Nintendo ‘Hacker’ Gary Bowser Released From Federal Prison

An anonymous reader quotes a report from TorrentFreak: Last year, a U.S. federal court handed a 40-month prison sentence to Gary Bowser. The Canadian pleaded guilty to being part of the Nintendo hacking group “Team Xecuter” and has now served his time. In part due to his good behavior, Bowser got an early release from federal prison. […] In a recent video interview with Nick Moses, Bowser explains that he was released from federal prison on March 28th. He is currently in processing at the Northwest Detention Center in Tacoma, Washington, to prepare for his return to Canada.

What his life will look like in Canada remains uncertain. However, in federal prison, Bowser has shown that he doesn’t shy away from putting in work and helping other people in need. Aside from his prison job, he spent several nightly hours on suicide watch. The prison job brought in some meager income, a large part of which went to pay for the outstanding restitution he has to pay, which is $14.5 million in total. Thus far, less than $200 has been paid off. “I’ve been making payments of $25 per month, which they’ve been taking from my income because I had a job in federal prison. So far I paid $175,” Bowser tells Nick Moses.

If Bowser manages to find a stable source of income in Canada, Nintendo will get a chunk of that as well. As part of a consent judgment, he agreed to pay $10 million to Nintendo, which is the main restitution priority. “The agreement with them is that the maximum they can take is 25 to 30 percent of your gross monthly income. And I have up to six months before I have to start making payments,” Bowser notes. At that rate, it is unlikely that Nintendo will ever see the full amount. Or put differently, Bowser will carry the financial consequences of his Team-Xecuter involvement for the rest of his life.

Read more of this story at Slashdot.

FBI Seizes Bot Shop ‘Genesis Market’

Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. KrebsOnSecurity reports: Sources tell KrebsOnsecurity the domain seizures coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data. Active since 2018, Genesis Market’s slogan has long been, “Our store sells bots with logs, cookies, and their real fingerprints.” Customers could search for infected systems with a variety of options, including by Internet address or by specific domain names associated with stolen credentials.

But earlier today, multiple domains associated with Genesis had their homepages replaced with a seizure notice from the FBI, which said the domains were seized pursuant to a warrant issued by the U.S. District Court for the Eastern District of Wisconsin. But sources close to the investigation tell KrebsOnSecurity that law enforcement agencies in the United States, Canada and across Europe are currently serving arrest warrants on dozens of individuals thought to support Genesis, either by maintaining the site or selling the service bot logs from infected systems. The seizure notice includes the seals of law enforcement entities from several countries, including Australia, Canada, Denmark, Germany, the Netherlands, Spain, Sweden and the United Kingdom. […]

One feature of Genesis that sets it apart from other bot shops is that customers can retain access to infected systems in real-time, so that if the rightful owner of an infected system creates a new account online, those new credentials will get stolen and displayed in the web-based panel of the Genesis customer who purchased that bot. “While some infostealers are designed to remove themselves after execution, others create persistent access,” reads a March 2023 report from cybersecurity firm SpyCloud. “That means bad actors have access to the current data for as long as the device remains infected, even if the user changes passwords. SpyCloud says Genesis even advertises its commitment to keep the stolen data and the compromised systems’ fingerprints up to date. “According to our research, Genesis Market had more than 430,000 stolen identities for sale as of early last year — and there are many other marketplaces like this one,” the SpyCloud report concludes.

Read more of this story at Slashdot.

Sam Bankman-Fried is Under House Arrest – at Stanford. Students are Fascinated

FTX founder Sam Bankman-Fried “has been under house arrest at his parents’ home on the Stanford campus since December,” writes the Washington Post, “making the elite university the unlikely host to one of America’s most notorious alleged white-collar criminals.

“Surrounded by student co-ops, fraternity houses and other faculty homes, he’s the talk of the neighborhood.”

Bankman-Fried, the son of two Stanford law professors, was released on a $250 million bond secured by the Craftsman-style house. While awaiting his fraud trial later this year, Bankman-Fried wears an ankle bracelet to track his movements and plays with his new dog, Sandor, according to a Puck News report…. It remains to be seen what consequences Bankman-Fried, who pleaded “not guilty,” might face. So far, his ability to be detained at home, instead of held in prison, is an exception to how most federal defendants are treated. The quiet, traffic-light Stanford neighborhood is quite the upgrade from Fox Hill, a notoriously rough prison in the Bahamas where Bankman-Fried was briefly held before being extradited.

If Bankman-Fried violates the terms of his bail agreement, his parents could lose their house, which they’ve owned since 1991 and is worth over $3.5 million, according to public property records….

