Member Of A Harassment And Hacking Group Convicted In The UK
Read also: Three arrested for hacking hospital CCTV and selling videos of female patients, hacker responsible for 90+ data breaches worldwide arrested in Thailand, and more.
Thursday, February 27, 2025
Member of a harassment and hacking group convicted in the UK
Richard Ehiemere, a 21-year-old man from Hackney, has been convicted for his involvement in an online network called "The Com." Ehiemere, who went by the online alias "Retaliate#1337," was found guilty of a range of serious offenses, including the exchange of child sexual abuse material (CSAM), hacking, and distributing stolen data.
The investigation revealed that Ehiemere had accessed Discord channels connected to the notorious hacking group CVLT 383 times. He frequently shared "combo lists" (collections of stolen email addresses and passwords) and participated in discussions about hacking techniques, selling illicit materials, and strategies to avoid detection.
During searches at his residence, investigators found a computer tower containing 142 "combo lists," which had been compiled from stolen personal data. Additionally, evidence of accounts linked to VPN providers was discovered, which would have allowed Ehiemere to hide his online identity and avoid detection.
Ehiemere faced multiple charges, including two fraud-related offenses and three charges for possessing and distributing indecent images of children. After a seven-day trial, he was convicted on all charges. Ehiemere is set to be sentenced on 1 May 2025.
Three arrested for hacking hospital CCTV and selling videos of female patients
Police in Gujarat, India, have arrested three individuals for allegedly hacking into a hospital's CCTV network and selling disturbing videos of female patients online.
The incident came to light when the police registered a case after discovering that videos showing doctors examining female patients in the maternity ward were being circulated on platforms like YouTube and Telegram. The videos were reportedly being sold to generate revenue from "subscribers." The suspects charged a subscription fee of Rs 2,000 per video.
The Ahmedabad Cyber Crime Branch identified the arrested individuals as Parit Dhamelia, Vaibhav Mane and Ryan Pereira. The three were allegedly involved in hacking into the CCTV camera system of Rajkot's Payal Maternity Home.
Dhamelia was arrested for his role in breaching the hospital’s CCTV network. Mane was apprehended for promoting and distributing the videos on YouTube and Telegram while also providing his bank account details to facilitate financial transactions. Pereira is believed to have assisted in the operation.
Hacker behind over 90 data breaches arrested in Thailand
Thai authorities have arrested a 39-year-old man believed to be responsible for at least 75 hacking incidents globally. Operating under various aliases such as ALTDOS, DESORDEN, GHOSTR, and 0mid16B, the individual has been one of the most active cybercriminals in the Asia-Pacific region since 2021. His primary targets were companies and businesses in Thailand, Singapore, Malaysia, Indonesia, India, and other nations.
The man is alleged to have been behind over 90 instances of data breaches worldwide, with 65 occurring in the Asia-Pacific region. His criminal activity started under the alias ALTDOS, initially focusing on victims in Thailand. His attacks aimed to steal sensitive databases containing personal data, which he would then use for extortion, demanding payments from victims in exchange for not making the data public. If the victims refused to comply, instead of publishing the stolen data on Dark Web forums, he would notify media outlets or personal data protection authorities, causing greater reputational and financial harm.
The cybercriminal would also exert additional pressure by directly contacting victims' customers via email or instant messaging, urging them to comply. On some rare occasions, he was observed encrypting victims' databases. To carry out the attacks, the man used SQL injection tools like sqlmap and exploited vulnerable Remote Desktop Protocol (RDP) servers to gain unauthorized access to sensitive data. Once inside, he would install a beacon of a cracked version of the CobaltStrike tool to control the compromised servers.
Thai authorities seized assets worth more than 10 million baht (approximately S$395,500), which included mobile phones, laptops, luxury vehicles, and branded bags. Investigations into the alleged hacker’s activities are still ongoing.
Scammer who bought over 2K stolen credentials from Genesis Market charged with identity theft
Andrew Shenkosky, a 29-year-old US citizen, has been indicted on multiple charges, including wire fraud and aggravated identity theft, for his involvement in purchasing stolen login credentials and using them to commit fraudulent financial transactions. The charges also include possession of unauthorized access devices and trafficking in computer access information.
Court documents reveal that Shenkosky purchased nearly 2,500 stolen login credentials from the now-defunct Genesis Market Dark Web marketplace known for selling access to compromised personal information, including usernames, passwords, and cell phone numbers, often obtained through malware infections. The data he bought was used to steal funds from victims’ accounts.
To access Genesis Market, Shenkosky fraudulently opened a Coinbase cryptocurrency account in the name of one of his victims, purchasing an invite code to gain access. He attempted to sell some of the stolen information on the Raid Forums cybercriminal platform known for facilitating illegal activities before it was shut down.
In January 2025, Shenkosky was charged with three counts of wire fraud, one count of aggravated identity theft, and one count each of possession of unauthorized access devices and trafficking in computer access information.
Former Stanford employee convicted for altering patient data
Naheed Mangi, a former employee of Stanford University, was convicted of accessing a clinical research database after her authorization was revoked and altering patient records within the database. Mangi, who was employed as a clinical research coordinator at Stanford's Cancer Clinical Trials Office within the National Cancer Institute, was tasked with reporting significant patient events, assisting with patient appointments, and entering data into the clinical database. After Mangi was terminated from her position at Stanford, she used her login credentials, which were not revoked at the time, to make unauthorized alterations to the patient data in the database.
Mangi’s actions triggered an internal investigation at Stanford, leading the institution to re-enter all data from source documents into the database.
As a result of her actions, Mangi caused significant financial loss to Stanford University and its School of Medicine, totaling thousands of dollars.
She is scheduled for sentencing on July 21, 2025. Mangi faces a maximum sentence of 10 years in prison for each count of Intentional Damage to a Protected Computer and one year for the charge of Accessing a Protected Computer Without Authorization.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.