Black-Hat Hackers caught

Earlier this year in an AutoSec Newsletter it was reported that source code of mobile apps and internal tools developed and used by Nissan North America was circulating the Internet. The data had been shared on Telegram channels and different forums for hackers in the form of torrent links. Last week, the hacker who has claimed credit for helping steal or distribute the aforementioned data was indicted by a grand jury in the Western District of Washington for computer intrusion and identity and data theft activities spanning from 2019 to present. Both, the breaching of the security camera startup Verkada (link to breaching), as well as the hacking of the chip maker Intel Corp. (link to hacking) which the Swiss hacker, aka “deletescape” and “tillie crimew”, previously also claimed credit for, were included in the indictment. The stolen data from these attacks, and many more, were published on a website owned by the hacker and in tandem social media were used to promote the hacks and the release of the proprietary information.
The charges contained in the indictment and its respectively penalties are:

• Conspiracy to commit computer fraud and abuse; punishable by up to 5 years in prison.
• Wire fraud and conspiracy to commit wire fraud; punishable by up to 20 years in prison.
• Aggravated identity theft; punishable by a mandatory minimum 24 months in prison to run consecutive to any sentence imposed on other counts of conviction.

However, these charges are only allegations. So, in accordance with the UN’s Universal Declaration of Human Rights, Article 11, the legal principle; “presumption of innocence” that imposes that a person is innocent until proven guilty, should of course be considered.
The indictment can be found here.

Another hacker-related apprehend, is the recently arrested Russian national who travelled to the USA and allegedly proposed to pay a Russian-speaking worker at the Tesla Gigafactory in Sparks, Nevada $1 million to deliver malware to the factory’s computer systems. The intention was to extract data from the network and then threaten to release it, in order to get Tesla to pay a ransom. Fortunately, (from the perspective of Tesla) the employee did not agree to the offer. Instead the employee informed Tesla and the company contacted the FBI, which launched a sting operation and arrested the Russian citizen while he was attempting to leave the USA. The Russian claimed that he would receive $250,000 for recruiting the employee and has now pleaded guilty to the charge of “conspiracy to intentionally cause damage to a protected computer”. If found guilty in a jury trial he could have faced up to five years in jail, three years of supervised release and a $250,000 fine. However, with the guilty plea, he is now looking at between four and 10 months in jail with three years of supervised release. The Russian will not receive a fine, but he must pay Tesla $14,824.88 in restitution. The plea deal is subject to prosecutorial approval and the hearing is set for May 10th, 2021.

Written by Joakim Rosell