The U.S. government has tried to restrict his access to virtual private networks and certain apps where messages disappear, but a final ruling has not been made. The judge presiding over his case asked in a hearing last month, “Why am I being asked to turn him loose in this garden of electronic devices?,” highlighting that despite any restrictions the court might place on Bankman-Fried’s use of technology, he remains in a home with his parents who also have a plethora of ways to be wired. On Friday, prosecutors proposed limiting Bankman-Fried to a flip-phone or “non-smartphone” that cannot access the internet, and that he be issued a new laptop “with limited functionalities.” Prosecutors also want to place strict limits and monitoring tools on his parents’ devices.
But meanwhile, among the student population, “There are party fliers with his likeness. He’s a punchline in campus comedy sketches. Students ride their bikes by on dates…. When asked whether they could confirm a rumor that a nearby student co-op had attacked the Bankman-Fried home with eggs, Stanford campus police did not respond.”
And one freshman/cryptocurrency enthusiast even stole a sign from in front of Bankman-Fried’s house, then “paraded it around for selfies at a cryptocurrency networking event. The sign is currently growing mold in his dorm-room closet.”

Bankman-Fried, who grew up on campus, “certainly fits into what I regard as the kind of culture of Stanford,” says Richard White, a retired Stanford history professor — even if the 30-year-old former billionaire left Silicon Valley to attend MIT. White and others characterize Stanford’s culture as a place where faculty and students are emboldened to take big risks in conceiving the next hot start-up or breakthrough innovation, often with easy access to capital, the conviction that they’re changing the world — and few consequences if things go south.
“Through his spokesman Mark Botnick, Bankman-Fried declined to comment for this article….”

Read more of this story at Slashdot.

Ransomware Attacks, Payments Declined In 2022: Report

CRN reports:

Prominent incident response firm Mandiant disclosed Tuesday that it responded to 15 percent fewer ransomware incidents last year. The statistic was first reported by the Wall Street Journal. Mandiant, which is owned by Google Cloud, confirmed the stat in an email to CRN.

The WSJ report also included several other indicators that 2022 was a less successful year for ransomware. Cybersecurity giant CrowdStrike told the outlet that the average ransom demand dropped 28 percent last year, to $4.1 million, from $5.7 million the year before. The firm reportedly pinned the decline on factors including the arrests of ransomware gang members and other disruptions to the groups last year, as well as the drop in the value of cryptocurrencies such as Bitcoin. CrowdStrike confirmed the stat to CRN.

Their article also cites a blog post from Chainalysis, the blockchain data platform, which estimated that 2022’s total ransomware revenue “fell to at least $456.8 million in 2022 from $765.6 million in 2021 — a huge drop of 40.3%.” And that blog post cites the Chief Claims Officer of cyber insurance firm Resilience, who also specifically notes “signs that meaningful disruptions against ransomware actor groups are driving lower than expected successful extortion attempts,” including arrests and recovery of extorted cryptocurrency by western law enforcement agencies.

From the Wall Street Journal:
After ballooning for years, the amount of money being paid to ransomware criminals dropped in 2022, as did the odds that a victim would pay the criminals who installed the ransomware…. “It reflects, I think, the pivot that we have made to a posture where we’re on our front foot,” Deputy Attorney General Lisa Monaco said in an interview. “We’re focusing on making sure we’re doing everything to prevent the attacks in the first place.”

The hacking groups behind ransomware attacks have been slowed by better company security practices. Federal authorities have also used new tactics to help victims avoid paying ransom demands…. And the FBI said last month that it disrupted $130 million in potential ransomware profits last year by gaining access to servers run by the Hive ransomware group and giving away the group’s decryption keys — used to undo the effects of ransomware — for free.

In the fall, about 45 call-center operators were laid off by former members of a ransomware group known as Conti, according to Yelisey Bohuslavskiy, chief research officer with the threat intelligence firm Red Sense LLC. They had been hired as part of a scam to talk potential victims into installing remote-access software onto networks that would then be infected by ransomware, but the call centers ended up losing money, he said.
Companies have also stepped up their cybersecurity practices, driven by demands from insurance underwriters and a better understanding of the risks of ransomware following high-profile attacks. Companies are spending more money on business continuity and backup software that allow computer systems to restart after they have been infected. With improved backups, U.S. companies are better at bouncing back from ransomware attacks than they were four years ago, according to Coveware Inc., which helps victims respond to ransomware intrusions and has handled thousands of cases. Four years ago, 85% of ransomware victims wound up paying their attackers. Today that number is 37%, according to Coveware Inc. Chief Executive Bill Siegel.

