London police nab prolific cybercriminal, seize $700,000 in BTC

Undercover British police took a little train ride last December. It wasn’t for a police conference or to participate in a training exercise; instead, it was the perfect opportunity to corral a fugitive they had finally caught up with after two years. The fugitive was Grant West, and he had become known as one of the most prolific cybercriminals in the world.

Going by the name of “Courvoisier” online, he allegedly concocted a series of cybercrimes directed at more than 100 companies between July and December 2015. According to investigators, West targeted gambling shops, cellphone companies and supermarkets, using phishing emails sent to the stores’ customers that resulted in the individuals giving up their bank details, credit card numbers and passwords.

West used this information to make a small fortune on the Dark Web, selling the data to unscrupulous scammers. He received payments for his services, and converted them all to BTC—when he was arrested, over $700,000 in BTC was found in several wallets held on his laptop.

Under many circumstances, law enforcement officers have a difficult time gathering intel, especially when criminals use the anonymity of cryptocurrency to their advantage. However, when West was nabbed, his laptop was turned on and unlocked, and investigators were able to walk right in. They found his encrypted addresses on the computer, which helped authorities secure their case against him.

According to Sharon Cohen Levin, a money-laundering authority who has worked for the U.S. Attorney’s Manhattan office, investigators often have the ability to know that cryptocurrency has been utilized in the commission of a crime, but they aren’t able to identify the individuals. Having access to West’s laptop changed that significantly in this case. Levin explained to USA Today, “There is not necessarily any place, for example, that you can subpoena to find information about Bitcoin-related activity.”

The arrest comes after a two-year undercover operation led by Scotland Yard. The arrest was led by Mick Gallagher, who said, “These people generally feel they can operate with impunity, that they can’t be touched. We have now debunked that.”

West was found innocently traveling on the train, oblivious to what was about to go down. He pleaded guilty to the charges and will stand before a judge on May 25 to learn his fate. His girlfriend and alleged accomplice, Rachael Brookes, was sentenced to community service for two years, authorities said.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

Europol takes down Ukranian gang suspected of using crypto to launder $1.2B

Authorities in Spain have arrested the leader of a cybercrime group behind the Carbanak and Cobalt malware attacks, which targeted over 100 financial institutions around the world. The mastermind behind this heist was allegedly an Ukranian national called Denis K. The operation was conducted in conjunction with Europol.

The gang, composed of Russian and Ukranian nationals, would manage to gain access to bank servers and networks through a series of emails sent to employees, according to Europol. The emails would eventually infect their computers and target valuable security data such as passwords, resulting in the group gaining access to account balances which they changed and even gave instructions to ATMs to issue large quantities of cash.

Authorities said the Cobalt malware alone allowed the cybercriminals to steal up to €10 million (U$12.4 million) per attack. In total, the group reportedly infiltrated banks in more than 40 countries, resulting in the loss of over €1 billion (US$1.2 billion).

The group also managed to set up a cryptocurrency farm, which they use to launder money. According to Europol investigators, “The criminal profits were also laundered via cryptocurrencies, by means of prepaid cards linked to the cryptocurrency wallets which were used to buy goods such as luxury cars and houses.”

The mastermind behind the group, who was identified as Denis K, operated from Spain and had accumulated about 15,000 BTC worth about $120 million, authorities said.

The operation to catch this gang was quite massive and involved the police from several countries including the United States, Taiwan in Asia and Romania in Europe. Denis K was eventually arrested in the Spanish port city of Alicante.

The Spanish Interior Minister announced that three other gang members were arrested alongside a massive haul of jewels worth half a million dollars, two luxury cars and properties. Bank accounts belonging to the gang members were also frozen.

According to a statement by Europol, the individuals authorized fraudulent bank transfers, adjusted mule bank accounts and commanded ATMs to issue cash. Apparently the group worked with the Russian mafia up till 2016 but then began working with the Moldovan mafia. This massive operation enabled the gangsters to accumulate a staggering 15,000 BTC with the money being converted on cryptocurrency exchanges in Russia and Ukraine which would later be transferred to the group’s personal bank accounts.

This is not the first time that cryptocurrency has been used to launder money. A Turkish gang was involved in extortion to the amount of 450 BTC from a Turkish businessman while in February a Taiwanese gang was arrested for the theft of BTC worth up to $100,000.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.


South Korea pins 2017 crypto theft on North’s hackers

Despite being set back by heavy regulation and privacy fines from its government, South Korean exchanges continue to operate and accommodate the increasing number of cryptocurrency users in the country. In Reuters report, South Korean intelligence officials accused North Korean hackers of infiltrating its exchanges and stealing cryptocurrency worth billions of won in 2017.

Kim Byung-kee, member of South Korea’s parliamentary intelligence committee, was quoted saying, “North Korea sent emails that could hack into cryptocurrency exchanges and their customers’ private information and stole (cryptocurrency) worth billions of won.” The government official did not disclose which South Korean exchanges were hacked.

With the rise of digital currency initiatives around the world, North Korea has been reported to have been covertly developing and mining a rival cryptocurrency in a bid to bolster its economy with the technology amid heavy international sanctions. According to the South Korean government’s intelligence agency, North Korea has continued to engage in related cybercrime attacks, with mounting evidence pointing to a specific unit called “Lazarus.”

North Korea’s offensives in cyberspace is escalating, according to cybersecurity experts. Information security firm Recorded Future said North Korea has engaged in hacking offensives in late 2017 right before the North-South dialogue began.

The backdoor malware employed in the exchange attacks were used against Sony Pictures Entertainment (2014) and the first WannaCry ransomware victims in February 2017. The hacking unit responsible for these methods has been identified as the “Lazarus” group, after affinities in code execution and malware infrastructure were noted to be indicative of a certain manner of intrusion.

The group has also been identified by security firm Symantec as the unit responsible for other financially-related cybercrimes, linking it to an attack to a bank in the Philippines in 2016, a theft of at least $81 million from the Bangladesh central bank, as well as an attempt to steal over a million U.S. dollars from Vietnam’s Tien Phong Bank in 2015.

Kim said the Lazarus group primarily used phishing campaigns to propagate its malware, socially engineering its targets and luring them into its propaganda. The campaigns specifically targeted South Korean college students interested in foreign affairs, or other South Korean citizens researching about North Korea’s history and politics.

In an analysis by infosec research firm AlienVault, an app compiled on the Christmas Eve of 2017 was found to be an installer for cryptocurrency mining software. The application mined Monero and sent all of its profits to Kim Il Sung University in Pyongyang, North Korea. AlienVault notes that the file is likely based on software called xmrig, adding that the app’s internal password indicated as “KJU” might be a possible reference to Kim Jong-un, North Korea’s leader since 2011.

In a tweet by Simon Choi, director of South Korean security solutions company Hauri, a zero-day vulnerability based on Adobe’s Flash Player was found to be hidden in the infected files. The vulnerability is present in Adobe Flash versions and earlier. The flaw allows attackers to perform remote code execution on most operating systems. Here’s a hash of the incident response  for full reference.

With these threats posing risks for South Korean cryptocurrency investors and exchanges, Kim said the government was “doing its best” to protect the interests of its people. As security flaws are continually discovered by researchers and security analysts, threats like North Korea’s Lazarus hacking unit will continue to exploit and steal from different cryptocurrency exchanges. For users of leading cryptocurrencies like Bitcoin Cash, it’s best to adhere to best practices in crypto security such as making use of hardware wallets that support Bitcoin Cash, keeping up-to-date with standard address formats, and actively monitoring where funds originate from and where they go.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true  Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.