Lapsus$ Teen Behing Uber And Nvidia Hacks To Remain In Secure Hospital For Life
Read also: Police found over 400 online shops infected with credit card stealers, an admin of Kingdom Market faces decades in prison, and more.
Thursday, December 28, 2023
Lapsus$ hacker sentenced to indefinite stay in secure hospital
Arion Kurtaj, an 18-year-old member of the notorious Lapsus$ group, has been sentenced to an indefinite hospital order. Kurtaj played a significant role in cyber-attacks that targeted major tech companies, causing nearly $10 million in damages.
In August 2023, Kurtaj was found guilty of perpetrating cyber-attacks against major tech firms, including ride-hailing giant Uber, US-based semiconductor company Nvidia, and video game maker Rockstar Games. However, the jury deemed that Kurtaj was unfit to stand trial due to his autism.
Taking into consideration Kurtaj's demonstrated hacking skills and perceived risk to the public, the court decided on an unprecedented lifelong stay at a secure hospital unless doctors determine that he no longer poses threat to the public.
In addition, another Lapsus$ member, a 17-year-old minor, was found guilty of fraud, computer misuse and blackmail. The teen was sentenced to an 18-month-long Youth Rehabilitation Order, including three months of intensive supervision and prohibition on using VPNs online.
Request your free demo now and talk to our experts.
Admin of Kingdom Market dark web market faces decades in prison in the US
A 30-year-old Slovakian man, Alan Bill, was charged in the US for operating Kingdom Market, a black market platform that sold illegal items such as grugs, stolen personal information, malware, credit card data and other goods.
Kingdom Market, which has been in operation since March 2021, was dismantled last week, with law enforcement authorities seizing the site’s infrastructure. The joint operation involved police from Germany, the US, Switzerland, Ukraine and Moldova.
Alan Bill, aka “Vend0r” and “KingdomOfficial,” was arrested in New Jersey (the US) and charged with multiple offenses, including distribution of controlled substances, conspiracy to commit identity theft and fraud related to identification documents, identity theft, aggravated identity theft, misuse of a passport, and money laundering conspiracy.
If found guilty, Bill could spend decades in prison, as the drug trafficking charges carry a penalty of up to 40 years, the identity theft conspiracy up to 15 years, and the misuse of a passport charge could lead to a maximum of 20 years in prison. He could also face hefty fines, ranging from $250,000 to up to $5 million.
Cybersecurity Compliance
Prevent data breaches and meet regulatory requirements
Six RICO conspirators sentenced to prison for hacking and tax fraud
A US court has issued federal prison terms, ranging from 4 to 10 years of imprisonment, to six people involved in a sophisticated RICO conspiracy, which spanned from 2015 to 2019, resulting in cyber intrusions and millions of dollars in tax fraud.
Court documents reveal that the group, along with a now-deceased conspirator identified as RICH4EVER4430, orchestrated a complex cybercrime and tax fraud scheme that used stolen server credentials obtained on dark web markets to hack into the networks of Certified Public Accounting (CPA) and tax preparation firms and pilfer the tax returns of thousands of clients.
Some of the group’s members were involved in running fraudulent tax businesses that filed false tax returns in the names of thousands of victims, often using stolen identities. In total, the scheme claimed over $45 million in false tax refunds over nearly four years, resulting in an estimated loss of more than $7 million.
The individuals sentenced include Louisaint Jolteus, Michael Jean Poix, Monika Shauntel Jenkins, Alain Jean-Louis, Louis Noel Michel, and Jeff Jordan Propht-Francisque. Three other co-conspirators, Andi Jacques, Dickenson Elan, and Vladimyr Cherelus, are set to be sentenced next year.
Police found over 400 online shops infected with credit card stealers
An international law enforcement effort involving Europol, European Union Agency for Cybersecurity (ENISA) and law enforcement agencies from 17 countries has identified 443 hacked e-shops infected with credit card skimmers.
The operation, spanning two months, was aimed at combating the escalating threat of digital skimming attacks, a form of cybercrime where attackers surreptitiously pilfer sensitive payment information during the online checkout process.
Perpetrators employ sophisticated tools, such as JavaScript sniffers or JS-sniffers, to intercept data without triggering alerts for either customers or the targeted online merchants.
During the operation, 23 families of JS-sniffers responsible for compromising the security of various online platforms were identified. Some of the identified families include ATMZOW, health_check, FirstKiss, FakeGA, AngryBeaver, Inter, and R3nin.
Kazakhstan agrees to extradite a US-wanted alleged hacker to Russia
The Kazakh authorities will extradite a Russian national, Nikita Kislitsin, wanted in the US for allegedly buying illegally obtained personal data, to Russia.
Kislitsin is a senior executive at F.A.C.C.T., a Moscow-based offshoot of cybersecurity firm Group-IB that relocated operations from Russia to Singapore. According to Russian prosecutors, he is facing charges in Russia related to an October 2022 hack of an unnamed business, where he and accomplices allegedly stole data from the company’s server and attempted to extort the victim for 550,000 rubles (~$6K) in cryptocurrency.
Kislitsin was arrested in June 2023 in Kazakhstan on the request of the US authorities. However, the Kazakh authorities refused the US extradition demand.
Kislitsin was charged in the US with the hacking of the now-defunct question-and-answer-based social media platform Formspring and selling access to the network to other individuals. He was also indicted for brokering a sale of illegally obtained personal data.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
