Cryptocurrency Fraudster Sentenced

Even in the world of virtual currency, where value and possession exist largely in the digital realm, laws still apply and the repercussion of breaking them are very real.

The victims of Homero Joshua Garza’s virtual currency scam lost more than $9 million, and Garza will spend 21 months in prison followed by three years of supervised release after pleading guilty to one count of wire fraud. He has also been ordered to pay restitution to his victims.

In charging documents, prosecutors contend Garza founded and operated several Connecticut-based businesses (GAW Miners, ZenMiner, and ZenCloud) between 2014 and 2015 that sold bitcoin-mining hardware, offered shares in a virtual currency mining operation, and created and sold a virtual currency called PayCoin. None of these businesses would have been illegal if conducted properly, but through a series of misleading and false statements about his companies’ capabilities, partnerships, and financial backing, Garza fraudulently drew investors to his enterprises and eventually resorted to Ponzi-scheme tactics to delay detection of his fraud.

“Garza got into this market at the right time,” said Special Agent Mark Munster, who investigated this case from the FBI’s New Haven Field Office. “The interest and enthusiasm for these currencies was high, and he was able to market himself and the business very effectively. The problem was that much of what Garza was marketing was a lie.”

The first iteration of Garza’s companies sold the computer equipment virtual currency enthusiasts use to mine, or solve the complex equations required to attain a bitcoin or other virtual currency. Munster said Garza’s business started as a legitimate operation with a clever hook—he wanted to make it easier for people who didn’t have a technical background to access cryptocurrencies.

The initial currency-mining equipment business turned into one that offered to purchase a currency miner on the customer’s behalf and set it up at the GAW Miners data center. The customer could then direct the miner’s activities and reap its profits. Garza then moved into selling shares, or “hashlets,” that represented a percentage of the profits being made by his company’s purportedly robust bitcoin mining efforts. These hashlets, Garza assured investors, would always be profitable.

Mining bitcoins at the volume needed to generate the type of value Garza was promising requires a staggering amount of computing power. These powerful computers are expensive, as is the electricity required to run them. “There were data centers,” said Munster, “but not nearly the capacity that they were representing.” Without the actual infrastructure to support the shares he was selling, returns fell far short of what was promised to investors, and Garza began using new investments in the company to pay returns to others.

Read More

Study Details Link Between Social Media and Sex Trafficking

Social media is increasingly being exploited to contact, recruit and sell children for sex, according to a study by The University of Toledo Human Trafficking and Social Justice Institute.

The study, which was requested by the Ohio Attorney General’s Human Trafficking Commission, reveals how traffickers quickly target and connect with vulnerable children on the Internet through social media.

“It is vitally important to educate parents, professionals and youth – especially our middle school or teenage daughters who may be insecure – about the dangers of online predatory practices used by master manipulators,” said Dr. Celia Williamson, UT professor of social work and director of the UT Human Trafficking and Social Justice Institute. “Through this outreach and education, we can help save children from becoming victims of modern-day slavery.”

“We know predators are using the internet to find their victims, and this eye-opening study highlights what a predator looks for in a victim and helps parents recognize the signs that their child may be a target,” Ohio Attorney General Mike DeWine said. “Using real-life examples, this study provides valuable information that parents can use to start open and honest conversations with their children about staying safe online.”

Through a series of 16 in-depth interviews by the institute’s staff and student interns with knowledgeable members of Ohio law enforcement, judges, direct service providers, advocates and researchers who engaged with victims who were trafficked online, the study outlines how traffickers connect to vulnerable youth online, groom the children to form quicker relationships, avoid detection, and move the connections from online to in-person.

“The transition from messaging to meeting a trafficker in person is becoming less prevalent,” Williamson said. “As technology is playing a larger role in trafficking, this allows some traffickers to be able to exploit youth without meeting face-to-face. Social media helps to mask traditional cues that alert individuals to a potentially dangerous person.”

Williamson cites a 2018 report that says while 58 percent of victims eventually meet their traffickers face to face, 42 percent who initially met their trafficker online never met their trafficker in person and were still trafficked.

The experts, whose identities are not being released, said the traffickers educate themselves by studying what the victim posts on commonly used view-and-comment sites such as Facebook, Instagram or SnapChat, as well as dating apps such as Tinder, Blendr and Yellow, or webcam sites like Chatroulette and Monkey, in order to build trust.

