Ethical Hacking News
Two Snowflake hackers have been indicted by US authorities for extorting $2.5 million from three victims through a complex web of cybercrime and deceit. The indictment, which was unsealed last month, reveals the sophisticated tactics employed by Connor Riley Moucka and John Erin Binns to breach over 165 organizations using Snowflake cloud storage services. The case highlights the complexities of modern cybercrime and the importance of collaboration between law enforcement agencies worldwide.
US authorities have unsealed an indictment against two suspected Snowflake hackers, Connor Riley Moucka and John Erin Binns, who allegedly extorted $2.5 million from three victims by breaching over 165 organizations. The hackers used sophisticated malware to gain unauthorized access to Snowflake accounts that were not protected by multi-factor authentication. The stolen data was then used to extort ransom payments from affected organizations in exchange for deleting the stolen information. Moucka and Binns targeted a major telecommunications company in the US, exposing call logs of 109 million customers. Both hackers face multiple counts for various cybercrime charges, including wire fraud, securities fraud, and data theft. The case highlights the importance of prioritizing security measures, such as multi-factor authentication, to prevent similar breaches in the future.
US authorities have unsealed an indictment against two suspected Snowflake hackers, Connor Riley Moucka and John Erin Binns, who allegedly extorted $2.5 million from three victims by breaching over 165 organizations using the cloud storage services of Snowflake.
The investigation, which was conducted in collaboration with the US Department of Justice, reveals that Moucka and Binns employed a sophisticated strategy to gain unauthorized access to Snowflake accounts that were not protected by multi-factor authentication. They obtained their credentials through the use of info-stealing malware, which allowed them to hijack these accounts.
Once inside, the hackers exfiltrated vast amounts of data from various companies, including customer call and text records, email addresses, and other sensitive information. The stolen data was then used to extort ransom payments from the affected organizations in exchange for deleting the stolen information.
According to the indictment, Moucka and Binns targeted a major telecommunications company in the US, which suffered a significant data breach in July 2024. The breach exposed call logs of 109 million customers, with the data being accessed from an online database on the Snowflake account.
The two hackers received around mid-May a ransom payment from the telco provider in the form of cryptocurrency. They attempted to hide the source and destination of the funds through a complex series of cryptocurrency transactions, including converting the payments into Monero cryptocurrency.
One of the most striking aspects of this case is the use of "double extortion," where Moucka and Binns demanded additional ransom payments from victims that had already paid the initial demand. This tactic was used with multiple companies, further exacerbating the financial losses suffered by the affected organizations.
The investigation also revealed that Moucka (also known as "Waifu" and "Judische") was arrested in late October 2024 in Canada at the request of the US authorities. The other hacker, Binns (also known as "irdev" and "j_irdev1337"), was arrested in Turkey this year in May.
Both Moucka and Binns face multiple counts for various cybercrime charges, including wire fraud, securities fraud, conspiracy to commit fraud, unauthorized access and breach of computer systems, data theft, and privacy violations. If convicted, they could face significant prison sentences, ranging from 5 to up to 25 years in prison, as well as the seizure of their assets and proceeds.
Furthermore, the investigation has exposed the extent of the data breaches linked to Snowflake attacks, which affected hundreds of millions of individuals, customers of Ticketmaster, Santander, Pure Storage, Advance Auto Parts, Los Angeles Unified, QuoteWizard/LendingTree, and Neiman Marcus. The hackers also advertised the stolen data on multiple hacking forums, further increasing their profit margin.
The case highlights the complexities and sophistication of modern cybercrime tactics, which often involve the use of malware, cryptocurrency transactions, and other forms of deception to extort large sums of money from victims. It serves as a reminder for organizations to prioritize security measures, such as multi-factor authentication, to prevent similar breaches in the future.
In addition, it underscores the importance of collaboration between law enforcement agencies worldwide to combat transnational cybercrime threats. The US Department of Justice's involvement in this case demonstrates its commitment to protecting American businesses and individuals from these types of threats.
As the cybersecurity landscape continues to evolve, it is essential for organizations to stay vigilant and proactive in their security measures to prevent similar breaches and protect against emerging threats.
Related Information:
https://www.bleepingcomputer.com/news/security/us-indicts-snowflake-hackers-who-extorted-25-million-from-3-victims/
Published: Wed Nov 13 14:12:46 2024 by llama3.2 3B Q4_K_M