The World's Largest Cybercrime Empire

Authored by Alex Kimani via SafeHaven.com,

When you hear of state-sponsored cybercrime, you probably conjure up images of cybercriminals linked with the Russian government outwitting sophisticated infosec systems and stealing mountains of state data.

Well, that’s pretty representative of your average state-sponsored hack, only that the latest and biggest hacking ring to be busted (sort of) is run by regular Ukrainian guys and employs sophisticated state-sponsored techniques, primarily targeting American businesses and companies.

Biggest Hacking Organization

Meet the Fin7 hacking Group, the most costly cybercrime ring in town. The group has earned its stripes as one of the most sophisticated and aggressive hacking organizations in the world, alleged to have leeched a billion dollars from companies in America and around the world.

Fin 7, aka Carbanak Group, has stolen more than 15,000 credit card data-sets from at least 3,600 businesses around the world in its years-long operation. The DoJ has already indicted three Ukrainian nationals for their involvement and charged them with 26 counts of felony each, including conspiracy, hacking and wire fraud.

The three men, Dmytro Fedorov (44), Fedir Hladyr (33), and Andrii Kopakov (30), were high-level operatives in the underground empire as an administrator and group supervisors, respectively. But make no mistake: Fin 7 still continues its insidious operations even with the three firmly behind bars.

Sophisticated Techniques

Barry Vengerik, threat analyst at FireEye Inc. and coauthor of the Fin7 report, says the have been surprised by the sophistication of the techniques employed by the group, most of them associated with state-sponsored hacks and not your average financially motivated cybercrime.

It’s a plot that would impress even the most battle-weary sleuth.

Take the case of one unnamed employee at a Red Robin Gourmet Burgers and Brews. One day this employee received an email from ray.donovan84@yahoo.com from what appeared like a normal email from a disgruntled customer kvetching about a bad experience they had at the hotel.

The email urged the recipient to open a certain attachment for further details. Unfortunately, the employee fell for the ruse and opened said attachment, unwittingly granting access to the Fin 7 network.

In a matter of days, the hackers had mapped the hotel’s internal network. Within a week, they had stolen the username and password for the hotel’s point-of-sale system. Inside two weeks,  a Fin 7 member uploaded a file containing usernames and passwords for nearly 800 Red Robin locations including details about location of alarm panels within individual restaurants. That’s how thorough Fin 7 is.

The Fin7 indictment says there are at least nine other hacks that followed Red Robin’s exact playbook of relentless phone calls and bellyaching.

The first round of emails usually looked innocuous enough; just an everyday customer reaching out with a question or concern. But later on comes an email with a simple Word doc or rich text file as an attachment containing pertinent information by the customer. Forgot to open the attachment? No problem, a Fin 7 agent will give you a call reminding you to do so. The email trail might look something like this:

(Click to enlarge)

But perhaps nothing proves the sheer professionalism by these guys like the lengths they were willing to go to achieve their goals and later cover their tracks. For instance, Fin7 used a front company known as Combi Security that purportedly is headquartered in Israel and Russia (this one just had to be there for the plot to be complete). The website has been listed for sale since March, probably after serving its purpose.

Members often group communicated through a private HipChat server in numerous private chatrooms, collaborating on malware and victim business intrusions.

Jira, another Atlassian program, was used for project management including tracking stolen data and network maps. It’s a ring staffed with dozens of members with diverse skillsets, and the majority are still lurking out there, somewhere.

Ok, but what did these guys do with all that stolen business data? Easy, millions of stolen payment card numbers were sold in black market websites such as Joker’s Stash.

In short, the horror show has just begun.

Comments

SocratesSolutions SocratesSolutions Fri, 08/10/2018 - 06:41 Permalink

Who will stand up to them? I will. So will you. I'll do more than that. I'll take them down. Permanently. The time is now. The future of the kids is at hand. 

Here is what the dumb Jews are doing with their sick Supremacy Psychosis under the Protocols (which are of course quite genuine). This is the Talpiot Program the nuts are engaged upon:

Netanyahu can get away with murder because Israel controls the worlds high technology sector – over and above even the US. That “American” you see “controlling” something? He or she is an American Jew or Zionist, dual national Israeli American citizen. Israel rules. Until we target specifically this control of the high technology sector and specifically The Talpiot Program, we will all continue to wonder how Israel gets away with all it does. It is a racist state of the most odious kind. But who will stand up to them? From medical nanotechnology to cybersecurity to private hacking companies to military technology to police databases, banking, finance and medical – Israel runs them all.