“These guys, they learn about the girls and pretend to understand them, and so these girls, who are feeling not understood and not loved and not beautiful … these guys are very good at sort of pretending that they are all of these things and they really understand them and, ‘I know how you feel, you are beautiful,’ and just filling the hole that these girls are feeling,” said a professional contributing to the study.

Read More

Members of APT 10 Group Targeted Intellectual Property and Confidential Information

Two Chinese men have been charged in a massive, years-long hacking campaign that stole personal and proprietary information from companies around the world, the FBI and the Justice Department announced at a press conference today in Washington, D.C.

The men, Zhu Hua and Zhang Shilong, are part of a group known as Advanced Persistent Threat 10, or APT 10, a hacking group associated with the Chinese government. A New York grand jury indicted the pair for conspiracy to commit computer intrusion, conspiracy to commit wire fraud, and aggravated identity theft. The indictment was unsealed today.

According to the indictment, from around 2006 to 2018, APT 10 conducted extensive hacking campaigns, stealing information from more than 45 victim organizations, including American companies. Hundreds of gigabytes of sensitive data were secretly taken from companies in a diverse range of industries, such as health care, biotechnology, finance, manufacturing, and oil and gas.

FBI Director Christopher Wray described the list of companies, not named in the indictment, as a “Who’s Who” of the global economy. Even government agencies like NASA and the Department of Energy were among the victims. The hack is part of China’s ongoing efforts to steal intellectual property from other countries.

“Healthy competition is good for the global economy. Criminal conduct is not. Rampant theft is not. Cheating is not,” Wray said at the press conference.

APT 10 used “spear phishing” techniques to introduce malware onto targeted computers. The hackers sent emails that appeared to be from legitimate addresses but contained attachments that installed a program to secretly record all keystrokes on the machine, including user names and passwords. The group also targeted managed service providers (MSPs), companies that remotely manage their clients’ servers and networks. MSP hacks allowed APT 10 members to indirectly gain access to confidential data of numerous companies who were the clients of the MSPs.

Read More

9 Defendants Charged in Chicago in International Investigation Targeting

CHICAGO — Seven Chicago-area residents are among nine individuals arrested in the United States and Nigeria as part of an international investigation into online “romance scams” and “mystery shopper” schemes.

During the Chicago-based investigation, dubbed “Operation Gold Phish,” law enforcement identified a variety of cyber-enabled fraud schemes allegedly carried out by conspirators in the U.S. and Nigeria.

One of the alleged schemes involved “romance scams,” in which a conspirator builds trust with a victim through a purported online romance before convincing the victim to send money to a predetermined recipient.

The conspirators initially contacted victims online via applications and websites, including Match.com, Facebook, and Instagram, the complaint states.

Another alleged cyber-enabled fraud involved a “mystery shopper” scheme, in which conspirators fraudulently offered victims opportunities to work as a mystery shopper and receive commissions for evaluating retailers.

The victim received a check through the U.S. mail with instructions to deposit it in a personal bank account, withdraw the money in cash, and wire it to a third party.

The check turned out to be fake, and the victims were defrauded of the wired money, the charges allege.

A criminal complaint filed Dec. 4, 2018, in U.S. District Court in Chicago charged nine defendants with conspiracy to commit wire fraud.

Arrests were recently carried out in Illinois, Texas, and Nigeria, and all of the defendants are now in law enforcement custody.

The Nigerian Economic and Financial Crimes Commission is conducting a related investigation of other individuals in Nigeria.

The U.S. charges were announced by John R. Lausch, Jr., United States Attorney for the Northern District of Illinois; Jeffrey S. Sallet, Special Agent-in-Charge of the Chicago office of the Federal Bureau of Investigation; and Craig Goldberg, Inspector-in-Charge of the U.S. Postal Inspection Service in Chicago.

Valuable assistance was provided by the Nigerian Economic and Financial Crimes Commission. Assistant U.S. Attorneys Peter S. Salib and Charles W. Mulaney represent the government.

Read More

Cyberstalking

Children and young adults seem particularly susceptible to sextortion—when a victim is threatened with the release of private and sensitive information unless sexual favors, nude photos, or other demands are met.

But two unrelated cyberstalking crimes committed months apart and hundreds of miles away from each other serve as a reminder of the dangers of compromising personal photos being in the wrong hands, no matter the age of the victim.

In Houston, Heriberto Latigo repeatedly used nude photos of his ex-girlfriend to coerce her to have sex with him. In Crescent, Oklahoma, Troy Allen Martin similarly blackmailed his victim for $50,000.

