Slashdot Mirror
Krebs: 'Men Who Sent SWAT Team, Heroin to My Home Sentenced' (krebsonsecurity.com)
An anonymous reader quotes KrebsOnSecurity:
On Thursday, a Ukrainian man who hatched a plan in 2013 to send heroin to my home and then call the cops when the drugs arrived was sentenced to 41 months in prison for unrelated cybercrime charges. Separately, a 19-year-old American who admitted to being part of a hacker group that sent a heavily-armed police force to my home in 2013 was sentenced to three years probation.
Sergey Vovnenko, a.k.a. "Fly," "Flycracker" and "MUXACC1," pleaded guilty last year to aggravated identity theft and conspiracy to commit wire fraud. Prosecutors said Vovnenko operated a network of more than 13,000 hacked computers, using them to harvest credit card numbers and other sensitive information... A judge in New Jersey sentenced Vovnenko to 41 months in prison, three years of supervised released and ordered him to pay restitution of $83,368.
Separately, a judge in Washington, D.C. handed down a sentence of three year's probation to Eric Taylor, a hacker probably better known by his handle "Cosmo the God." Taylor was among several men involved in making a false report to my local police department at the time about a supposed hostage situation at our Virginia home. In response, a heavily-armed police force surrounded my home and put me in handcuffs at gunpoint before the police realized it was all a dangerous hoax known as "swatting"... Taylor and his co-conspirators were able to dox so many celebrities and public officials because they hacked a Russian identity theft service called ssndob[dot]ru. That service in turn relied upon compromised user accounts at data broker giant LexisNexis to pull personal and financial data on millions of Americans.
Sergey Vovnenko, a.k.a. "Fly," "Flycracker" and "MUXACC1," pleaded guilty last year to aggravated identity theft and conspiracy to commit wire fraud. Prosecutors said Vovnenko operated a network of more than 13,000 hacked computers, using them to harvest credit card numbers and other sensitive information... A judge in New Jersey sentenced Vovnenko to 41 months in prison, three years of supervised released and ordered him to pay restitution of $83,368.
Separately, a judge in Washington, D.C. handed down a sentence of three year's probation to Eric Taylor, a hacker probably better known by his handle "Cosmo the God." Taylor was among several men involved in making a false report to my local police department at the time about a supposed hostage situation at our Virginia home. In response, a heavily-armed police force surrounded my home and put me in handcuffs at gunpoint before the police realized it was all a dangerous hoax known as "swatting"... Taylor and his co-conspirators were able to dox so many celebrities and public officials because they hacked a Russian identity theft service called ssndob[dot]ru. That service in turn relied upon compromised user accounts at data broker giant LexisNexis to pull personal and financial data on millions of Americans.
The US needs to force phone companies to update the ancient VOIP protocols with some kind of security certificate/trust system to eliminate spoofed phone numbers and crack down on SWATing. In an act where Krebs or one of his family members could have been killed, this kind of behavior needs to be treated like attempted murder, not some prank. Even under the best of circumstances, the family pet is often killed by the SWAT team to avoid injury.
With a security cert system, the phone network would refuse to route any calls without a valid certificate, and valid certificates could be traced back to a credit card/drivers license/IP address all tied to that certificate number, as well as a physical device and it's actual IP. I am sure there are still ways to circumvent it, but it would be a good starting point, and would catch most of the script kiddies, which is where 90% of this SWATing comes from.
Fly by night shady companies that refuse to collect this information or programs of the same nature simply wouldn't be able to place calls at all. For the same reason that it should be illegal to protest with a mask concealing your face, it should be illegal to obscure/spoof your identity through the phone system, and attempting to do so in and of it'self should be a federal crime with heavy penalties (I am looking at you telemarketers).
If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
It looks to me like Eric Taylor's sentence wasn't for the swatting incident, and it was a plea bargain.
http://www.washingtontimes.com...
From the linked article:
A teenager hacker was sentenced in D.C. federal court Wednesday for a slew of cybercrimes committed against President Trump, Michelle Obama and former CIA Director John Brennan, among others.
Mr. Taylor and multiple co-conspirators are accused by the government of illegally obtaining personal information from high-profile victims and publishing it on a website, Exposed.Su, in 2013. He pleaded guilty last year to related charges and was sentenced at 2 p.m. Wednesday by U.S. District Judge Randolph Moss in Washington, D.C., The Times has learned.
Allegations against Mr. Taylor and others charged in the conspiracy were filed under seal, and Wednesday’s sentencing hearing was not listed on the court’s website. Details of the sentencing were confirmed to The Times by individuals familiar with the case but not authorized to publicly discuss the matter.
Because everything is sealed, I suspect that the defense attorney's threatened to use the trial to dump into the public record everything that Eric et al had stolen, and that would be harmful to the high-profile people they hacked. Hence the light sentence and plea bargain.