US authorities have charged former product manager Danielle Hillmer with multiple federal crimes for allegedly lying to government customers about whether her company’s cloud platform met required security standards.

According to an indictment, Hillmer, 53, is accused of concealing the platform’s noncompliance with security controls, misleading US federal agencies and other government clients. Prosecutors allege she repeatedly misrepresented that the platform complied with the Federal Risk and Authorization Management Program (FedRAMP) High baseline and the Department of Defense’s Impact Levels 4 and 5, despite knowing it lacked required access controls, logging, monitoring, and other safeguards.

The platform, described in court documents as the Nonappropriated Fund Integrated Financial Management System (NIFMS), is a cloud-based system supporting payroll, pension, and benefits functions. While referred to as “Company A” in the indictment, Hillmer stated she worked for Accenture during the relevant period, according to a now-deleted LinkedIn profile.

Prosecutors allege Hillmer obstructed federal auditors and tried to influence third-party assessors during audits in 2020 and 2021 by hiding flaws and instructing others to misrepresent the system during testing. She is also accused of misleading the US Army to secure a provisional Department of Defense authorization for the platform and submitting authorization materials she knew contained false information.

Hillmer faces two counts of wire fraud, one count of major government fraud, and two counts of obstruction of a federal audit. If convicted, she could face decades in prison, with potential sentences of up to 20 years for wire fraud, 10 years for major government fraud, and five years for each obstruction count.

US, European authorities dismantle the E-Note crypto exchange linked to cybercrime

US law enforcement, in cooperation with international partners in Germany and Finland, has dismantled the online infrastructure of a cryptocurrency exchange suspected of laundering millions of dollars for transnational cybercriminal groups.

According to the Department of Justice, the E-Note exchange was allegedly used to process funds stolen through cyber-attacks targeting healthcare organizations, critical infrastructure, and other victims. Prosecutors said E-Note’s payment service and associated money mule network handled more than $70 million in transactions linked to ransomware attacks dating back to 2017.

As part of the operation, federal prosecutors unsealed an indictment in the Eastern District of Michigan charging Mykhalio Petrovich Chudnovets, a 39-year-old Russian national, with money laundering. Authorities allege Chudnovets operated E-Note and has been laundering proceeds for cybercriminals since at least 2010. The charge carries a maximum sentence of 20 years in prison.

Law enforcement agencies seized servers, mobile applications, and three websites linked to the operation (e-note[.]com, e-note[.]ws, and jabb[.]mn). The police also confiscated customer databases and transaction records that officials say will aid ongoing investigations into ransomware and other cybercrime networks.

A man jailed for teaching scammers how to use malware

A member of an organized criminal group who created at least 20 tutorial videos teaching viewers how to scam victims using malware has been jailed in Singapore.

Cheoh Hai Beng, a Malaysian national, was linked to a scam syndicate that remotely took over Android mobile phones and infected the devices with the Spymax malware. The tool allowed criminals to steal money via unauthorized bank transactions. The tutorials created by Cheoh showed how to operate Spymax.

Cheoh was sentenced to five years and six months’ jail after pleading guilty to misusing a computer system and an offense involving organized crime. He was also fined $3,608, with an additional three weeks’ jail in default.

Court documents revealed that Cheoh’s alleged accomplice, Taiwanese national Lee Rong Teng, remains at large. Lee recruited Cheoh to learn and demonstrate the malware’s capabilities, threatening him into recording the videos, which were later sold and shared on Telegram.

Cheoh was paid about US$2,700 in cryptocurrency for his role. He was arrested by Malaysian police in Penang on June 12, 2024, and extradited to Singapore two days later.

International operation dismantles Europe-wide call center scam network

Authorities from the Czech Republic, Latvia, Lithuania, and Ukraine, supported by Eurojust, have taken down a criminal network operating fraudulent call centers in the Ukrainian cities of Dnipro, Ivano-Frankivsk, and Kyiv. The group is accused of scamming victims across Europe, causing estimated losses of more than EUR 10 million.

The network ran a highly organized operation, employing around 100 people recruited from several European countries, including the Czech Republic, Latvia and Lithuania. Employees worked in Ukrainian call centers and were paid a commission of up to 7% of the proceeds from each successful scam.

The fraudsters used a range of tactics, including posing as police officers or bank employees and falsely claiming that victims’ bank accounts had been hacked. Victims were persuaded to transfer large sums of money to so-called “safe” accounts controlled by the network or to install remote access software, allowing the criminals to gain full control of their bank accounts. To support the scams, members of the group forged official police and bank documents and, in some cases, collected cash directly from victims.

Authorities carried out 72 searches across three Ukrainian cities, targeting offices, residences, and vehicles. During the raids, investigators seized forged police and bank identification, computers, laptops, hard drives, mobile phones, a polygraph machine, as well as cash, 21 vehicles, and various weapons and ammunition. Twelve suspects were arrested on the action day, and a total of 45 individuals have been identified as suspects.

Arrests in Ukraine are the latest in a series of police actions against fraud. In September, European police shut down a €100 million cryptocurrency scam, raiding locations in several countries, including Spain and Italy. In November, authorities dismantled a large-scale credit card fraud ring that impacted millions of people.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Another hacker pleads guilty in DraftKings hacking case

The co-conspirator has pleaded guilty to his role in a large-scale hacking scheme that targeted the sports betting platform DraftKings and compromised tens of thousands of user accounts. Nathan Austad, 21, of Farmington, Minnesota, admitted to conspiring to commit computer intrusion. Austad, known online as “Snoopy,” was involved in a credential-stuffing attack carried out against the betting website in November 2022.

Austad and his two accomplices used stolen username and password combinations from previous data breaches to gain unauthorized access to DraftKings accounts. More than 60,000 accounts were successfully compromised, with roughly $600,000 stolen from nearly 1,600 victims. Access to hijacked accounts was also sold on underground marketplaces trading in compromised user credentials.

Officials said Austad operated one such online shop himself and controlled cryptocurrency wallets that received about $465,000 in digital assets linked to the scheme. While court documents don’t mention the affected platform, the details of the breach match DraftKings’ November 2022 disclosure about the credential-stuffing incident that compromised 68,000 accounts.

Austad is the third person to plead guilty in connection with the hacking campaign. His co-conspirators, Joseph Garrison and Kamerin Stokes, previously entered guilty pleas. Garrison was sentenced to 18 months in prison in early 2024, while Stokes pleaded guilty in April 2024. Austad faces a maximum sentence of five years in prison. His sentencing hearing is scheduled for April 10, 2026.