Both men were eventually convicted and sentenced to prison for their crimes under federal cyberstalking statutes. The harm they caused their victims, however, may never be undone. Such crimes are occurring more frequently, especially among younger victims.

Latigo not only demanded sex, he also sent his victim horrible images and threatening messages. He sent the nude photos to the victim’s sister and male co-workers, and created a disturbing Facebook page that included deeply personal information about the victim.

“It’s a violent crime; he just used cyber tools to carry it out,” said Special Agent Christopher Petrowski of the FBI’s Houston office, who worked the Latigo case.

Latigo’s victim approached local police several times. The case was complicated and the victim’s story changed a number of times, in part because of pressure from Latigo, Petrowski said, making it difficult for local authorities to help effectively. She turned to the FBI, visiting the Houston office in person in spring 2015.

“When someone walks in with a story like that, it’s very emotional and difficult to figure out right away,” Petrowski said. “They’re hurting. This went on for more than a year.”

It took some time for the FBI and federal prosecutors to determine that Latigo had likely violated federal cyberstalking laws. The FBI sent letters to social media companies to preserve certain records in order to prevent Latigo from covering his tracks. Agents also served search warrants, seizing computer equipment from his home.

Read More

Researchers Create Framework to Stop Cyber Attacks

A new study by Maanak Gupta, doctoral candidate at The University of Texas at San Antonio, and Ravi Sandhu, Lutcher Brown Endowed Professor of computer science and founding executive director of the UTSA Institute for Cyber Security (ICS), examines the cybersecurity risks for new generations of smart vehicles, which includes both autonomous and internet-connected cars.

“Driverless and connected cars are increasingly becoming a part of our world, where cybersecurity threats are already a reality,” Sandhu said. “It’s imperative that we support research that addresses these concerns and presents a strong, innovative solution.”

Cars with internet connectivity, also known as “connected cars,” offer potential for many conveniences and innovations. They could allow for real-time and location-sensitive communication between drivers or even pedestrians, which could help make the roads safer for both. The connectivity could also allow the cars to capture safety and environmental conditions around the vehicle, including road obstructions, accidents, which also enables real-time vehicle-to-vehicle interaction on road.

“Connected cars have almost infinite possibilities for creative technological applications,” Gupta said. “Companies could even take advantage of the connectivity to implement location-based marketing tactics, providing drivers with nearby sales and offers.”

However, the researchers caution that as soon as cars are exposed to internet supported functionality, they are also open to the same cybersecurity threats that loom over other electronic devices, such as computers and cell phones. For this reason, Gupta and Sandhu created an authorization framework for connected cars which provides a conceptual overview of various access control decision and enforcement points needed for dynamic and short-lived interaction in smart cars ecosystem.

“There are vulnerabilities in every machine,” said Gupta. “We’re working to make sure someone doesn’t take advantage of those vulnerabilities and turn them into threats. The questions of ‘who do I trust?’ and ‘how do I trust?’ are still to be answered in smart cars.”

Read More

Arkansas Prosecutors Seek Circuit Court Cybercrime Fee

Cybercrime sounds like something done in a dark room by a group of hackers.

But according to the law, using a fraudulent account number to buy something on Amazon is a cybercrime, and the 2nd Judicial District Prosecutor’s Office is making sure people pay for their crimes.

Assistant Prosecutor Grant DeProw told The Jonesboro Sun his office is looking at establishing a circuit court cybercrime fee that could be as much as $500.

“Any offenses that are computer related will have a fee attached to it along with the original punishment,” DeProw said.

DeProw said in 2017 Arkansas legislators passed a bill that allowed them to add a cybercrime fee to almost any felony that requires special electronic investigation.

According to AR Code 5-4-706, a circuit court can assess an additional fee of up to $500 for each applicable felony conviction for an offense that involved the use of a computer, an electronic device or the internet; and the investigation of which expended specialized law enforcement personnel or materials designed to investigate offenses involving a computer, an electronic device or the internet.

Cybercrimes range from possession of child pornography and cyber-attacks to nonpayment or non-delivery scams.

“If it requires someone who received specialized training or special equipment, then it would be eligible for the fee,” DeProw said. “This includes identity theft and the use of stolen debit cards.”

Read More

Malware Developer Responsible for Countless Computer Intrusions

Not that they knew him personally, but Taylor Huddleston, a 27-year-old from Hot Springs, Arkansas, was for a time very popular among the world’s cyber criminals, thanks to a malicious piece of software he created called NanoCore RAT.

That malware allowed hackers to steal sensitive information from victims’ computers, including account numbers and passwords, and even allowed them to secretly activate the webcams of infected computers to spy on unsuspecting victims.

“Basically, the malicious software compromises victim computers and steals information,” said a special agent from the FBI’s Washington Field Office who investigated the case. “The NanoCore RAT has the ability to control a victim’s computer.”

This type of malware—a Remote Access Trojan (RAT)—is all the more insidious because in most cases victims have no idea their computers have been compromised. According to court documents, NanoCore RAT was used to infect and attempt to infect more than 100,000 computers.

RATs are not only a threat to individual users but to commercial enterprises as well. And if hackers decide to target U.S. infrastructure using this malware, the agent said, “there is a potential for national security implications.”

Huddleston had the skills to develop malicious software. “There are many cyber criminals out in the world,” the agent said. “Many are not sophisticated in terms of developing a new malware. Instead, they would rather purchase malware to carry out their crimes.”

Read More

International Business E-Mail Compromise Takedown

Today, federal authorities—including the Department of Justice and the FBI—announced a major coordinated law enforcement effort to disrupt international business e-mail compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals.

Operation WireWire—which also included the Department of Homeland Security, the Department of the Treasury, and the U.S. Postal Inspection Service—involved a six-month sweep that culminated in over two weeks of intensified law enforcement activity resulting in 74 arrests in the U.S. and overseas, including 42 in the U.S., 29 in Nigeria, and three in Canada, Mauritius, and Poland. The operation also resulted in the seizure of nearly $2.4 million and the disruption and recovery of approximately $14 million in fraudulent wire transfers.

A number of cases charged in this operation involved international criminal organizations that defrauded small- to large-sized businesses, while others involved individual victims who transferred high-dollar amounts or sensitive records in the course of business. The devastating impacts these cases have on victims and victim companies affect not only the individual business but also the global economy. Since the Internet Crime Complaint Center (IC3) began formally keeping track of BEC and its variant, e-mail account compromise (EAC), there has been a loss of over $3.7 billion reported to the IC3.

BEC, also known as cyber-enabled financial fraud, is a sophisticated scam that often targets employees with access to company finances and trick them—using a variety of methods like social engineering and computer intrusions—into making wire transfers to bank accounts thought to belong to trusted partners but instead belong to accounts controlled by the criminals themselves. And these same criminal organizations that perpetrate BEC schemes also exploit individual victims—often real estate purchasers, the elderly, and others—by convincing them to make wire transfers to bank accounts controlled by the criminals.

Foreign citizens perpetrate many of these schemes, which originated in Nigeria but have spread throughout the world.

During Operation WireWire, U.S. law enforcement agents executed more than 51 domestic actions, including search warrants, asset seizure warrants, and money mule warning letters. And local and state law enforcement partners on FBI task forces across the country, with the assistance of multiple district attorney’s offices, charged 15 alleged money mules for their roles in defrauding victims.

Read More

Millions of Dollars at Stake When Bank Heists Go Digital

“Get down, this is a robbery!” That’s something no bank employee or patron wants to hear. In the past, bank robberies have resulted in thousands, even millions of dollars stolen in cash and gold (although the average yield for a bank robbery in the United States is only about $3,500, according to the FBI).

However, as money has become less physical and more digital, with credit cards and cryptocurrency rapidly replacing cash and coins, bank heists too have evolved from criminals physically breaching the walls of a bank with weapons and physical force, to hackers silently infiltrating the cyber infrastructure and funneling millions into their own accounts.

In one recent heist in Mexico, suspected to be a cyberattack, thieves stole as many as 300 million pesos ($15.4 million) through “phantom orders” to fake accounts, according to Reuters. This week, cybersecurity company Positive Technologies released a report describing how gangs execute sophisticated hacking campaigns against banks by taking advantage of social engineering and flawed security systems. The report also reveals the results of the company’s own penetration tests to show where these institutions may be falling short on protecting their networks and ultimately their funds.

This week I spoke with practice lead for governance, risk and compliance at TrustedSec, Alex Hamerstone, who works closely with large financial institutions doing cyber assessments and developing defense methods based on penetration test results, to gain more insight into bank vulnerabilities and security measures.

Read More