Read more of this story at Slashdot.

A $402K GoFundMe Scam Leads to a Three-Year Prison Term

CNN reports that 32-year-old Katelyn McClure “has been sentenced to three years in state prison for her role in scamming more than $400,000 from GoFundMe donors, by claiming to be collecting money for a homeless man.”

In 2017, McClure claimed she ran out of gas and was stranded on Interstate 95 in Philadelphia. The homeless man, Johnny Bobbitt Jr., supposedly saw her and gave her his last $20 for gas. McClure and her then-boyfriend, Mark D’Amico, posted about the “good deed” on social media, including a picture of her with Bobbitt on a highway ramp. They also started a GoFundMe campaign to raise money for the homeless veteran, saying they wanted to pay it forward to the good Samaritan and get him off the streets.

The story went viral and made national headlines, with more than 14,000 donors contributing. The scammers netted around $367,000 after fees, according to court documents…. Bobbitt, who received $75,000 from the fundraiser, according to prosecutors, took civil action against D’Amico and McClure and the scam soon became public…. D’Amico and Bobbitt were charged in 2018 alongside McClure for concocting the scheme, prosecutors said. McClure pleaded guilty to one count of theft by deception in the second degree in 2019, according to the Burlington County prosecutor.

Bobbitt pleaded guilty to conspiracy to commit theft by deception in 2019 and was sentenced to a five-year special probation period which includes drug treatment. D’Amico also pleaded guilty and agreed to a five-year term in New Jersey state prison, as well as restitution of GoFundMe and the donors, in 2019.

“The gas part is completely made up, but the guy isn’t,” McClure texted a friend (according to CNN). “I had to make something up to make people feel bad.” So what happened to “the guy” from the highway ramp? Prosecutors note that if Bobbitt “fails to adhere to the tightly-structured regimen of treatment and recovery services, which includes frequent testing for drug use, he could be sentenced to five years in state prison.”

And they add that the judge “also ruled that McClure, a former state Department of Transportation worker, is permanently barred from ever holding another position as a public employee.”

Their statement points out that the 2017 campaign was at the time the largest fraud ever perpetrated through GoFundMe — which voluntarily reimbursed the 14,000-plus donors.

Read more of this story at Slashdot.

Swatters Used Ring Cameras To Livestream Attacks, Taunt Police, Prosecutors Say

An anonymous reader quotes a report from Ars Technica: Federal prosecutors have charged two men with allegedly taking part in a spree of swatting attacks against more than a dozen owners of compromised Ring home security cameras and using that access to livestream the police response on social media. Kya Christian Nelson, 21, of Racine, Wisconsin, and James Thomas Andrew McCarty, 20, of Charlotte, North Carolina, gained access to 12 Ring cameras after compromising the Yahoo Mail accounts of each owner, prosecutors alleged in an indictment filed Friday in the Central District of California. In a single week starting on November 7, 2020, prosecutors said, the men placed hoax emergency calls to the local police departments of each owner that were intended to draw an armed response, a crime known as swatting.

On November 8, for instance, local police in West Covina, California, received an emergency call purporting to come from a minor child reporting that her parents had been drinking and shooting guns inside the minor’s home. When police arrived at the residence, Nelson allegedly accessed the residence’s Ring doorbell and used it to verbally threaten and taunt the responding officers. The indictment alleges the men helped carry out 11 similar swatting incidents during the same week, occurring in Flat Rock, Michigan; Redding, California; Billings, Montana; Decatur, Georgia; Chesapeake, Virginia; Rosenberg, Texas; Oxnard, California; Darien, Illinois; Huntsville, Alabama; North Port, Florida; and Katy, Texas.

Prosecutors alleged that the two men and a third unnamed accomplice would first obtain the login credentials of Yahoo accounts and then determine if each account owner had a Ring account that could control a doorbell camera. The men would then use their access to gather the names and other information of the account holders. The defendants then placed the hoax emergency calls and waited for armed officers to respond. It’s not clear how the defendants allegedly obtained the Yahoo account credentials. A separate indictment filed in November in the District of Arizona alleged that McCarty participated in swatting attacks on at least 18 individuals. Both men are charged with one count of conspiracy to intentionally access computers without authorization. Nelson was also charged with two counts of intentionally accessing without authorization a computer and two counts of aggravated identity theft. If convicted, both men face a maximum penalty of five years in prison. Nelson faces an additional maximum penalty of at least seven years on the remaining charges.

Read more of this story at Slashdot.