Notorious hacker ‘USDoD’ arrested in Brazil
Read also: Finnish police shut down Sipulitie Dark Web market, Dutch police arrest two suspects linked to a massive SMS scam, and more.
Thursday, October 17, 2024
Notorious hacker ‘USDoD’ suspected of high-profile cyber-attacks arrested in Brazil
The Federal Police (PF) arrested a 33-year-old Brazilian hacker suspected of orchestrating cyber intrusions into the systems of the Federal Police itself, as well as various international institutions, and selling stolen data.
The investigation suggests the hacker was responsible for two major data-selling incidents in May 2020 and February 2022. While the agency didn’t name the suspect, it stated that the hacker was behind multiple high-profile data breaches, including the leak of sensitive information from InfraGard, a US Federal Bureau of Investigation (FBI) partnership with private critical infrastructure entities.
A hacker known online as USDoD aka EquationCorp took responsibility for the InfraGard data breach, claiming to have compromised and disclosed the personal details of 80,000 members associated with the program.
In addition to the InfraGard breach, the hacker is believed to have targeted major organizations such as Airbus, the United States Environmental Protection Agency (EPA), and TransUnion. The hacker was also named in US court documents in connection to the investigation into the administrator of the BreachForums hacker forum, Conor Fitzpatrick aka “Pompompurin,” where “USDoD” was cited as a seller of the InfraGard member data.
Finnish police shut down Sipulitie Dark Web marketplace
Working together with Swedish police and Europol, Finnish Customs has dismantled the Sipulitie marketplace, which had been operating on the Dark Web since 2023. The marketplace’s servers were seized and its administrator identified, along with several moderators and customer service agents who supported the platform.
The Sipulitie platform, available in both Finnish and English, allowed users to unanimously engage in illegal drug transactions. According to the marketplace’s administrator, Sipulitie had generated a turnover of €1.3 million.
Sipulitie was the successor to the earlier platform, Sipulimarket, which began operations in April 2019. The Finnish-language marketplace also facilitated illegal drug and doping substance sales. It was taken down in December 2020 through a collaboration between Finnish Customs and Polish authorities, with its revenue estimated at over €2 million.
The ongoing investigation has revealed that following the shutdown of Sipulimarket in 2020, its administrator launched Sipulitie to continue the illegal drug trade. The same individual is also suspected of running a chat-based drug marketplace called Tsätti, which was launched in 2022 and has now been closed by Finnish authorities.
Cybersecurity Compliance
Prevent data breaches and meet regulatory requirements
Dutch police arrest two suspects linked to a massive SMS scam
Dutch police have arrested two suspects involved in a large-scale “smishing” operation, where over 150,000 SMS messages were sent posing as the Dutch tax authority. The operation reportedly netted the scammers thousands of euros daily.
Authorities identified the suspects, aged 20 and 24, after a local company filed a complaint regarding an unusual order of SIM cards made in their name by a former employee. Upon investigation, police discovered that the SIM cards were being used to send fraudulent text messages designed to trick victims into sharing personal information or making payments.
The scam messages, designed to look like official communications from the Dutch tax authority, lured victims into clicking on malicious links, leading to a web page, where their sensitive information was stolen.
The two suspects were arrested in a house in a Utrecht neighborhood, with law enforcement officers seizing several data carriers and high-end branded clothing.
Former RAC employees receive suspended sentence for data theft
Two former employees of British automotive services company RAC have been sentenced for unlawfully copying and selling personal information, involving over 29,500 lines of sensitive data.
Debbie Okparavero and Maliha Islam, who both worked as customer service specialists at the RAC’s call center in Stretford, were handed suspended prison sentences.
The data theft was discovered after RAC installed new security monitoring software, which flagged Okparavero’s unauthorized access to personal information. The data, largely related to individuals involved in road traffic accidents, was later found to have been shared with Islam through WhatsApp messages. Investigators also uncovered that the stolen information was sold to a third party.
Both Okparavero and Islam were sentenced to six months in prison, though the sentences were suspended for 18 months. In addition to the suspended sentences, each was required to complete 150 hours of unpaid community service as part of their punishment.
The US disrupts Anonymous Sudan DDoS operation, indicts two Sudanese brothers
US authorities have disrupted the operations of Anonymous Sudan, a prolific hacking group known for conducting large-scale distributed denial-of-service (DDoS) attacks. Federal prosecutors announced charges against two Sudanese nationals, brothers Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer, who are allegedly key figures in the group's operation.
Anonymous Sudan, which operates under an ideologically motivated agenda, has attacked several high-profile targets across the globe, including US government agencies such as the Department of Justice, Department of Defense, FBI, and State Department, as well as technology platforms and infrastructure service providers.
The group has also targeted the Cedars-Sinai Medical Center in Los Angeles, causing disruptions and an eight-hour shutdown of the hospital’s emergency department. Anonymous Sudan’s attacks caused over $10 million in damages in the US alone, officials said. In March 2024, the US authorities took down the group's DDoS tool named ‘DCAT’.
Ahmed Salah Yousif Omer faces one count of conspiracy to damage protected computers and three counts of damaging protected computers, which, if convicted, could result in a maximum life sentence. His brother, Alaa Salah Yusuuf Omer, faces one count of conspiracy to damage protected computers, with a possible five-year sentence if convicted.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
