The would-be Georgia hacker “w0zniak” – who is accused of attempting to sell his boss’s MSP to ransomware attackers – pleaded not guilty to a two-count indictment, according to court filings.
Marquavious D. Britt, aka “w0zniak,” was indicted on Feb. 11 on charges that included computer fraud and trafficking in a counterfeit device. During a six-minute hearing, Britt pleaded not guilty to the charges. He qualified for, and he was assigned a federal public defender. Britt was previously released to home confinement on a $15,000 unsecured bond, ordered to remain drug free, and not to use any internet-connected device.
According to a filing, the court expects that the case will proceed to a “short” trial, however no future hearing dates have been set. When reached by CRN, Britt’s lawyer, Colin Garrett, declined to comment.
“Thank you. I have nothing to say at this time,” he told CRN.
Last year saw numerous high-profile ransomware attacks carried out through MSPs, including those that locked up small businesses and even cities and towns. Britt was allegedly captured after FBI investigators linked him to his online handle “w0zniak.”
With that alias, Britt posted a message to Torum, a dark web message board used to sell access to computer networks, demanding $600 in bitcoin in exchange for a backdoor into an Atlanta-based MSP and about 20 of its customers including “lawfirms” and a “pharmaceutical company,” federal court filings state.
“I have admin access to the hosting panel, passwords for each client is provided and you’ll access them through RDP. Their client list is sort of extensive I’m asking for $600 BTC,” the hacker w0zniak posted in Torum on Sept. 30.
The post was discovered by an automated bot that Norwalk, Conn.-based Datto created to scan the dark web looking for just such items. Working with the team at Huntress Labs, the two companies reached out to ‘w0zniak” and convinced him to send screen shots of the servers he was selling. Using that data, the firms were able to identify the MSP and warn him.
The FBI meanwhile had a confidential witness carryout a controlled buy of the passwords using bitcoins. The account that w0zniak used to receive the cryptocurrency was set up in Britt’s name, using Britt’s driver’s license, and it was accessed by Britt from the same IP address that w0zniak used, the FBI said in an affidavit.
According to the FBI’s affidavit, Britt was hired by Chimera on May 6 and let go on June 24. In court records he is described as a “disgruntled” employee, though he worked at the company for only six weeks. Chimera provides IT support, mobile application development, website development, and software support to its clients, the FBI said.
“He literally tried to put us out of business,” said Raymond Alexander, Britt’s former boss and co-owner of Chimera, which is also affiliated with Chimera Innovations LLC, in an interview with CRN.