In reply to by SocratesSolutions

Richard640 Adolfsteinbergovitch Fri, 08/10/2018 - 07:22 Permalink

HEEEEEY, ADOLF....

HEEEEEY, STOOOOOOOOOOOOOOOPID-ALL U FUCKERS!

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

GAZA COULD BE THE MOST PROSPEROUS ARAB AREA IN THE MIDDLE EAST....WELL, AT LEAST HAVE A GOOD LIFE FOR ITS CITIZENS--IF ONLY THEY WOULD WORK WITH THE ISRAELIS...JUST FROM EURO-SUNBIRDS IN THE WINTER--THEY COULD DO WELL...HOW FUCKING DUMB ARE THE HAMAS...BUT OH, NO, ALL THEIR AID INCOME IS SPENT ON TUNNELS AND ROCKETS AND JEEEEEEEEEEEEEEE-HAD--ARAB MOO-SLEMS AND ARAB CHRISTIANS IN ISRAEL THANK THEIR LUCKY STARS THAT THEY ARE THERE...CHRISTIANS SAY ISRAEL IS THE ONLY PLACE THEY FEEL SAFE--

$$$$$$$$$$$$$$$$^^^^^^^^^^^^^^^^^^^^^^^^######################

BUT ALL YOU VERMIN GOTTA HATE THE KIKES...

**********************************************************

SINCE 1948 & UNTIL TODAY  ISRAELS LEADERS--IN PUBLIC FORUMS!!!!!!-- HAVE BEGGED FOR PEACE WITH THE ARABS-ALL THOSE YEARS ARAB LEADERS ONLY TALKED ABOUT PUSHING THE JEWS INTO THE SEA--HAD THEY LIVED IN PEACE WITH ISRAEL, THE MIDDLE EAST WOULD BE THE MOST PROSPEROUS REGION ON EARTH--

**********************************

WHEN ISRAEL BECAME A STATE THERE WAS MUCH SYMPATHY FOR IT AROUND THE WORLD--THE LEFT LOVED THE JEWS AS LONG AS THEY COULD WEEP CROCODILE TEARS OVER THEM AS VICTIMS--BUT ONCE THE "PEOPLE OF THE BOOK" STARTED WINNING WARS AND SHOWED THEY COULD BE WARRIORS, THE LOVE ENDED AND THE OLD ANTISEMITISM RE-EMERGED--

****************************************

THE 2000 YR 'TEACHING OF CONTEMPT" FOR THE JOO VIA THE KRISTIAN BIBLE AND PREACHING HAD DONE ITS WORK...GERMAN THEOLOGIANS SHAMEFACEDLY ADMITTED AS MUCH AFTER THE WAR IN 1945.

**************************************************

NOW THAT EUROPE IS INFESTED WITH THE VERMIN [radical islamists], THE EUROPEANS UNDERSTAND EXACTLY WHAT KIND OF PEOPLE ISRAEL HAS HAD TO DEAL WITH

***************************************************

THE JOO AND HIS TORAH ARE A BLESSING UNTO THE WORLD-WESTERN LAW DID NOT DERIVE FROM THE GREEKS OR ROMANS BUT FROM THE JOOS--JESUS WAS A JEW, SO WHY NOT YOU?

*******************************************

--GET A LIFE! LOOK DEEP, DEEP WITHIN YOURSELF-GET YOUR HEAD STRAIGHT BEFORE IT'S TOO LATE...

 

In reply to by Adolfsteinbergovitch

Akzed Richard640 Fri, 08/10/2018 - 09:25 Permalink

People of the book? You may think you mean the Old Testament but surprise! you're wrong. The "book" you don't realize animates them is the Talmud, a multi-volume compendium of anti-Christ filth. Therefore you should call them people of the satanic books. When a goy discovers it he gets all uppity, like Luther. Then ignoramuses and spooks call him names and type all in caps.

In reply to by Richard640

fleur de lis Richard640 Fri, 08/10/2018 - 10:04 Permalink

Richard640,

America has been cutting massive welfare checks for Israel and they get bigger every day.

In gratitude for America's generosity, Israel attacked the unarmed communication ship USS Liberty, killing many sailors outright, and then when the wounded were being lowered into the water in lifeboats for medical evacuation, our Israeli allies sent speed boats to machine gun them and prevent access to critical medical care.

Thanks a lot, Israel.

The 1967 war was spinning out of control so the DC Swamp/Tel Aviv psychopaths needed a false flag to stop it.

Israel conspired with Swamp traitors to sink the ship with all hands so as to frame the Egyptians, after which Cairo would be severely punished, bringing the war to an end.

