Technology · December 30, 2022

Meet the cybercriminals of 2022

Arrested, seized, doxed and detained. These are just some of the ways police and prosecutors around the world took down the biggest cyber-crime operations of the year, even if it meant resorting to new and unconventional eyebrow-raising methods. From stashing billions of bitcoin under the floorboards to teenage hackers gatecrashing Fortune 500 networks, this year saw some of the most jaw-dropping breaches — and the highest-profile apprehensions.

As we close out 2022, we look back at the cybercriminals we lost this year… to the law.

Sanctions and seizures hit the crypto scene

U.S. officials scored some major wins against crypto-laundering in 2022. At the beginning of the year, the Justice Department said it had seized more than $3.6 billion worth of bitcoins allegedly stolen in the 2016 hack of crypto exchange Bitfinex, and that toptechtrends.com/2022/02/08/married-tech-entrepreneurs-arrested-charged-with-laundering-funds-from-bitfinex-crypto-hack/”>it had arrested a married couple suspected of laundering the money.

The couple — Ilya Lichtenstein, 34, and Heather Morgan, 31 — face up to 25 years in prison if convicted on charges of conspiring to launder money and defrauding the U.S. government.

Later in the year, the Office of Foreign Asset Control (OFAC), a watchdog within the U.S. Treasury tasked with enforcing sanctions violations, toptechtrends.com/2022/08/08/treasury-tornado-cash-laundering-stolen-crypto/”>announced that it had sanctioned decentralized cryptocurrency mixing service Tornado Cash for its role in enabling billions of dollars’ worth of cryptocurrency to be laundered through its platform.

Tornado Cash, along with other mixers such as AlphaBay, allows customers to conceal the source of their crypto funds when participating in a transaction in exchange for a fee. It blends toptechtrends.com/2022/06/30/north-korea-lazarus-harmony-theft/”>potentially identifiable or tainted cryptocurrency funds with others to obfuscate the source and destination of crypto assets. More than $1.5 billion in proceeds of crime, like ransomware and fraud, has been laundered through Tornado Cash to date, experts estimate.

U.S. doxes alleged Conti ransomware member

In August, the U.S government toptechtrends.com/2022/08/12/state-conti-ransomware-intelligence/”>shared an image of a suspected Conti ransomware operator known as “Target,” the first time it has outed a major ransomware actor. The program also offered up to $10 million for information leading to the identification and location of Target, along with four other alleged Conti members known as “Tramp,” “Dandis,” “Professor” and “Reshaev.”

The State Department said Conti has carried out more than 1,000 ransomware operations targeting U.S. and international critical infrastructure. Most recently, toptechtrends.com/2022/05/20/costa-rica-ransomware-attack/”>the gang infiltrated 27 government institutions in Costa Rica and demanded a $20 million ransom.

toptechtrends.com/wp-content/uploads/2022/12/conti-dox.jpg” alt=”” width=”800″ height=”469″ srcset=”https://toptechtrends.com/wp-content/uploads/2022/12/conti-dox.jpg 1800w, https://toptechtrends.com/wp-content/uploads/2022/12/conti-dox.jpg?resize=150,88 150w, https://toptechtrends.com/wp-content/uploads/2022/12/conti-dox.jpg?resize=300,176 300w, https://toptechtrends.com/wp-content/uploads/2022/12/conti-dox.jpg?resize=768,450 768w, https://toptechtrends.com/wp-content/uploads/2022/12/conti-dox.jpg?resize=680,399 680w, https://toptechtrends.com/wp-content/uploads/2022/12/conti-dox.jpg?resize=1536,900 1536w, https://toptechtrends.com/wp-content/uploads/2022/12/conti-dox.jpg?resize=1200,703 1200w, https://toptechtrends.com/wp-content/uploads/2022/12/conti-dox.jpg?resize=50,29 50w” sizes=”(max-width: 800px) 100vw, 800px”>

Image Credits: State Department (handout)

Another gang dealt a devastating hit in 2022 was Netwalker, a ransomware gang that has been linked to numerous high-profile incidents including an attack on the University of California San Francisco, which paid a ransom demand of more than $1 million, and an attack targeting toptechtrends.com/2020/09/03/cygilant-ransomware/”>cyberthreat startup Cygilant. Between August 2019 and January 2021, ransomware attacks involving NetWalker pulled $46 million in ransom payments, according to cryptocurrency analysis firm Chainalysis.

