Last week, we concluded the countdown of the FBI Cyber’s Most Wanted. Without a doubt, the hackers and cyber criminals we discussed are some of the most dangerous actors operating in cyberspace today. And as they currently elude the authorities, they pose a serious threat to online users everywhere.
But luck ultimately runs out for most criminals, including those who exploit users online. After all, hackers are humans, and all humans make mistakes. They might not account for certain pieces of evidence, and notwithstanding the challenge of attribution online, they might leave clues behind to their motivations, activities and identities.
We as information security professionals can only hope that the law will catch up with every last cyber criminal. Acknowledging that conviction, we will be relating the stories of 10 notorious hackers, spies and cyber criminals who have already been brought to justice.
We begin this new series at number 10: Maksym Yastremskiy.
Maksym Yastremskiy, otherwise known as “Maksik,” is a Ukrainian carder well known for selling stolen debit and credit card credentials on the black market.
A key player in the criminal ring of hacker Albert Gonzaelez, Yastremskiy was involved in several high-profile data breaches in the mid-2000s, including Dave & Buster’s in 2007 and TJX Companies, which was considered the largest breach for its time at more than 45 million cards stolen that same year.
Among other things, he was highly sought after for his ability to crack PINs and to make sure that packet sniffers went undetected.
Overall, Yastremskiy is rumored to have collected $11 million from his activities on the underground market.
But in 2006, Yastremskiy and an accomplice sold approximately 7,000 stolen card details to a man based in San Diego. Little did they know that their customer was an undercover agent for the U.S. Secret Service.
It was around that time that the Secret Service began to track Yastremskiy’s movements abroad, gathering evidence against him in undercover meetings held in Thailand, the United Arab Emirates and Turkey.
The U.S. government even conducted a “sneak-and-peek” search of Yastremskiy’s laptop in June 2006 after they surreptitiously obtained a copy of the criminal’s hard drive.
By early 2007, the Secret Service had amassed enough evidence against the carder. Local authorities arrested Yastremskiy later that summer while he was partying at a nightclub in Kemar, Turkey.
His arrest was made in connection to an incident involving several banks local to Turkey. Yastremskiy therefore was neither charged in connection to the TJX breach nor was he extradited to the United States. Instead, he received 30 years in a Turkish prison.
Turkey does have an extradition treaty with the United States, so it’s possible he may be extradited when he completes his sentence around the year 2040.
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the ShellShock and Heartbleed vulnerabilities.
The Executive’s Guide to the Top 20 Critical Security Controls Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Images courtesy of ShutterStock.