Cybersecurity Exec Who Hacked Two Hospitals To Boost Business May Avoid Jail Sentence
Read also: Private eye gets 6 years in prison for hacking, Marriott hacker fakes his own death, and more.
Former COO hacked two hospitals to drive up business
Vikas Singla, a former chief operating officer (COO) of Atlanta-based cybersecurity firm Securolytics, has pleaded guilty to hacking two medical centers in Georgia, the US, to drive up his company’s business.
According to the court documents, Singla compromised the IT systems at hospitals in the cities of Duluth and Lawrenceville, disrupting the phone systems, including the ASCOM phones used by hospital personnel for internal communications, including for “code blue” emergencies.
The former COO also illegally obtained the sensitive personal data of over 300 patients and used a command that caused more than 200 printers at Gwinnett's Duluth and Lawrenceville hospital campuses to print the personal data of patients. Almost immediately after the hacks, Singla began contacting prospective customers offering his company’s services, citing the two incidents as an example of a growing cybersecurity threat.
Singla was arrested in 2021 and was charged with intentional damage to a protected computer and obtaining information from a protected computer. As part of the plea deal, Singla will pay $818,000 in restitution to the medical facility and its insurance company. In exchange, the US Department of Justice will recommend a 57-month probation, including 57 months of home detention. Singla is expected to be sentenced on February 15, 2024.
Request your free demo now and talk to our experts.
A private detective gets 6 years in prison over a worldwide hack-for-hire spearphishing scheme
An Israeli national has been sentenced to 6,6 years in prison for orchestrating and managing a global hack-for-hire intelligence gathering operation that targeted individuals and organizations across the globe.
Aviram Azari, an owner of an Israeli intelligence firm, hired several hacker groups, including an unnamed India-based hack-for-hire outfit, to carry out targeted spearphishing attacks on behalf of Azari’s customers. The hackers sent Azari reports informing him about their progress. The victims included climate activists, journalists, hedge funds, financial firms, and critics of the now-defunct German payment processor Wirecard.
Over a nearly five-year period, Azari is said to have made more than $4.8 million from managing the intelligence gathering and spearphishing campaigns.
Azari was arrested in September 2019 when he arrived in the US and was charged with computer intrusion, wire fraud, and aggravated identity theft. He pled guilty in April 2022. In addition to an 80-month prison sentence, Azari will serve three years of supervised release. He was also ordered to forfeit over $4,8 million of illegal gains.
Marriott hacker fakes his own death to conceal tracks
The US authorities arrested a hacker for breaching two contractors of the Marriott hotel chain, stealing the personal data of hotel customers and selling it on a hacker forum. The man has also compromised several US state death certificate registration agencies with the goal of faking his own death.
The alleged hacker, Jesse Kipf, was arrested in July of this year after he used his personal IP address in a hack. He was charged earlier this month with computer fraud. The US Department of Justice alleges that Kipf hacked into the internal networks of Canadian hotel internet service provider GuestTek and internet marketing firm Milestone in February and June this year respectively and used this access to view customer personal information. Additionally, Kipf was charged by the UK authorities with computer fraud, identity theft and “making false statements on applications in connection with federally insured financial institutions.”
Both hacks were not publicly disclosed. According to Forbes, Kipf breached death certificate systems operated by the states of Arizona, Connecticut, Hawaii, Tennessee and Vermont and successfully faked his own death in Hawaii and Vermont.
He also sold access to Hawaii Health Department’s system on a Russia-linked hacker forum. Furthermore, Kipf claimed to have sold access to Marriott’s systems to Russians, although any evidence of this was not provided. A Marriott spokesperson denied any breach of the hotel chain’s systems.
US seized almost $9M in crypto obtained through romance cyberscams
The US authorities have seized about $9 million worth of Tether (USDT) tokens traced to an international cybercrime syndicate responsible for tricking more than 70 victims through so-called “pig butchering” (a type of fraud that combines romance scams, crypto fraud and investment schemes).
The scammers created fake investment firms and cryptocurrency exchanges to lure investors and then steal their money. The stolen funds were laundered using “chain hopping” techniques that allow criminals to hide their tracks by swiftly transferring crypto assets through multiple blockchains.
Cryptocurrency platform Tether, which along with crypto exchange OKX assisted in the US Department of Justice investigation into a South Asian human trafficking syndicate, announced it froze 225 million in USDT tokens tied to the “pig butchering” scam ring.
A hacker who breached over 60,000 DraftKings accounts pleads guilty
A 19-year-old from Wisconsin, the US, has pled guilty to the charges related to the hacking of user accounts at a fantasy sports and betting website and stealing thousands of dollars from the breached accounts. The DoJ’s press release doesn’t name the impacted platform, which appears to be DraftKings.
The defendant, Joseph Garrison, and other unnamed co-conspirators gained access to more than 60,000 DraftKings user accounts via a credential stuffing attack (a technique that uses stolen user credentials to breach into a system) and stole nearly $600,000 from over 1,000 users.
During searches at Garrison’s home, the police officers found software used for credential stuffing attacks, 700 “configuration files” for various corporate websites, and 40 million username\password combinations also used in the attacks on the suspect’s computer.
Garrison has pled guilty to one count of conspiring to commit computer intrusion. He may face up to five years in prison if found guilty. Garrison’s sentencing is scheduled for January 16, 2024.