Forensic Update

Reflections on information management within the legal and regulatory arena

Today’s #GoodGuysPrevail Update…

Posted by Johnny Lee on November 9, 2021

This one is a sequel to the wonderful news reported last week (whereby the Russian-based #REvil gang was forced offline) … there have now been arrests related to same!

Last week’s reporting, about a multi-national #lawenforcement operation taking REvil offline, can now be updated to include the arrests of two individuals. This brings the number of Sodinokibi / REvil / GandCrab arrests (all variations of the same odious theme) to seven individuals since February 2021.

These individuals are believed to be responsible for over 7,000 deployments of this complex and devastating ransomware, resulting in hundreds of millions of dollars in extortion revenue. To call this a multi-national effort is to understate things quite a bit; the countries involved in the take-down and related arrests include: Australia, Belgium, Canada, France, Germany, the Netherlands, Luxembourg, Norway, Philippines, Poland, Romania, South Korea, Sweden, Switzerland, Kuwait, the United Kingdom, and the United States.

These efforts, in combination with new initiatives from the international law-enforcement community are most welcome developments. A great example of the changing nature of this ransomware game can be found in the U.S. Department of State‘s recent announcement of a $10M “bounty” for information leading to the arrest of those involved with the #Darkside#ransomware activities (q.v., https://lnkd.in/dkxAXXAH)

cybersecurity #hacking #cyberdefense #cyberwarfare #digitalforensics #dfir #databreach #karma #justice #cyber

Posted in eDiscovery | Tagged: , , , , | Comments Off on Today’s #GoodGuysPrevail Update…

Today’s #GoodGuysPrevail Update…

Posted by Johnny Lee on October 25, 2021

As a devotee of #cryptocurrency and its enabling technology (#blockchain), I’m frustrated by the bad actors in this space that give the impression that this technology is unsafe and/or unstable. Accordingly, I welcome news like today’s, wherein two #fraudsters were convicted of defrauding around 13,000 individual investors in a rather traditional fraud scheme — albeit in a cryptocurrency arena.

Kudos to the U.S. Department of Justice and the investigative team at the Internal Revenue Service for securing these convictions, each of which follows closely on the heels of a civil settlement with the U.S. Securities and Exchange Commission. The SEC’s civil settlement secured over $8M USD in penalties and fines, and both men now face up to five years in federal prison from their guilty pleas in the criminal proceeding.

#digitalcurrency #assettracing #digitalforensics #investigations #cryptoassets #cryptonews #forensics #forensicinvestigation

Posted in eDiscovery | Tagged: , , , , | Comments Off on Today’s #GoodGuysPrevail Update…

Today’s #GoodGuysPrevail Update…

Posted by Johnny Lee on September 20, 2021

This is a big one…likely the largest #cryptocurrency #fraud scheme ever criminally charged. Earlier this week, the U.S. Department of Justice secured the conviction of one of the architects of the #BitConnect “platform”, a #ponzischeme that defrauded thousands of worldwide investors of over $2 billion USD.

Kudos to the multi-jurisdictional #investigative effort that involved the Federal Bureau of Investigation (FBI), the Internal Revenue Service, and #lawenforcement partners in India, Slovenia, and several other jurisdictions around the world.

0

In related news, the U.S. Securities and Exchange Commission announced a parallel action against this same actor (and three of his co-conspirators), including civil charges connected with the same conduct.

#digitalcurrency #blockchain #securitieslaw #digitalforensics #cryptocurrencies

Posted in eDiscovery | Comments Off on Today’s #GoodGuysPrevail Update…

Today’s #GoodGuysPrevail Update…

Posted by Johnny Lee on August 25, 2021

U.S. #lawenforcement logs yet another #cybercrime victory. Yevgeny Nikulin, the 32-year-old Russian national who stole user information from over 117 million LinkedIn and Dropbox accounts in 2012, was convicted recently. He faces sentencing in late September, which could be up to 30 years in prison, in addition to any fines imposed for his thievery.

Like so many before him, Nikulin was arrested while vacationing outside of his native Russia (in the Czech Republic in 2016) and extradited to the U.S. Despite procedural delays in his trial (and cries of injustice from the Russian Foreign Ministry), U.S. Department of Justice prosecutors have now secured a conviction for Nikulin’s crimes, albeit many years after the fact.

#cybersecurity #justice #AisA #law #ruleoflaw #privacy

Posted in eDiscovery | Comments Off on Today’s #GoodGuysPrevail Update…

Today’s #GoodGuysPrevail Update…

Posted by Johnny Lee on July 12, 2021

Yet another international #lawenforcement operation has netted seizures of a #cybercrime organization’s assets based in Russia. The threat actors in question here ran the #DoubleVPN service, a Russian-based service that double, triple, and even quadruple-encrypts data sent through its infrastructure. This service was used by malicious actors to obfuscate geolocations and originating IP addresses when performing cyber attacks.

As always, these kinds of inquiries represent exhaustive forensics and diligent investigative efforts. The key players involved in the takedown are the Politie Nederland (Dutch National Police), supported by Europol. Kudos to all involved in this initiative!


