Unsealed court filings in Chicago show the arrest of two individuals believed to be part of an online cybercrime syndicate. The FBI says it suspects the group has stolen more than $3 million worth of cryptocurrency.

Details of the Arrests

According to the Chicago Sun-Times, the FBI suspects a Bloomington resident and another from Dolton of being part of an online cybercrime syndicate that has stolen over $3 million in cryptocurrency. The Bloomington resident told Federal Agents that he met the group online while playing “Call of Duty” – the popular first-person shooter game.

The FBI says the group stole at least $805,000 in Augur Reputation Tokens. Earlier, the San Francisco-based Augur registered a complaint with the Bureau alleging that hackers were targeting its employees and investors.

According to an FBI affidavit, the Bloomington-based suspect confessed to hacking over 100 phones belonging to victims of the numerous cyber attacks. Upon completion of the cryptocurrency thefts, the FBI says the group converted the stolen tokens to Bitcoin or Ether – the two most popular digital currencies.

Acting Under Duress

Speaking to the Chicago Sun-Times, the Bloomington-based man said that he didn’t hack 100 phones, that the actual number was a lot lower. Speaking further, he declared:

I have done nothing but cooperate with Augur and the FBI. I have never once profited from anyone [by] crypto-hacking, ever.

The FBI also said that the Bloomington resident claimed he was an unwilling participant in the theft. According to the FBI, the Bloomington-based individual said he was threatened with being implicated in ongoing violent crime (“SWATting”) by the alleged ringleaders of the crime group.

Cryptocurrency Thefts by Cybercrime Syndicates

Recently, Live Bitcoin News reported on the North Korean ‘Lazarus’ hacking syndicate responsible for cryptocurrency thefts amounting to more than $571 million in multiple cyber attacks. With this latest revelation, it appears there are numerous online groups actively involved in coordinated cryptocurrency heists. Some officials in South Korea say the group is responsible for many of the attacks against cryptocurrency exchanges in the country.

Reports by cybersecurity firms like CipherTrace and Group-IB show an increase in cryptocurrency ransomware attacks targeted at banks at other businesses. In September, the Manhattan Supreme Court sentenced one Louis Meza to ten years in prison for attempting to steal $1.8 million.

Do you believe that the arrested suspects were acting under duress? Let us know your thoughts in the comment section below.

This post is credited to livebitcoinnews

Scammers tricked victims to pay ransom in bitcoin for compromising video that didn’t exist.

Image: Shutterstock
Sometimes scammers just need to say they hacked you to pull in the cash. Since July, cybersecurity researchers, journalists and victims, have seen a spike in extortion letters and emails demanding hefty sums of bitcoin. The twist is that the scammers send the victim one of their own passwords, likely gleaned from an already public breach, and use that as an intimidation tactic. The blackmailers then claim they have hacked into the target’s webcam while they were watching pornography. Pay up, or they’ll release the (made-up) video.

Now, researchers have found this scam has been pretty profitable, especially considering the low-level of work involved on the fraudsters’ part.
“What is worrying is that, scammers were able to siphon off [$500,000], from old passwords dumps, with very little effort,” Suman Kar, CEO of cybersecurity firm Banbreach, told Motherboard in an online chat.
In July, cybersecurity journalist Brian Krebs reported on the new wave of sextortion emails.
“I’m aware that [victim’s password] is your password,” one part of an example email Krebs published reads. “First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!),” the version Krebs published adds, before demanding the victim sends $1,400 in bitcoin to a specific bitcoin address.
It’s an enticing, if not devilish, proposition. Banbreach looked at around 770 wallets in total, according to a spreadsheet the company shared with Motherboard. The majority of those, around 540, did not receive any funds. But the remaining ~230 had over 1,000 transactions, receiving a total of around 70.8 BTC.
This figure is also likely only a conservative estimate, considering Banbreach’s methodology would not have captured all, or perhaps even the majority, of sextortion emails. Kar said Banbreach collected different bitcoin addresses used in this style of extortion by scraping comments on related media coverage, and picking them out from journalists’ articles. Kar said the company also fielded reports from victims in India, where scammers appear to be targeting at the moment in particular.

“$1000 is a lot of money for the average Indian,” Kar said.
Banbreach believes some of the passwords used to trick victims came from the LinkedIn and Anti-Public Combo list data breaches, the latter being a large collection of various data caches from multiple sources. Those two breaches turn up when entering sextortion victims’ email addresses into breach notification site Have I Been Pwned, Banbreach said in a write-up of its research provided to Motherboard. However, it is still difficult to fully determine where a password did ultimately come from, the company added.

This post is credited to motherboard.vice