Alleged Lapsus$ gang member, Silk Road adviser and accused cyber pro face legal consequences

It was a busy Tuesday in the courts for crooks and alleged cybercrooks.

Prosecutors told a London court that a teenage member of a hacking gang breached Uber and the makers of the Grand Theft Auto video game. Federal prosecutors announced that an adviser to an infamous online black market received a prison sentence. And authorities arrested and indicted a cybersecurity professional for allegedly stealing millions in cryptocurrency.

The three cases collectively represent a pretty broad cross-section of how criminals can use cyber to enable and conduct unlawful activity.

Lapsus$

Arion Kurtaj, 18, and an unnamed 17-year-old were “key players” in the Lapsus$ hacking group, prosecutors told a London court last week. The court lifted a reporting restriction on the case Tuesday.

Kurtaj specifically, and independently, hacked Uber and fintech firm Revolut last year, authorities allege, according to Sam Tobin of Reuters.

Also in 2022, he allegedly hacked video game maker Rockstar Games and threatened to release source code of a planned Grand Theft Auto sequel.

The hack of Uber reportedly caused $3 million worth of damages, and Kurtaj allegedly accessed the data of 5,000 Revolut customers.

Together with the 17-year-old, who couldn’t be named for legal reasons, Kurtaj also stands accused of blackmailing Britain’s biggest broadband provider BT Group, mobile operator EE and chip maker Nvidia. The 17-year-old separately hacked London police's cloud storage, according to prosecutors.

Kurtaj faces 12 charges, but psychiatrists have deemed him unfit to stand trial, meaning a jury will decide whether he committed the acts instead of rendering a guilty or not guilty verdict.

Brazilian authorities last year arrested another alleged Lapsus$ member. In Brazil, the gang was believed to be behind hacks and attempted hacks on government targets.

Silk Road

A U.S. District Court judge sentenced Roger Thomas Clark, also known by aliases such as “Variety Jones,” to 20 years in prison for conspiring to distribute massive quantities of narcotics.

Clark, a Canadian whom authorities arrested when he was found in Thailand, served as top adviser to Ross Ulbricht, the owner and operator of the online illicit black market known as Silk Road.

The market was active from 2011 to 2013, during which, as a Justice Department news release summarized, it “was used by thousands of drug dealers and other unlawful vendors to distribute illegal drugs and other illicit goods and services to more than 100,000 buyers and to launder hundreds of millions of dollars derived from those unlawful transactions.”

To be more precise, the transactions there had a value of approximately $213 million, according to the Justice Department.

Clark advised Ulbricht, who’s been imprisoned since his 2015 convictions, on things as far-ranging as security vulnerabilities in the Silk Road website and how to promote sales. Clark also urged Ulbricht to carry out a murder-for-hire plot against a Silk Road staffer whom they believed had stolen $350,000 in bitcoin from the site, a plot that didn’t end up hurting the target.

“Roger Thomas Clark was a central figure in helping to lead Silk Road and in advocating violence, even murder, to protect this digital drug empire,” said Damian Williams, the U.S. attorney for the Southern District of New York. “Today’s sentence is another reminder that criminal marketplaces, like Silk Road, are a road to prison.”

Read more on the case from Andy Greenberg at Wired, complete with a bizarre post-script where Clark claimed to have spent $800,000 to buy hacking tools to go after pedophiles (one of the prominent people he said he bought the tools from denies it).

Crypto theft

New Yorker Shakeeb Ahmed, a senior security engineer at an unnamed international tech company, faces wire fraud and money laundering charges stemming from his alleged theft of approximately $9 million in cryptocurrency.

In an interesting twist, Ahmed returned all but $1.5 million worth of the crypto to the victim firm on the condition that it didn’t report the attack to law enforcement, prosecutors say.

“Financial crime strikes at the core of our national and economic banking security,” said Chad Plantz, special agent in charge of the San Diego field office for the Department of Homeland Security’s investigative wing. “With an attack of this magnitude, it’s crucial we ensure continued consumer confidence in our financial system. Ruthless and reckless attempts aimed to sabotage legitimate commerce for greed must be stopped.”

