• 8 hours France Pledges Moves To Prevent $1B Economic Catastrophe
  • 11 hours Bitcoin Miners Reel As IPO Dreams Crumble
  • 13 hours Gold Moves Sideways On Weak Jobs Report
  • 1 day Is This The End Of The Cannabis Bloodbath?
  • 1 day Markets Hit By Economic Fears, Political Turmoil in U.S. And Europe
  • 1 day The Next Wave Of Solar Tech Is Here
  • 2 days The “Everything Bubble” Has Popped
  • 2 days This 7-Year Old Is Earning 8 Digits
  • 3 days Can Crypto Outperform Equities In The Long-Term?
  • 4 days UK Suspends Top-Tier Investor Visas In Money Laundering Crackdown
  • 4 days Asia’s Wealthiest Double Down On Blockchain Tech
  • 5 days The Midwest’s Top Talent Is Looking For Greener Pastures
  • 5 days Huawei Plummets As CFO Faces Extradition To The U.S.
  • 5 days Market Uncertainty Creates A Buying Opportunity For Gold
  • 6 days This Indicator Suggests A Recession May Be Looming
  • 6 days 6 Key ETFs For The Industrial Revolution’s ‘New Economy’
  • 6 days Cautious Optimism As South Africa Snaps Out Of Recession
  • 6 days The Mystery Behind Tesla's Chinese Sales Hiccup
  • 7 days Russia Will "Respond Appropriately" If U.S. Ditches Nuclear Deal
  • 7 days This Week’s Major Pot Sector Shake-Ups
Can Zuckerberg Survive Facebook’s Stock Selloff?

Can Zuckerberg Survive Facebook’s Stock Selloff?

Facebook has taken a beating…

Social Media Giants Crack Down On Global Info War

Social Media Giants Crack Down On Global Info War

There’s an overlooked geopolitical showdown…

Black Friday A Welcome Distraction For Amazon

Black Friday A Welcome Distraction For Amazon

Black Friday has come as…

Alex Kimani

Alex Kimani

Writer, Divergente Research LLC

Alex Kimani is a veteran finance writer, investor, engineer and researcher for Divergente Research LLC and Safehaven.com. 

Contact Author

  1. Home
  2. Tech
  3. Internet

The World’s Largest Cybercrime Empire

Hacker

When you hear of state-sponsored cybercrime, you probably conjure up images of cybercriminals linked with the Russian government outwitting sophisticated infosec systems and stealing mountains of state data.

Well, that’s pretty representative of your average state-sponsored hack, only that the latest and biggest hacking ring to be busted (sort of) is run by regular Ukrainian guys and employs sophisticated state-sponsored techniques, primarily targeting American businesses and companies.

Biggest Hacking Organization

Meet the Fin7 hacking Group, the most costly cybercrime ring in town. The group has earned its stripes as one of the most sophisticated and aggressive hacking organizations in the world, alleged to have leeched a billion dollars from companies in America and around the world.

Fin 7, aka Carbanak Group, has stolen more than 15,000 credit card data-sets from at least 3,600 businesses around the world in its years-long operation. The DoJ has already indicted three Ukrainian nationals for their involvement and charged them with 26 counts of felony each, including conspiracy, hacking and wire fraud.

The three men, Dmytro Fedorov (44), Fedir Hladyr (33), and Andrii Kopakov (30), were high-level operatives in the underground empire as an administrator and group supervisors, respectively. But make no mistake: Fin 7 still continues its insidious operations even with the three firmly behind bars.

Sophisticated Techniques

Barry Vengerik, threat analyst at FireEye Inc. and coauthor of the Fin7 report, says the have been surprised by the sophistication of the techniques employed by the group, most of them associated with state-sponsored hacks and not your average financially motivated cybercrime.

It’s a plot that would impress even the most battle-weary sleuth.

Take the case of one unnamed employee at a Red Robin Gourmet Burgers and Brews. One day this employee received an email from ray.donovan84@yahoo.com from what appeared like a normal email from a disgruntled customer kvetching about a bad experience they had at the hotel.

The email urged the recipient to open a certain attachment for further details. Unfortunately, the employee fell for the ruse and opened said attachment, unwittingly granting access to the Fin 7 network. Related: Musk’s Tesla Tweet Sparks Speculation Storm

In a matter of days, the hackers had mapped the hotel’s internal network. Within a week, they had stolen the username and password for the hotel’s point-of-sale system. Inside two weeks,  a Fin 7 member uploaded a file containing usernames and passwords for nearly 800 Red Robin locations including details about location of alarm panels within individual restaurants. That’s how thorough Fin 7 is.

The Fin7 indictment says there are at least nine other hacks that followed Red Robin’s exact playbook of relentless phone calls and bellyaching.

The first round of emails usually looked innocuous enough; just an everyday customer reaching out with a question or concern. But later on comes an email with a simple Word doc or rich text file as an attachment containing pertinent information by the customer. Forgot to open the attachment? No problem, a Fin 7 agent will give you a call reminding you to do so. The email trail might look something like this:

(Click to enlarge)

But perhaps nothing proves the sheer professionalism by these guys like the lengths they were willing to go to achieve their goals and later cover their tracks. For instance, Fin7 used a front company known as Combi Security that purportedly is headquartered in Israel and Russia (this one just had to be there for the plot to be complete). The website has been listed for sale since March, probably after serving its purpose.

Related: The Australian Dollar: An Unlikely Trade War Casualty

Members often group communicated through a private HipChat server in numerous private chatrooms, collaborating on malware and victim business intrusions.

Jira, another Atlassian program, was used for project management including tracking stolen data and network maps. It’s a ring staffed with dozens of members with diverse skillsets, and the majority are still lurking out there, somewhere.

Ok, but what did these guys do with all that stolen business data? Easy, millions of stolen payment card numbers were sold in black market websites such as Joker’s Stash.

In short, the horror show has just begun.

By Alex Kimani for Safehaven.com

More Top Reads From Safehaven.com

Back to homepage

Leave a comment

Leave a comment