A Kazakhstan-based hacker who sold access to hundreds of companies across the globe has been charged by U.S. authorities. The indictment landed just weeks after the defendant’s identity was revealed earlier this month by cybersecurity researchers, as first revealed by Forbes.
The hacker who went by the nickname fxmsp was unmasked by cybersecurity firm Group-IB as Kazakh national Andrey Turchin, though it underestimated the defendant’s sprawling illicit sales network, according to a Justice Department indictment. The DOJ’s charges, unsealed on Tuesday, were first filed under seal back in December 2018 and claimed that he and unnamed co-conspirators were responsible for selling access to networks of as many as 300 companies, more than double the 130 figure cited by Group-IB. Once on networks, criminals could do what they wanted, whether that was steal data or pilfer computing power for cryptocurrency mining.
The researchers were right on many other facts, though, noting that he was likely born in the 1980s. DOJ investigators confirmed Turchin was 37. Group-IB claimed Turchin and a colleague known as Lampeduza had likely made at least $1.5 million over three years of sales from 2017. The DOJ said that whilst it was unknown just how much the group had earned, they’d caused tens of millions of dollars in damage, the costs incurred on companies who had to identify the hacks and rid their networks of malware.
Prosecutors said at least 30 American companies could’ve been breached by Turchin and his accomplices. None were named, though cybersecurity firm Trend Micro admitted some of its code was stolen in an attack carried out by fxmsp in 2019.
Turchin allegedly used the fxmsp moniker from 2017 onwards, using various hacking forums to sell what he claimed was direct access to business’ computers. He would typically find networks that had mistakenly left remote desktop services open, allowing a quick and easy route onto company PCs, the DOJ said. Where there were passwords on the computers, he’d attempt to break in by “brute force” attack, repeatedly guessing the login details at speed.
His victims, according to both the DOJ and Group-IB came from all manner of industries, indicating he was targeting anyone who was vulnerable to his hacks. Targets included a Nigerian bank, a luxury hotel chain, global government agencies, a port authority in Washington state, a New York-based airline and a Californian software development agency.
“Sophisticated cybercrimes can be extremely difficult to investigate. However, by working closely with our international law enforcement partners at the U.K.’s National Crime Agency, along with victims, private sector security researchers and great cooperation from our international law enforcement partners in Kazakhstan, the FBI was able to disrupt Mr. Turchin and his alleged co-conspirator’s criminal intrusions,” said Raymond Duda, special agent in charge at the FBI Seattle field office.
Turchin has been charged with one count of conspiracy to commit computer hacking, two counts of computer fraud and abuse, conspiracy to commit wire fraud and access device fraud.
He has not been arrested by U.S. authorities and his whereabouts remain unknown. “I commend Kazakhstan for its assistance in this investigation. I am hopeful these critical international partnerships between cybercrime investigators will lead to holding Andrey Turchin accountable in a court of law,” said U.S. attorney Brian Moran for the Western District of Washington.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .