An Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. Prosecutors say the accused also enjoyed a lengthy career of “cashing out” access to hacked bank accounts worldwide.

Maksim Berezan, 37, is an Estonian national who was arrested nearly two years ago in Latvia. U.S. authorities alleged Berezan was a longtime member of DirectConnection, a closely-guarded Russian cybercriminal forum that existed until 2015. Berezan’s indictment (PDF) says he used his status at DirectConnection to secure cashout jobs from other vetted crooks on the exclusive crime forum.

Berezan specialized in cashouts and “drops.” Cashouts refer to using stolen payment card data to make fraudulent purchases or to withdraw money from bank accounts without authorization. A drop is a location or individual able to securely receive and forward funds or goods obtained through cashouts or other types of fraud. Drops typically are used to make it harder for law enforcement to trace fraudulent transactions and to circumvent fraud detection measures used by banks and credit card companies.

Acting on information from U.S. authorities, in November 2020 Latvian police searched Berezan’s residence there and found a red Porsche Carrera 911, a black Porsche Cayenne, a Ducati motorcycle, and an assortment of jewelry. They also seized $200,000 in currency, and $1.7 million in bitcoin.

After Berezan was extradited to the United States in December 2020, investigators searching his electronic devices said they found “significant evidence of his involvement in ransomware activity.”

“The post-extradition investigation determined that Berezan had participated in at least 13 ransomware attacks, 7 of which were against U.S. victims, and that approximately $11 million in ransom payments flowed into cryptocurrency wallets that he controlled,” reads a statement from the U.S. Department of Justice.

Berezan pleaded guilty in April 2021 to conspiracy to commit wire fraud.

For many years on DirectConnection and other crime forums, Berezan went by the hacker alias “Albanec.” Investigators close to the case told KrebsOnSecurity that Albanec was involved in multiple so-called “unlimited” cashouts, a highly choreographed, global fraud scheme in which crooks hack a bank or payment card processor and used cloned payment cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours.

Berezan joins a growing list of top cybercriminals from DirectConnection who’ve been arrested and convicted of cybercrimes since the forum disappeared years ago. One of Albanec’s business partners on the forum was Sergey “Flycracker” Vovnenko, a Ukrainian man who once ran his own cybercrime forum and who in 2013 executed a plot to have heroin delivered to our home in a bid to get Yours Truly arrested for drug possession. Vovnenko was later arrested, extradited to the United States, pleaded guilty and spent more than three years in prison on botnet-related charges (Vovnenko is now back in Ukraine, trying to fight the Russian invasion with his hacking abilities).

Perhaps the most famous DirectConnection member was its administrator Aleksei Burkov, a Russian hacker thought to be so connected to the Russian cybercriminal scene that he was described as an “asset of extreme importance to Moscow.” Burkov was arrested in Israel in 2015, and the Kremlin arrested an Israeli woman on trumped-up drug charges to force a prisoner swap.

That effort failed. Burkov was extradited to the U.S. in 2019, soon pleaded guilty, and was sentenced to nine years. However, he was recently deported back to Russia prior to serving his full sentence, which has prompted Republican leaders in the House to question why.

Other notable cybercrooks from DirectConnection who’ve been arrested, extradited to the U.S. and sentenced to prison include convicted credit card fraudsters Vladislav “Badb” Horohorin and Sergey “zo0mer” Kozerev, as well as the infamous spammer and botnet master Peter “Severa” Levashov.

At his sentencing today, Berezan was sentenced to 66 months in prison and ordered to pay $36 million in restitution to his victims.

Read More

Law man was the subject of 28 complaints before his arrest over obscene Snapchat images

Read More

Sports stars’ information swiped in cyber-attack on third-party vendor

Read More

The Utah Consumer Privacy Act (UCPA) follows in the footsteps of laws passed in California, Virginia and Colorado

Read More

ServiceNow has added new features to its Major Security Incident Management (MSIM) Workspace platform, which it launched in December 2021. The features allow security teams greater customization of the incident response service and come as ServiceNow announced its latest Now Platform San Diego release.

MSIM Workspace a mechanism to track and resolve security incidents

ServiceNow launched MSIM Workspace last year to help security teams collaboratively respond to critical security incidents. The platform allows users to share and view files/folders on security issues, view and update incident tasks, and communicate through dedicated chat channels. It is designed to work alongside other ServiceNow security incident and vulnerability response product capabilities and offers features including:

To read this article in full, please click here

Read More

The new framework is designed to revamp the previous Privacy Shield arrangement between the EU and US

Read More

The CIS Critical Security Controls (CIS Controls) team has created guide to help organizations create secure cloud environments.

Read More

The US and the European Union (EU) have a preliminary agreement over the storing of European data on US soil. It was announced by President Biden and EU President Ursula von der Leyen, speaking on Friday March 25. If successful, the data agreement would resolve a significant point of contention in US-EU relations since a previous deal regulating trans-Atlantic data flows—Privacy Shield—was deemed illegal by the EU’s top court in 2020. It ruled that the US did not provide EU citizens effective means to challenge US government surveillance of their data.

[ Learn 8 pitfalls that undermine security program success and 12 tips for effectively presenting cybersecurity to the board. | Sign up for CSO newsletters. ]

Framework underscores “shared commitment to privacy”

While neither President Biden nor President von der Leyen provided details on how the new agreement would work and withstand legal challenges, the US President said that the “framework underscores our shared commitment to privacy, to data protection and to the rule of law” and would allow EU authorities “to once again authorize trans-Atlantic data flows that help facilitate $7.1 trillion in economic relations with the EU.”

To read this article in full, please click here

Read More

Gus Simmons is an early pioneer in cryptography and computer security. I know him best for his work on authentication and covert channels, specifically as related to nuclear treaty verification. His work is cited extensively in Applied Cryptography.

He has written a memoir of growing up dirt-poor in 1930s rural West Virginia. I’m in the middle of reading it, and it’s fascinating.

More blog posts.

Read More

Nightclub owner’s equipment linked to infamous QQAAZZ group

Read More