In October, Sebastien Vachon-Desjardins, a 34-year-old from Quebec, was toptechtrends.com/2022/10/05/netwalker-affiliate-sentenced/”>sentenced in a Florida court in October after pleading guilty to charges related to his involvement with NetWalker. Vachon-Desjardins, who worked as an IT consultant for Public Works and Government Services in Canada, was previously arrested by Canadian police in January 2021 and sentenced to seven years in prison. During a search of his home, law enforcement officials discovered and seized 719 bitcoin and $790,000 in Canadian currency.

James Zhong, the hacker who stole billions of Silk Road’s bitcoin

In a surprising yet anticlimactic conclusion to one of the government’s longest running cyber cases, the mystery of the notorious dark web drugs marketplace Silk Road’s missing billions was solved. In November, U.S. federal agents said it toptechtrends.com/2022/11/07/us-doj-announces-seizure-of-3-36b-in-cryptocurrency/”>found $3.36 billion worth of bitcoin that had been stashed in a popcorn can under the bathroom closet floorboards in the home of the hacker nearly a decade earlier. Prosecutors brought charges against the hacker, a Georgia resident named James Zhong, whose plea agreement with the feds saw him forfeit the huge cache of cryptocurrency, along with $600,000 in cash and other precious metals.

Somewhat confusingly, Zhong is the second hacker to have ultimately turned over Silk Road’s stolen billions — albeit at a lower exchange rate than today. In 2020, a hacker who went by the alias toptechtrends.com/2020/11/05/justice-department-silk-road-billion-bitcoin/”>Individual X forfeited another huge cache of Silk Road’s bitcoin that they had stolen years earlier during a hacking spree over 2012 and 2013. The Justice Department’s latest forfeiture closed the door on another billion-dollar mystery, even if the feds kept secret how the funds were stolen or how they came to find the hacker, long after Silk Road’s founder Ross Ulbricht was jailed.

toptechtrends.com/wp-content/uploads/2022/12/zhong-bitcoin-doj-2.jpeg” alt=”” width=”900″ height=”671″ srcset=”https://toptechtrends.com/wp-content/uploads/2022/12/zhong-bitcoin-doj-2.jpeg 1500w, https://toptechtrends.com/wp-content/uploads/2022/12/zhong-bitcoin-doj-2.jpeg?resize=150,112 150w, https://toptechtrends.com/wp-content/uploads/2022/12/zhong-bitcoin-doj-2.jpeg?resize=300,224 300w, https://toptechtrends.com/wp-content/uploads/2022/12/zhong-bitcoin-doj-2.jpeg?resize=768,573 768w, https://toptechtrends.com/wp-content/uploads/2022/12/zhong-bitcoin-doj-2.jpeg?resize=680,507 680w, https://toptechtrends.com/wp-content/uploads/2022/12/zhong-bitcoin-doj-2.jpeg?resize=1200,895 1200w, https://toptechtrends.com/wp-content/uploads/2022/12/zhong-bitcoin-doj-2.jpeg?resize=50,37 50w” sizes=”(max-width: 900px) 100vw, 900px”>

The partial contents of the popcorn can, containing memory cards with billions of cryptocurrency and other precious metals. Image Credits: Justice Dept. (handout)

Raccoon Stealer operator charged over mass password theft

U.S. officials in October toptechtrends.com/2022/10/26/doj-raccoon-malware/”>charged a Ukrainian national over his alleged role in the Raccoon Infostealer malware-as-a-service operation that infected millions of computers worldwide. Mark Sokolovsky, who goes by the online handle “raccoonstealer,” is accused of having a major role as a key administrator of the malware, which prosecutors says was used to steal more than 50 million unique credentials and forms of identification from victims around the world since February 2019.

Sokolovsky is charged with computer fraud, wire fraud, money laundering and identity theft and faces up to 20 years in prison if found guilty. Sokolovsky is in Amsterdam awaiting extradition to the United States.