Thankfully, the legendary Israeli military ineptitude saved the ship, because even though the Israelis kept attacking at a leisurely clip for hours with no return fire, they could not sink it.

That was why the Liberty was chosen for sacrifice on the dual Swamp/Tel Aviv altar, because an armed ship would have wiped out the attackers like mosquitoes in a matter of minutes.

They would have been zapped before they knew what hit them.

So do tell Dickie, what is your version for the Israeli attack on the USS Liberty?

 

In reply to by Richard640

ChaoKrungThep 07564111 Fri, 08/10/2018 - 07:44 Permalink

Using stupid Windows. A Linux system would first warn this person about phishing, then block his/her access to the system. A Linux user login only allows access to your own little world - no big, important stuff. You lose your cat & dick pix. The log system immediately calls Admin. Finish. 

A proper Linux setup has never been cracked. Oh the expense?!!! No. It's free, idiots. Been using Linux since 1995, never a problem.    

In reply to by 07564111

LA_Goldbug Fri, 08/10/2018 - 04:08 Permalink

"The DoJ has already indicted three Ukrainian nationals for their involvement and charged them with 26 counts of felony each, including conspiracy, hacking and wire fraud.

The three men, Dmytro Fedorov (44), Fedir Hladyr (33), and Andrii Kopakov (30)"

 

DoJ made a mistake. These guys are Russian !!! Putin' boys for sure. Ukrainians are Europe loving Democrats who would never stoop so low.

Sonny Brakes Fri, 08/10/2018 - 04:32 Permalink

Imagine if such an organization were able to with only a few keystrokes completely destroy all financial records and maybe even all official records of our existence in the eyes of the institutions that assume they own us.

jin187 Sonny Brakes Fri, 08/10/2018 - 05:38 Permalink

Oh those kind of records are untouchable.  They might let your CC# flutter in the wind in crappy PoS devices and idiot salesman's laptops, but all the stuff they need to know that you owe them money has backup for the backup's backup.  The only thing likely to survive total nuclear annihilation are the cockroaches, and the credit reports.

In reply to by Sonny Brakes

Sparkey Sonny Brakes Fri, 08/10/2018 - 06:31 Permalink

Good morning Sonny, They assume they own us, and we assume they are custodians of our Money, But we really own nothing, what we 'own' is a static electrical charge in a hard drive somewhere, if something happens to the electricity that maintains the system everything we 'own' is gone without a trace at the speed of light, we no longer 'own' anything beyond the idea that we have money in the bank!

In reply to by Sonny Brakes

LOL123 Fri, 08/10/2018 - 04:46 Permalink

Weird article- "Take the case of one unnamed employee at a Red Robin Gourmet Burgers and Brews. One day this employee ... Then talks about hotel.

Either the author is confused or I am. Do they have Red Robin resturants at hotels?

arrowrod Fri, 08/10/2018 - 05:18 Permalink

The DOJ?  The USofA DOJ?  Indicted?  In jail?  Is there going to be a trial?

OK, now that these masterminds have been rounded up and jailed, I can start clicking on email attachments.

Or, maybe my email provider...  "expletive deleted"!

truthalwayswinsout Fri, 08/10/2018 - 06:32 Permalink

Cybercrime is easy to stop. It's called catch and kill. If you catch you can allow the criminal a chance to live if he or she reveals the full extent of their tech and turns in 20 plus compatriots in 30 days. Guaranteed that it will end in about 6 months. Of course, you would have to kill about 6000 plus people.

Superlat Fri, 08/10/2018 - 06:46 Permalink

I've hear about some low-level businesses having their data held hostage for payoffs. The cops and FBI advise the business owners to pay up since they can't stop it in time.

Those are probably ukrainians also. Why is it we always make allies with the asshole side?

lincolnsteffens Superlat Fri, 08/10/2018 - 08:58 Permalink

Somehow one of these cyber crooks managed to get part of a password on one account with my e mail address. They sent an e mail demanding a "very fair $1000 within 24 hours".  As they did not have my log in they shut me out of my one account. When I tried to get into my account I merely had to change my password.  I received the e mail after I had been shut out of the account, reported it to the company with my account and deleted the e mail threat.

In reply to by Superlat

Heroic Couplet Fri, 08/10/2018 - 06:59 Permalink

How many times did Trey Gowdy shoot his mouth off about "referring the Benghazi hearings to the Dept of Justice." AND DIDN"T. Matched by the number of times Devin Nunes requested documents from the Dept of Justice and the DoJ ignored him.