While the Justice Department news release also didn’t name the victim firm, the details of the case overlap considerably with those of an incident affecting Crema Finance in 2022. As reported at the time, the hacker was allowed to keep a little more than $1.5 million as a “white hat bounty,” usually awarded in situations where someone finds and reports a vulnerability rather than exploiting it.

As the news release explains, Ahmed carried out the “attack” by taking advantage of “a vulnerability in one of the Crypto Exchange’s smart contracts and inserting fake pricing data to fraudulently cause that smart contract to generate approximately $9 million dollars’ worth of inflated fees.”

The keys

Chinese hackers breached government officials’ email

Chinese hackers used a vulnerability in Microsoft’s cloud, allowing them to launch a targeted hacking campaign of unclassified U.S. email accounts, Ellen Nakashima, Joseph Menn and Shane Harris report.

Microsoft said it investigated the hack after being notified last month. It found that the hackers “gained access to email accounts affecting about 25 organizations, including government agencies,” our colleagues write. The company also “confirmed Tuesday that its validation procedure had been manipulated to digitally sign dozens of pieces of software,” our colleagues write.

An FBI investigation is ongoing but the hack appears to have been targeted, apparently hitting a limited number of email accounts, according to a person familiar with the matter who spoke on the condition of anonymity because of the matter’s sensitivity. The hack doesn’t appear to have hit Pentagon, intelligence community and military email accounts.

“Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” National Security Council spokesman Adam Hodges said in a statement to The Washington Post. “We continue to hold the procurement providers of the U.S. government to a high security threshold.”

Industry groups urge Biden to nominate new national cyber director before end of July

A coalition of industry groups representing leading cybersecurity and technology companies is urging the Biden administration to nominate a national cyber director before the end of July, according to a letter out this morning.

The groups, which include the Cybersecurity Coalition and Information Technology Industry Council, say in their letter to White House Chief of Staff Jeff Zients that swift action is needed to fill the Office of the National Cyber Director (ONCD) role to protect the United States against current and future cyberthreats.

Chris Inglis and current acting director Kemba Walden , as well as The groups “are concerned that the delay in nominating a candidate for the National Cyber Director role could impede the great work” accomplished under former directorand current acting director, as well as hinder the implementation of a new national cyber strategy unveiled in March.

Inglis, the first White House national cyber director, stepped down from his role in February on the cusp of the cyber strategy’s release.

The groups also urged the administration to issue an executive order to clarify the cybersecurity-related roles and responsibilities in various agencies, including the National Security Council, Cybersecurity Infrastructure and Security Agency, Office of Management and Budget and National Institute of Standards and Technology.

“Congress’s decision to make this a Senate-confirmed position has created potential overlaps, making such a clarification necessary,” the letter argues.

Members of Congress who co-chair the successor group to the independent commission behind the creation of ONCD recommended Walden to be nominated for the position in May.

Russia-linked RomCom group is targeting NATO summit attendees

NATO summit attendees in Lithuania are being targeted by Russia-linked cybercrime group RomCom as the war in Ukraine takes center stage with Ukrainian President Volodymyr Zelensky in attendance.

BlackBerry Threat Research and Intelligence discovered a pair of malicious documents submitted from a Hungarian IP address that they’ve attributed to RomCom, Elizabeth Montalbano reports for DarkReading

“One of the documents impersonates the Ukrainian World Congress organization, and the other is a ‘fake lobbying document [claiming to be] in support of Ukraine,’” Montalbano writes, citing the researchers.

RomCom is “known to conduct opportunistic ransomware and extortion-only operations, as well as targeted credential-gathering campaigns likely in support of intelligence operations,” Microsoft Threat Intelligence said Tuesday in a blog post detailing their own analysis of the cyber group’s campaign, which is linked to an unpatched bug in the company’s Windows and Office products.

“While the flaw is not yet addressed, Microsoft says it will provide customers with patches via the monthly release process or an out-of-band security update,” Sergiu Gatlan reports for Bleeping Computer

RomCom is known for impersonating popular sites to spread hidden malware , sometimes through fictitious software offerings.