Sokolvsky’s arrest led to an uptick in new Mars Stealer campaigns, including the mass-targeting of Ukraine in the weeks following Russia’s invasion, and a large-scale effort to infect victims by malicious ads. However, in November, a security research and hacking startup told TechCrunch that toptechtrends.com/2022/11/22/mars-stealers-flaw-lock-out/”>it had found a coding flaw that allows it to lock out operators of the Mars Stealer malware from their own servers and release their victims.

​​Seller of WhatsApp-hacking tech pleads guilty

Signal jammers, Wi-Fi interception tools, and WhatsApp hacking tools. These are some of the things that one Mexican businessman toptechtrends.com/2022/02/16/spyware-dealer-whatsapp-hack-guilty/”>admitted in federal court to selling for both commercial and personal reasons. The Justice Department accused Carlos Guerrero of, among other things, arranging the sale of hacking tools to Mexican politicians, and using other equipment he sold to intercept the phone calls of a U.S. rival. It goes to show that it’s not toptechtrends.com/2022/04/05/nso-pegasus-jordan-apple/”>just nation states and governments with powerful phone spying technology at their disposal.

Lapsus$ rounded up once, twice

The Lapsus$ gang rose to notoriety in 2022. The data extortion group, which first emerged a year earlier, quickly claimed a number of high-profile victims, including toptechtrends.com/2022/03/28/lapsus-passwords-okta-breach/”>Okta, toptechtrends.com/2022/03/23/microsoft-lapsus-hack-source-code/”>Microsoft, toptechtrends.com/2022/03/04/nvidia-ransomware-hackers-demands/”>Nvidia and toptechtrends.com/2022/03/07/samsung-breach-source-code/”>Samsung.

While the gang once seemed invincible, a number of its members toptechtrends.com/2022/03/24/london-police-lapsus-arrests/”>were arrested in March this year. In a statement given to TechCrunch at the time, City of London Police confirmed that seven people between the ages of 16 and 21 had been arrested in connection with Lapsus$.

News of the arrests came just hours after a Bloomberg report revealed a teenager based in Oxfordshire, U.K. is suspected of being the mastermind of the Lapsus$ group. Researchers investigating the gang’s recent hacks said they believed the 16-year-old, who uses the online moniker “White” or “Breachbase,” was a leading figure in Lapsus$, and Bloomberg was able to track down the suspected hacker after his personal information was published online by rival hackers. Weeks later, U.K. police said they had charged two of the teenagers with multiple cyber offenses.

SSNDOB, a marketplace for stolen Social Security numbers, is no more

U.S. officials in June toptechtrends.com/2022/06/08/fbi-ssndob-millions-social-security-marketplace/”>announced the takedown of SSNDOB, a notorious marketplace used for trading the personal information — including Social Security numbers, or SSNs — of millions of Americans.

The landmark operation was carried out by the FBI, IRS and the DOJ, with help from the Cyprus Police, and saw authorities seize four domains hosting the SSNDOB marketplace.

SSNDOB listed the personal information for approximately 24 million individuals in the United States, including names, dates of birth, SSNs and credit card numbers and generated more than $19 million in revenue, according to prosecutors. Chainalysis reported separately that the marketplace has received nearly $22 million worth of bitcoin across over 100,000 transactions since April 2015, though the marketplace is believed to have been active toptechtrends.com/2013/03/18/security-expert-brian-krebs-faced-a-real-life-swating-after-posting-about-russian-cybercrime-site/”>for several years prior to its eventual seizure.

toptechtrends.com/wp-content/uploads/2022/12/ssndob-seized-domains.jpg” alt=”” width=”1024″ height=”672″ srcset=”https://toptechtrends.com/wp-content/uploads/2022/12/ssndob-seized-domains.jpg 1800w, https://toptechtrends.com/wp-content/uploads/2022/12/ssndob-seized-domains.jpg?resize=150,99 150w, https://toptechtrends.com/wp-content/uploads/2022/12/ssndob-seized-domains.jpg?resize=300,197 300w, https://toptechtrends.com/wp-content/uploads/2022/12/ssndob-seized-domains.jpg?resize=768,504 768w, https://toptechtrends.com/wp-content/uploads/2022/12/ssndob-seized-domains.jpg?resize=680,447 680w, https://toptechtrends.com/wp-content/uploads/2022/12/ssndob-seized-domains.jpg?resize=1536,1009 1536w, https://toptechtrends.com/wp-content/uploads/2022/12/ssndob-seized-domains.jpg?resize=1200,788 1200w, https://toptechtrends.com/wp-content/uploads/2022/12/ssndob-seized-domains.jpg?resize=50,33 50w” sizes=”(max-width: 1024px) 100vw, 1024px”>

