Owners of Empire Market are charged in the US
Read also: Alleged boss of cybercrime gang responsible for Twilio, LastPass, DoorDash breaches arrested, former employee gets prison sentence for wiping 180 virtual servers, and more.
Thursday, June 20, 2024
Owners of Empire Market Dark Web market valued at more than $430M charged in the US
Two men have been charged in the US for running “Empire Market,” a Dark Web marketplace that facilitated the anonymous buying and selling of over $430 million in illegal goods and services worldwide.
Thomas Pavey, also known as “Dopenugget,” and Raheim Hamilton, aka “Sydney” and “Zero Angel,” are accused of owning and operating Empire Market from 2018 to 2020. The indictment alleges they facilitated approximately four million transactions between vendors and buyers during this period. The authorities said that the duo previously worked together on AlphaBay, another underground platform for illicit goods, which was shut down in 2017.
The pair launched Empire Market in February 2018, offering a wide range of illegal products and services, including illegal drugs, counterfeit currency and stolen credit card information. During the investigation, federal law enforcement seized cryptocurrency valued at $75 million at the time of seizure, along with cash and precious metals.
The charges against Pavey and Hamilton include conspiracy to engage in drug trafficking, computer fraud, access device fraud, counterfeiting, and money laundering. If convicted, they face a maximum sentence of life in federal prison.
An alleged ringleader of the Scattered Spider cybercrime gang arrested in Spain
Spanish police apprehended a suspected ringleader of the Scattered Spider cybercrime group, known for its attacks against multiple enterprises worldwide, including Twilio, LastPass, DoorDash, and Mailchimp.
A 22-year-old British national was arrested at Palma Airport as part of a coordinated effort between Spanish police and the FBI. The suspect is believed to be the boss of an organized group specializing in the theft of sensitive information and cryptocurrencies.
The group leveraged phishing techniques to obtain access credentials from victims, which were then used to infiltrate corporate systems. Once inside, the intruders seized sensitive information and took control of the victims' cryptocurrency wallets.
Investigators revealed that the group managed to gain control of 391 bitcoins, valued at over $27 million. Palma police said that the suspect “controlled” these bitcoins at one point. During the arrest, police confiscated a laptop and a mobile phone. While the law enforcement authorities didn’t disclose the identity of the suspect, some reports named the arrested individual as Tyler Buchanan from Dundee, Scotland, known online under the alias “Tyler.” He is believed to be a key player in the MGM ransomware attack that took place in September of last year.
Cybersecurity Compliance
Prevent data breaches and meet regulatory requirements
Two fraudsters linked to Android malware scam extradited to Singapore
Two men have been extradited from Malaysia to face charges in Singapore for their suspected involvement in a series of malware-enabled scams that have targeted Singaporeans since June 2023.
Victims were deceived into downloading malicious apps onto their mobile devices, resulting in total financial losses of at least $34.1 million. The malicious apps allowed scammers to remotely access victims' devices, steal sensitive information, including personal data and banking credentials, and execute fraudulent transactions.
The Singapore Police Force (SPF) identified two key suspects in Malaysia, who were arrested on June 12, 2024, under warrants issued by the State Court of Singapore. The suspects allegedly operated servers to infect victims' Android mobile phones with a malicious Android Package Kit (APK) app, which allowed the scammers to control the phones remotely and modify their contents.
Additionally, the SPF in cooperation with the Taiwan police dismantled a syndicate operating a fraudulent customer service center in Kaohsiung City, Taiwan. On May 15, 2024, a raid led to the arrest of four individuals involved in unauthorized bank account transfers via malicious apps. Seized assets, including cryptocurrency and real estate, totaled approximately $1.33 million. In Hong Kong, the HKPF dismantled 52 malware-controlling servers and arrested 14 money mules who had facilitated the scams by providing their bank accounts to the scammers for financial gain.
Two ViLE gang members plead guilty to hacking law enforcement portal
Two members of the notorious hacking group called “ViLE” have pleaded guilty to charges of conspiring to commit computer intrusion and aggravated identity theft. Sagar Steven Singh and Nicholas Ceraolo, who were charged in March 2023, admitted to using a stolen law enforcement officer's password to gain unauthorized access to a restricted portal maintained by a US law enforcement agency.
The hacker group executed a sophisticated scheme involving doxing and extortion to extract money from their victims. According to officials, Singh and Ceraolo gathered sensitive personal information, including Social Security numbers and driver's license details, which they used to threaten individuals. They demanded payments in exchange for not publicly releasing this information.
Officials said that Singh and Ceraolo compromised a password-protected online intelligence-sharing portal operated by a US federal law enforcement agency.
In another instance, Singh threatened to “harm” a victim's family unless the victim provided Instagram login credentials. To underscore the seriousness of the threat, Singh included the victim's Social Security number, driver's license number, home address, and other personal details in his communication. Both Singh and Ceraolo face a maximum sentence of seven years in prison for their crimes.
Former IT consultant gets 2.8 years for wiping nearly 200 virtual servers
Kandula Nagaraju, a former IT consultant for the NCS Group, has been sentenced to two years and eight months in prison by a Singapore court for unauthorized access to the company's software test environment and wiping out 180 virtual servers. His actions resulted in damages estimated at $678,000.
Nagaraju, an Indian national, joined NCS as a hybrid cloud consultant in November 2021, but he was dismissed a year later due to his underperformance.
As a member of the quality assurance (QA) team, Nagaraju was responsible for testing new software and programs before their official launch. According to court documents, between January and March 2023, Nagaraju accessed NCS systems over thirteen times using his system credentials that his former employer failed to invalidate. During these unauthorized accesses, he tested custom scripts to wipe virtual servers managed by the QA team.
Nagaraju executed a wiper script that led to the deletion of 180 virtual servers. Law enforcement authorities traced the malicious activity to an IP address associated with Nagaraju, and a subsequent investigation led to the confiscation of his laptop, where the wiper script was found. Investigators revealed that Nagaraju developed the wiper script using Google searches on how to delete virtual servers.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