#crimeandjustice #cybersecurity #police #infosec #informationsecurity #security #databreaches

Posted in eDiscovery | Tagged: , , , | Comments Off on Today’s #GoodGuysPrevail Update…

Today’s #GoodGuysPrevail Update…

Posted by Johnny Lee on July 7, 2021

Today’s #GoodGuysPrevail Update: A long-running #lawenforcement campaign to identify, capture, and convict members of the criminal #hacking group #FIN7 has netted its latest victory. More specifically, the U.S. Department of Justice secured a 7-year prison sentence for a Ukrainian national who managed teams of attackers victimizing tens of thousands of organizations worldwide.

This criminal gang, formerly known as #Carbanak, has seen a number of its key players captured and sentenced in recent years, including a 10-year sentence for one systems administrator. These sorts of coordinated, international law-enforcement efforts are complex endeavors, requiring tireless work and meticulous forensic analysis. Kudos to all involved in securing these convictions and sentences!

#crimeandjustice #cybersecurity #justice #AisA #crime #BEC #phishing #malware #infosec

Posted in eDiscovery | Comments Off on Today’s #GoodGuysPrevail Update…

Today’s #GoodGuysPrevail Update…

Posted by Johnny Lee on June 11, 2021

This one was easy, given the recent news dominating the #cyber / #ransomware headlines throughout May. Yesterday, the U.S. Department of Justice seized ~64 #bitcoin (~ $2.3M USD) from the criminal gang #Darkside.

The seized funds will begin to offset some of the #extortion taken from #Darkside victims. Kudos to the multi-agency #lawenforcement collaboration, including the Federal Bureau of Investigation (FBI), the Special Prosecutions Section & Asset Forfeiture Unit of the United States Attorneys’​ Offices (Northern District of California), and the National Security Division’s Counterintelligence & Export Control Section.

#AisA #justice #nationalsecurity #ruleoflaw

Posted in eDiscovery | Comments Off on Today’s #GoodGuysPrevail Update…

Today’s #GoodGuysPrevail Update…

Posted by Johnny Lee on May 9, 2021

I know those ensconced in the (seemingly relentless) battle against #ransomware can get discouraged. That said, there is positive news from this arena…admittedly, you have to search a bit harder for it, but it 𝙞𝙨 there!

Over this past weekend, a coordinated and international #lawenforcement effort launched an innovative gambit into devices infected by the #Emotet ransomware. The gambit was designed to kill the persistence mechanism that enables this malware to run on infected machines.

This outreach marks the culmination of a larger operation that was launched earlier in the year (and that included taking over the control of the infrastructure for this powerful #botnet). Kudos to all involved…this is definitely a win…and it’s most welcome news!

#cybersecurity #cyber #security #cyberattack #informationsecurity #extortion #politicsandlaw #infosec #cybercrime #cyberdefense

https://www.cyberscoop.com/law-enforcement-emotet-botnet-ransomware/

Posted in eDiscovery | Comments Off on Today’s #GoodGuysPrevail Update…

Today’s #GoodGuysPrevail Update…

Posted by Johnny Lee on April 13, 2021

A Cypriot criminal — the first Cypriot national ever extradited from Cyprus to the United States — was convicted and sentenced to federal prison recently for extorting website operators with stolen personal information.

This convicted felon was a teenager when he began his #extortion / #ransom campaign, and he paid nearly $600,000 USD in restitution to his victims (as a condition of his guilty plea). Kudos to yet another coordinated international #lawenforcement effort, involving the Federal Bureau of Investigation (FBI), the Cyprus Police, and United States Attorneys’​ Offices for the District of Arizona.

#crimeandjustice #justice #hacking #crime #ransomware #digitalforensics #investigations #cybercrime #fraud #fraudinvestigations

Posted in eDiscovery | Tagged: , , , , , , | Comments Off on Today’s #GoodGuysPrevail Update…

Today’s #GoodGuysPrevail Update…

Posted by Johnny Lee on April 8, 2021

In yet another 2021 law-enforcement victory against dark web criminals, The U.S. Department of Justice secured a conviction in one of the most significant take-downs in #DarkWeb history. The DoJ obtained a guilty plea from an Israeli citizen (currently residing in Brazil) who is the admitted co-owner and co-operator of the #DeepDotWeb website.

For the uninitiated, this site was likely the most popular destination for #darkweb market news, links, and more. The site made money via referral fees, as it essentially indexed (largely un-indexed) websites and shunted users to dark-web resources. These resources included vendors peddling malicious software, pharmaceuticals and illicit drugs, automatic weapons. If you think “Google for un-indexed criminal dark-websites”, you’ve nearly got it.

As the DoJ conviction reveals, the #DeepDotWeb site accepted #cryptocurrency and laundered funds through crypto-anonymization services and shell-corporation bank accounts.

#cybersecurity #crimeandjustice #ruleoflaw #digitalforensics #dfir #forensics #investigations

Posted in eDiscovery | Comments Off on Today’s #GoodGuysPrevail Update…

 
%d bloggers like this: