The Most Notorious Cybercrooks Of 2011 — And How They Got Caught
A torrent of attacks from groups like Anonymous, LulzSec, Goatse Security, and Antisec has made it a busy year for cybercrime investigators
By Ericka Chickowski, Contributing Editor
Dec 07, 2011
While there are plenty of elusive hackers that will forever manage to outrun the law, the good guys scored some impressive arrests, indictments, and convictions in 2011.
Here are some of the highest profile cases to hit the headlines this year.
1. Anonymous and LulzSec Hacker: Ryan Cleary
Police raided the home of 19-year-old Brit Ryan Cleary and arrested him this summer for allegedly using distributed denial-of-service (DDoS) attacks to take down the British Serious Organised Crime Agency (SOCA) website this year, plus websites for the International Federation of the Phonographic Industry the British Phonographic Industry last year. His arrest was heralded by authorities as part of a crackdown against LulzSec, but the loosely organized group associated with Anonymous disavowed him as its leader. Cleary for sure had some affiliation with Anonymous, though. Acrimony between him and other Anonymous members for hacking into the group’s AnonOps website and exposing its members IP addresses led to Anonymous exposing Cleary’s full name, address, phone number, and IP on its site. These details were used by authorities to eventually find, arrest, and indict him.
2. Ivy League Academic Content Turbo Downloader: Aaron Swartz
A programmer and fellow at Harvard University’s Safra Center for Ethics, 24-year-old Aaron Swartz faced indictment this year after he downloaded more than 4 million academic articles from the Massachusetts Institute of Technology (MIT) network connection to Jstor, an online academic repository. Swartz used anonymous log-ins on the network in September 2010 and actively worked to mask his log-ins when MIT and Jstor tried to stop the massive drain of copyrighted material. After Jstor shut down access to its database from the entire MIT network, Swartz visited the campus and directly plugged in a laptop the infrastructure at an MIT networking room and left it hidden there as it downloaded more content. It was this visit in the flesh that got him nabbed; authorities had been tipped off by an IT admin about the laptop and after searching the laptop left it there along with a hidden webcam to catch Swartz when he came back for his computer. But not everyone thought his actions were criminal.
3. DNSchanger Creators: Vladimir Tsastsin, Timur Gerassimenko, Dmitri Jegorov, Valeri Aleksejev, Konstantin Poltev and Anton Ivanvov
In a cybercrime bust that some security pros called one of the biggest ever, the six masterminds behind the DNSchanger malware were arrested in November for operating one of the longest running and most costly botnets to afflict the Internet. Lead by Tsastsin, this gang of thieves is accused of developing the DNSchanger malware to help perpetrate a profitable clickjacking scheme that netted it $14 million in stolen advertising views. The malware pioneered the method of using social engineering techniques to deliver unobtrusive payloads used to hijack victims’ DNS settings in order to set up revenue streams based on their manipulated browsing. Law enforcement closed in on the takedown after a multiyear, public-private investigation it dubbed “Operation Ghost Click,” which was initiated nearly five years ago after researchers with Trend Micro brought the gang’s botnet to the attention of the Feds.
4. Sony Hacker: Cody Kretsinger
This September, authorities detained and indicted Cody Kretsinger (a.k.a. “recursion”) for allegedly carrying out the summer attack against Sony Pictures on behalf of LulzSec. Authorities apparently hunted down Kretsinger through the U.K.-based HideMyAss proxy server service provider he used to help him “anonymously” carry out his SQL injection attack against Sony. The provider coughed up the logs to the authorities that allowed them to match time-stamps with IP addresses to pinpoint Kretsinger as the suspect in question.
5. Anonymous’ Inside Man at AT&T: Lance Moore
Former AT&T Mobility contractor Lance Moore allegedly handed over to Anonymous tens of thousands of phone numbers, confidential server names with IP addresses, usernames, and passwords to log into them, plus corporate emails, presentation documents, and intellectual property that was used by the LulzSec/Antisec movement in a public data dump this summer. According to his indictment soon thereafter, his misdeeds were discovered through the robust network auditing and log management run by his employer. AT&T was able to use its various logging and intelligence capabilities to connect the dots between an AT&T VPN connection used to upload documents to FileApe.com at the same time that unauthorized access was made to sensitive information. The IP address used was assigned to a group of less than 20 contractors and further investigation by security staff showed that Moore’s account was the only one used to access both FileApe and the servers with the stolen digital goods. What’s more, Web monitoring software showed that he used his account to search on Google for information on uploading files and file hosting.
6. Apple iPad Snoop: Andrew Auernheimer
Authorities indicted Andrew Auernheimer (a.k.a. “weev”), a vocal member of Goatse Security, for his involvement in exposing a flaw in AT&T’s Web security that the group used to acquire 114,000 email addresses belonging to iPad users, including notable celebrities, politicians, and businesspeople. The attack was carried out when Auernheimer and Goatse hackers realized they could trick the site into offering up the email address of iPad users if they sent an HTTP request that included the SIM card serial number for the corresponding device. Simply guessing serial numbers — a task made easy by the fact that they were generated sequentially during manufacturing — generated tons of sensitive addresses. Auernheimer and Goatse released details about the attacks to Gawker Media, and shortly thereafter the FBI arrested Auernheimer in connection with the breach.
7. Celebrity Hackerazzi: Christopher Chaney
Celebrity-obsessed hacker Christopher Chaney took cyberstalking to a new level when he used publicly available information from celebrity blog sites to help him guess passwords to hack Google and Yahoo emails owned by 50 different stars, including Scarlett Johansson, Mila Kunis, and Christina Aguilera. Using his access he set up email-forwarding to send himself of all email received by each celebrity. Chaney was responsible for the release of nude Scarlett Johansson photos that circulated the Internet. Though FBI investigators did not release the details of exactly how they managed to track Chaney down, they did report that they were piecing the details together during an 11-month investigation they dubbed “Operation Hackerazzi.”
8. Gucci Hacker: Sam Chihlung Yin
Fired after being accused of selling stolen Gucci shoes and bags on the Asian gray market, the former Gucci IT employee allegedly managed to set up a VPN token using a bogus employee name on his way out the door. A forensics investigation found that after he left the job, he called the company’s IT department posing as the fake employee to get his former co-workers to activate the fob, and from there he used that access to perpetrate digital mayhem, deleting servers, destroying storage set-ups ,and wiping employee mailboxes — essentially cutting off employee access to files and email across the U.S. for nearly an entire business day.