Police Dismantle Grandoreiro Bank Fraud Operation, Responsible For Theft Of Over 3.6M Euros
Read also: OneCoin’s lawyer gets 10 years in prison, DHS employees sentenced for stealing government software and databases, and more.
Thursday, February 1, 2024
OneCoin’s lawyer gets 10 years’ imprisonment for laundering $400M
A US court has handed down a 10-year prison sentence to Mark Scott, a lawyer involved in the massive OneCoin cryptocurrency fraud scheme that operated globally and defrauded millions of dollars from victims. In November 2019, Scott pleaded guilty to conspiracy to commit bank fraud and conspiracy to commit money laundering.
The scheme, which began operations in 2014 and was based in Sofia, Bulgaria, marketed and sold the sham cryptocurrency through a global multi-level marketing (MLM) network. Between the fourth quarter of 2014 and the fourth quarter of 2016, OneCoin raked in over $4 billion from at least 3.5 million victims.
In addition to the charges of conspiracy to commit money laundering and bank fraud, Scott was found guilty of participating in one of the largest fraud schemes ever perpetrated. In addition to the prison sentence, Scott was sentenced to three years of supervised release. He has also been ordered to forfeit $392,940,000, along with several bank accounts, a yacht, two Porsche automobiles, and four real estate properties.
In September 2023, OneCoin co-founder Karl Greenwood received a 20-year prison sentence, and in November, Irina Dilkinska, the “head of legal and compliance” for OneCoin, pleaded guilty to wire fraud and money laundering charges. Ruja Ignatova, OneCoin’s top leader, also known as “the Cryptoqueen,” was charged in the US in 2017 but still remains at large. The US authorities have offered a reward of up to $250,000 for information leading to her arrest.
Request your free demo now and talk to our experts.
DHS employees sentenced for stealing government software and databases
Three former employees of the Department of Homeland Security (DHS) were sentenced for their involvement in a scheme to steal proprietary software and sensitive law-enforcement databases from the US government for financial gain.
According to the US Department of Justice, Charles Edwards, Sonal Patel and Murali Venkata were all former employees of the DHS Office of Inspector General (DHS-OIG). The perpetrators devised a scheme through which they stole proprietary software and databases with sensitive law-enforcement data and the personally identifiable information (PII) of over 200,000 federal employees from DHS-OIG and the US Postal Service Office of Inspector General (USPS-OIG).
The trio intended to use the stolen assets to create a commercial software, which they planned to sell to the government. As part of their scheme, they shared the stolen info with software developers located in India. Furthermore, when Venkata became aware of the investigation, he attempted to obstruct it by deleting incriminating text messages and other communications.
Edwards, Patel and Venkata pleaded guilty to charges related to the theft of government property, defrauding the US, wire fraud, and destruction of records. Edwards received one year and six months in prison, Venkata was sentenced to four months in prison, and Patel got off with two years of probation.
A hacker sentenced to 18 months in jail for the DraftKings breach, two accomplices arrested
A 19-year-old Wisconsin man, Joseph Garrison, has been sentenced to 18 months' imprisonment for his role in the 2022 hack of the popular DraftKings fantasy sports website that saw $600,000 stolen from 1,600 accounts.
Garrison and his co-conspirators compromised accounts via credential stuffing attack using stolen credentials. The attackers then siphoned funds from the hacked accounts or sold them on cybercrime forums. In addition to the sentence, Garrison has to pay around $1.3 million in restitution to DraftKings, as well as $175,000 in asset forfeitures.
Following Garrison's sentencing, two other individuals, Nathan Austad, known as “Snoopy,” and Kamerin Stokes, aka “TheMFNPlug,” involved in the DraftKings breach, have been apprehended. Prosecutors allege that Austad and Garrison accessed 60,000 customer accounts during the cyberattack. The compromised access information was then sold through illicit online “shops” controlled by the hackers. Furthermore, they allegedly sold the stolen data to co-conspirators who marketed the information through their own platforms.
Austad and Stokes are now facing multiple charges, including conspiracy to commit computer intrusions, unauthorized access to a protected computer, wire fraud conspiracy, wire fraud, and aggravated identity theft. Each charge carries a varying maximum sentence, ranging from five to twenty years in prison.
Germany seizes over €2 billion in Bitcoin linked to movie piracy platform
German authorities have confiscated over €2 billion worth of Bitcoin connected to the notorious movie piracy portal, movie2k.to. The digital assets were willingly surrendered to officials by the site's programmer, who has been in pre-trial detention since 2019.
Movie2k.to, a platform infamous for its illegal distribution of films and TV series, operated from autumn 2008 until May 2013, disseminating more than 880,000 illegal copies. In 2020, the site's programmer, already in custody, relinquished control of the domain and transferred Bitcoins valued at €25 million to authorities as compensation for damages.
As part of the ongoing investigation, a suspected operator of movie2k.to recently transferred almost 50,000 Bitcoins to the Federal Criminal Police Office. The focus of the inquiry is on two individuals suspected of running the piracy site. Authorities believe the suspects acquired Bitcoins with the proceeds from their illicit activities. The other movie2k.to administrators are still at large and believed to possess similar Bitcoin holdings as they were early adopters of cryptocurrency.
This seizure of Bitcoins by law enforcement authorities represents the most extensive action in Germany to date against digital piracy, the police said. The confiscated Bitcoins have been transferred to a designated wallet of the Federal Criminal Police Office, and a decision regarding their utilization is pending. As of now, no charges have been filed, but investigations continue.
Grandoreiro bank malware operation disrupted in Brazil
The Federal Police of Brazil has dismantled a cybercriminal gang responsible for orchestrating a large-scale banking fraud scheme, yielding a staggering €3.6 million ($3.9 million) in ill-gotten gains since 2019. The operation targeted victims in multiple countries, including Brazil, Mexico, Spain, and Peru.
The criminal group executed its scheme through the use of sophisticated banking malware known as 'Grandoreiro,' a trojan written in Delphi and first observed in 2016. Grandoreiro is able to steal sensitive data through keyloggers and screen-grabbers and by deploying overlays on predetermined banking sites when infected victims access them.
The police arrested five suspects, including top members of the gang, and conducted 13 searches across the states of São Paulo, Santa Catarina, Pará, Goiás, and Mato Grosso.
The investigation into the Grandoreiro operation was triggered by a report from the Spain-based Caixa Bank, which identified the programmers and operators of the banking malware in Brazil. The criminals utilized cloud servers to host the infrastructure supporting the Grandoreiro malware campaigns.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
