ station computer on the fifth floor and a heating, ventilation and air conditioning (HVAC) computer located in a locked room. The nurses’ station computer was used to track a patient’s progress through the Carrell Memorial Clinic and medical staff also used it to reference patients’ personal identifiers, billing records and medical history. The HVAC computer was used to control the heating, ventilation and air conditioning for the first and second floors used by the North Central Surgery Center.

McGraw installed, or transmitted, a program to the computers that he accessed that allowed him, or anyone with his account name and password, to remotely access the computers. He also impaired the integrity of some of the computer systems by removing security features, e.g., uninstalling anti-virus programs, which made the computer systems and related network more vulnerable to attack. He also installed malicious codes (sometimes called“bots”) on most of the computers. Bots are usually associated with theft of data from the compromised computer, using the compromised computer in denial of service attacks (DDoS), and using the computer to send spam. McGraw knew his actions would damage the security and integrity of the computers and computer systems. McGraw was the self-proclaimed leader of a hacking organization called the “Electronik Tribulation Army” (ETA). He advocated compromising computers and computer systems in instructions that he posted online for members of the ETA and other individuals interested in engaging in computer frauds and participating in DDoS attacks.

In this case, McGraw admitted that he intended to use the bots and the compromised computers to launch DDoS attacks on the websites of rival hacker groups. ETA’s rival hacker groups included “Anonymous,” the hacker group currently claiming responsibility for attacks against PayPal and others in support of Wikileaks.

On Feb.12, 2009, McGraw abused the trust placed in him and bypassed the physical security to the locked room containing the HVAC computer. At approximately 11:35 p.m., he began downloading a password recovery tool from a website, which he used to re-recover passwords. By Feb. 13, 2009, at approximately 1:19 a.m., McGraw, again without authorization, physically accessed the HVAC computer and inserted a removable storage device and executed a program which allowed him to emulate a CD/DVD device. He remotely accessed the HVAC computer five times on April 13-14, 2009.

On April 28, 2009, at about 1:45 a.m., McGraw abused the trust placed in him as a security guard and accessed without authorization a nurses’ station computer. McGraw made a video and audio recording of what he called his “botnet infiltration.” While the theme of “Mission Impossible” played, McGraw described step by step his conduct, accessing without authorization an office and a computer, inserting a CD containing the OphCrack program into the computer to bypass any passwords or security, and inserting a removable storage device into the computer which he claimed contained a malicious code or program. The FBI found the CD containing the OphCrack program in McGraw’s house and found the source code for the bot on his laptop.

McGraw was aware that modifying the HVAC computer controls could affect the facility’s temperature. By affecting the environmental controls of the facility, he could have affected the treatment and recovery of patients who were vulnerable to changes in the environment. In addition, he could have affected treatment regimes, including the efficacy of all temperature-sensitive drugs and supplies.

He was also aware that the nurses’ station computer was used to access and review medical records. While he claims that he did not review or modify patient records, and the government is not aware of any evidence to the contrary, by gaining administrator access to these computers he would have had the ability to modify these records.

The case was investigated by the FBI and the Texas Attorney General’s Criminal Investigation Division. Assistant U.S. Attorney C. S. Heath prosecuted.

Posted by at No comments:

Saturday, 16 April 2011

Computer Crimes

INTERNATIONAL COMPUTER HACKER SENTENCED TO 82 MONTHS IN PRISON To pay almost $8 million in forfeiture and over $2.25 million in back income taxes
MONDAY, FEBRUARY 28, 2011


BOSTON, Mass. - A 37 year-old New Hampshire man was sentenced today in federal court for his role in an international computer hacking conspiracy and his failure to file income tax returns while living in Massachusetts.

ASU PALA was sentenced today by U.S. District Judge Nathaniel M. Gorton to 82 months in federal prison to be followed by two years of supervised release and a $12,500 fine. Judge Gorton also sentenced PALA to forfeit $7,941,336 and to repay the IRS $2,287,993 in back taxes. During sentencing, the Judge imposed a number of special conditions to include counseling for substance abuse, anger management, gambling, credit debt and other financial management problems which PALA must complete upon release from prison.

In April 2010, PALA pleaded guilty to one count of conspiracy to commit computer fraud and five counts of failure to file a United States income tax return. Had the case proceeded to trial, evidence would have proved that from 2003 through 2007, PALA and his coconspirators

infected German citizens’ computers with a program that would force the computers’ telephone modems to surreptitiously dial premium telephone numbers rented from German telephone companies by PALA’s co-conspirators. The premium telephone lines operated like 1-900 numbers such as those used for directory assistance or astrological predictions: the telephone companies charged callers for added expenses on top of standard connection fees and sent a portion of the added expenses to those who rented the premium lines, in this case PALA’s co-conspirators. The victims were generally unaware that their computers' telephone modems were calling these numbers and charging them these expenses. Victims paid the added charges if they did not notice them on their telephone bills. The telephone companies then sent the added charges to the premium telephone line renters, who divided the proceeds among the co-conspirators, including PALA. PALA participated in the conspiracy by employing computer programmers to write and edit the computer hacking software and by sending the hacks to co-conspirators.

Although PALA participated in the scheme while based in Massachusetts and elsewhere in New England, he did not target United States’ computers or computer users. Instead, PALA focused solely on computers and computer users in Germany and possibly other European countries, in order, he thought, to avoid prosecution in the United States. United States Attorney Carmen M. Ortiz, Richard DesLauriers, Special Agent in Charge of the Federal Bureau of Investigation, Boston Field Division, and William P. Offord, Special Agent in Charge of the Internal Revenue Service, Criminal Investigation, Boston Field Division, made the announcement today. The case was prosecuted by Assistant U.S. Attorney Scott L.

Garland of Ortiz’s Computer Crime Unit.
Posted by at No comments:
Posted by at 1 comment:
Subscribe to: Posts (Atom)