Many of us who have been following the cyber-crime scene for a few years have openly griped about the lack of success that law enforcement officials have had in bringing the bad guys to justice.
LEOs themselves have long blamed a lack of dedicated resources and the need to more aggressively pursue criminals in the offline world as prime catalysts in their seeming inability to get more cyber-baddies taken offline, collared and thrown in the clink.
Another problem frequently identified by officials has been a distinct lack of cooperation and consistency present in efforts to chase down electronic criminals across international borders.
However, it would seem that progress is finally being made. In the last week alone, several high-profile hackers and data thieves have been sentenced or apprehended, and warrants have been issued in an attempt to get other cyber-criminals off the street.
On Monday, an Indian-born hacker, Thirugnanam Ramanathan, 35, was sentenced to two years in a U.S. federal prison for masterminding a sophisticated pump-and-dump scheme. As part of the campaign, Ramanathan reportedly hijacked people’s online brokerage accounts.
In addition to his jail sentence, the scammer was also ordered to pay back more than $350,000 in ill-begotten profits. The U.S. Department of Justice gets the credit for spearheading the investigation that led to Ramanathan’s arrest and extradition from Malaysia to the United States to face prosecution.
Two other men have also been identified as having participated as co-conspirators in the pump-and-dump campaign, with one, Jaisankar Marimuthu, 33, having been prosecuted and found guilty of related charges in Hong Kong, where he, Ramanathan and their other partner had been living.
The third man, Chockalingham Ramanathan, 34, has yet to be apprehended.
Among the companies who saw their customers’ accounts subverted as part of the scheme were U.S.-based E-Trade and Ameritrade.
In another case, an Israeli man who had previously been caught infiltrating U.S. Department of Defense networks while still a minor has been arrested in Canada for carrying out a hacking spree on a Calgary banking company.
Ehud Tenenbaum, 29, and three other individuals were arrested in Montreal last week for allegedly stealing close to $2 million from Direct Cash Management in Calgary.
Officials maintain that the gang had been running an elaborate credit card fraud scheme using altered pre-paid debit cards issued by Direct Cash to trick ATMs into giving them cash.
The other people taken into custody were Priscilla Mastrangelo, 30, Ralph Jean-Francois, 28, and Spyros Xenoulis, 33, all residents of Montreal.
Interestingly, Tenenbaum, the alleged mastermind of the scam, had also reportedly been working as an ethical hacker who helped Israel-based companies protect their operations from attacks. He was initially busted for hacking DoD networks as a teen in 1998.
And, in another instance, arrest warrants have been issued in South Korea for three former employees of GS Caltex, a large oil refining company in the nation, for stealing the personal information of more than 11 million of the company’s customers.
The activities of the thieves were discovered when two disk drives containing the involved data were found discarded in a Seoul subway station in September.
If confirmed, the incident would represent the largest such incident publicly reported in South Korea’s history
The country’s Cyber Terror Response Center of the National Police Agency is credited with spearheading that investigation.
So, perhaps it’s time to start giving our LEOs more credit as it does appear that they are making some headway, and in many different parts of the globe.
Keep up the good work!
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.