The FBI’s seizure notice on SSNDOB, shortly after the site was taken down by federal authorities. Image Credits: TechCrunch (screenshot)

Ex-Amazon engineer convicted of Capital One data heist

Also in June, Paige Thompson, a former engineer in Amazon’s cloud division, was toptechtrends.com/2022/06/21/amazon-paige-thompson-capitalone-breach/”>convicted of a breach that compromised the personal and financial information of 100 million CapitalOne customers in 2019. The breach was one of toptechtrends.com/2019/07/29/capital-one-hacked-over-100-million-customers-affected/”>the biggest bank heists in U.S. history, which included the theft of credit scores, limits and balances, and also affected a million Canadians. Thompson was accused of using her knowledge as an Amazon software engineer to breach CapitalOne’s online cloud storage, hosted on Amazon’s servers, and compromising the cloud storage of toptechtrends.com/2019/07/31/capital-one-breach-vodafone-ford-researchers/”>several other companies, including Vodafone, Ford, and Ohio’s state motor vehicle agency. Prosecutors said the former Amazon engineer was “one bad day away from sharing the data she stole.” As such, Thompson was sentenced to time served, allowing her to avoid prison.

A major REvil operator was extradited to the United States

With a $10 million bounty on their heads after toptechtrends.com/2021/07/05/kaseya-hack-flood-ransomware/”>a brazen ransomware attack on Kaseya that spread to hundreds of its downstream customers, it was only a matter of time before the REvil ransomware group’s luck would run out. That’s what happened with Yaroslav Vasinskyi, a 22-year-old Ukrainian national, who was toptechtrends.com/2022/03/10/revil-hacker-kaseya-arrested/”>arrested in Poland in October and later arraigned and extradited to Dallas, Texas to face accusations of computer hacking and fraud by way of his alleged involvement with REvil. Vasinskyi is one of two other alleged REvil members charged by U.S. prosecutors in relation to the attack on Kaseya. It was only after the FBI recovered the decryption key that victims were able to gain access back to their encrypted files.

U.K. arrest teenagers linked to Uber and GTA hacks

In September, police in London confirmed that a 17-year-old teenager suspected of involvement in high-profile breaches at toptechtrends.com/2022/09/16/uber-internal-network-hack/”>ride-hailing giant Uber and toptechtrends.com/2022/09/19/rockstar-games-confirms-gta-6-footage-leak/”>Rockstar Games had been charged with multiple counts of computer misuse and breaches of bail.

These hacks were two of the most high-profile of 2022. Uber, which said it believed a hacker affiliated with Lapsus$ was responsible for the attack, was toptechtrends.com/2022/09/19/how-to-fix-another-uber-breach/”>forced to take several of its internal tools offline while it expelled the hacker from its network. Shortly before Uber’s Slack system was taken offline, Uber employees received a message that read, “I announce I am a hacker and Uber has suffered a data breach.” The hacker also reportedly said that Uber drivers should receive higher pay.

In the case of Rockstar Games, the attacker — who also goes by the alias “TeaPot” — claimed to have gained access to Rockstar Games’ internal messages on Slack and early code for an unannounced Grand Theft Auto sequel by gaining access to an employee’s login credentials.

toptechtrends.com/2022/12/27/badly-handled-data-breaches-2022/”>It’s all in the (lack of) details: 2022’s badly handled data breaches

toptechtrends.com/2022/12/30/meet-the-cybercriminals-2022/”>Meet the cybercriminals of 2022 by toptechtrends.com/author/zack-whittaker/”>Zack Whittaker originally published on toptechtrends.com/”>TechCrunch

About The Author