News | International
14 Nov 2024 13:00
NZCity News
NZCity CalculatorReturn to NZCity

  • Start Page
  • Personalise
  • Sport
  • Weather
  • Finance
  • Shopping
  • Jobs
  • Horoscopes
  • Lotto Results
  • Photo Gallery
  • Site Gallery
  • TVNow
  • Dating
  • SearchNZ
  • NZSearch
  • Crime.co.nz
  • RugbyLeague
  • Make Home
  • About NZCity
  • Contact NZCity
  • Your Privacy
  • Advertising
  • Login
  • Join for Free

  •   Home > News > International

    Court filings reveal inner workings of alleged hackers accused of the ShinyHunters data breach

    Connor Moucka and John Binns have been arrested in connection to the Snowflake data breaches, which impacted customers of major companies.


    Court documents in the arrest of two men accused of being associated with an international hacking syndicate have revealed how they allegedly got access to "billions" of sensitive customer records.

    Canadian Connor Moucka, also known as Alexander Moucka, and Turkish citizen John Binns were arrested and charged with computer fraud, wire fraud and aggravated identity theft over the hack on cloud storage facility Snowflake.

    While the victims were not named in the indictment, Snowflake's customers included US telecommunications business AT&T, Neiman Marcus and Mitsubishi.

    The hack allegedly resulted in the theft of individual's text history, banking, payroll records, driver's licence numbers, passport numbers and other personal information.

    US prosecutors said the charges related to a period between November 2023 and October 2024.

    "Moucka, Binns and their co-conspirators accessed and obtained data from at least 10 different organisations' Cloud Computing Instances using stolen access credentials," the indictment said.

    "The co-conspirators … used software they dubbed 'Rapeflake' to identify valuable information residing within the victims' Cloud Computing Instances, including organisation names, user roles and [IP] addresses, among other information."

    The indictment detailed how Mr Binns and Mr Moucka allegedly extorted victims by threatening to sell or distribute the data, and three victims paid the ransom.

    The scheme is believed to have netted $2.5 million USD, or $3,814,988 AUD.

    Accused hackers used many aliases

    Mr Moucka allegedly went by a number of different personas online, including judische, catist, waifu and ellyel8.

    Mr Binns allegedly went by irdev and j_irdev1337.

    The indictment alleges the men frequently changed accounts to protect their anonymity, and operated on off-shore servers that would not regularly log IP addresses.

    It is alleged they leased technological infrastructure using fraudulent information and payment methods for the conspiracy, including servers and IP addresses.

    US prosecutors said they would advertise stolen data on the dark web and demand payments in cryptocurrency so they could hide the source and destination of their money.

    The victims

    The individual victims of the data breaches were not named in the indictment, and were instead named as "Victim 1" to "Victim 6".

    While the affected parties remain anonymous, the impact of the Snowflake data breach continues to have worldwide ramifications - including in Australia.

    The Australian Cyber Security Centre issued advice about the breach, warning Snowflake customers to take steps to protect themselves.

    "Australian organisations who utilise Snowflake should reset credentials for active accounts, disable non-active accounts, enable Multi-Factor Authentication (MFA), and review user activity," they said.

    "The [cyber security centre] is monitoring the situation and is able to provide assistance and advice as required."

    In a statement, Snowflake said it was aware many of its customers had been compromised during the hack.

    "To date, we do not believe this activity is caused by any vulnerability, misconfiguration, or malicious activity within the Snowflake product," a spokesperson said.

    "Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted."

    Fall-out continues

    Ticketmaster and Live Nation customers have recently filed a class action lawsuit in California, regarding a hack on the business that happened during the same period outlined in the indictment.

    The plaintiff has alleged the businesses failed to adequately protect their private information.

    "Plaintiff's and class members' personal information — which they entrusted to defendant on the mutual understanding that defendant would protect it against unauthorised disclosure — was compromised in a data breach," the lawsuit alleged.

    Ticketmaster has previously assured customers their details were safe, but warned them to keep an eye out for identity theft.

    "We take data protection very seriously and have been working with the relevant authorities, including law enforcement, as well as credit card companies and banks," a spokesperson said.

    It is still unclear how the hack occurred, but Google analysts previously said it was likely due to a threat actor using credentials previously stolen via infostealer malware.


    ABC




    © 2024 ABC Australian Broadcasting Corporation. All rights reserved

     Other International News
     14 Nov: What is the Treaty of Waitangi and why is it sparking huge Maori protests in New Zealand?
     14 Nov: Donald Trump and Joe Biden meet at White House to discuss transition of presidential power
     14 Nov: What's behind the rise of the far right in Germany?
     14 Nov: US vows 'firm response' to North Korea's deployment with Russia in Ukraine conflict
     14 Nov: Sea Shepherd founder Captain Paul Watson to remain in detention in Greenland amid extradition push from Japan
     13 Nov: Legitimacy of two Victorian local government elections in question after duplicate votes detected
     13 Nov: Who is Archbishop of Canterbury Justin Welby and why did he resign during an abuse scandal?
     Top Stories

    RUGBY RUGBY
    New Zealand Rugby are keeping open a gap down the blindside for a future Super draft, but the prospect is unlikely for now More...


    BUSINESS BUSINESS
    New Zealand citizen departures continue in record numbers More...



     Today's News

    Health & Safety:
    Canterbury University is vowing to ensure student care is up to scratch - after an outbreak of gastro illness in university halls, affecting more than 100 12:57

    Entertainment:
    Ariana Grande has been "an incredible support system" for Normani 12:32

    Entertainment:
    Sarah Paulson has loved working with Kim Kardashian on 'All's Fair' 12:02

    Auckland:
    One person has died in a tractor crash in Hunua, south-east of Auckland 11:57

    Entertainment:
    Sean 'Diddy' Combs has made a new request for bail 11:32

    International:
    What is the Treaty of Waitangi and why is it sparking huge Maori protests in New Zealand? 11:27

    International:
    Donald Trump and Joe Biden meet at White House to discuss transition of presidential power 11:17

    National:
    The Incas used mysterious stringy objects called ‘khipus’ to record data. We just got a step closer to understanding them 11:17

    Rugby:
    New Zealand Rugby are keeping open a gap down the blindside for a future Super draft, but the prospect is unlikely for now 11:07

    Business:
    New Zealand citizen departures continue in record numbers 11:07


     News Search






    Power Search


    © 2024 New Zealand City Ltd