Cyber Security Can Get Personal!

In 2013, Brian Krebs taught someone a lesson in cyber security. He had earned the unwanted attention of a man calling himself The Fly, or Flycracker, later revealed to be a 26-year-old career thief named Sergey Vovnenko. Krebs tracked Vovnenko to a forum where he brokered the sale of credit card information. Krebs found out that Vovnenko was going to do his best to damage Krebs’s reputation – maybe even land him in jail.

The plan was to have heroin delivered to Krebs, then to call the police. It didn’t work out that way. Krebs called the police first, notifying them of Sergey’s plan. The heroin came a few days after he gave his statement to law enforcement. Krebs turned it over to the cops and went to work, trying to find Vovenko.

Cyber security can get personal

Vovnenko fits a profile Krebs says applies to many in the world of information crime: young, arrogant and frankly sadistic, with a chip on his shoulder. Investigators are prone to boil down credit card stealing operations and mass identity thefts to simple greed. But often, it’s much more than that. “These guys have such huge egos,” he said. “What are they after? How much is enough? You make $100 grand a month, is that not enough?”

Krebs thinks some hackers just really enjoy messing things up and attacking people or doing it as a power trip.

After Vovnenko failed to frame him, Krebs wrote about the experience in a blog post, which the Guardian republished. He says he thinks the post embarrassed Vovnenko, who then sent Krebs’s wife a funeral flower arrangement. Says Krebs, “He had it delivered to our house with a note to her, just to her, saying, ‘Dear Jennifer, you married the wrong guy, but we’ll always take care of you. Rest in peace, Brian.'” And at that point, Krebs was so mad that he really wanted to know who the jerk was.

It didn’t take Krebs long to find out that Vovnenko, just like the people he stole from, shared passwords between the administrator account on his identity theft forum, and the Gmail address he used to do his dirty work. After a little digging, Krebs learned that Vovnenko didn’t trust his fiancee and had her every keystroke logged and secretly sent to the Gmail account; in those messages was every possible personal detail about Vovnenko’s life.

Here are some of those details: Vovnenko lived in Naples, Italy. He had a son and he married his one-time untrusted fiancee. Vovnenko bought stolen Italian credit card information. He also printed and embossed credit cards on machines he owned himself and cashed out the cards through high-end Italian retailers in the fashionable city.

Krebs decided to get in touch with Vovnenko. Running organized crime was one thing; a Ukrainian running an identity theft ring and printing stolen credit cards in the Camorra’s backyard was another. The Camorra is an Italian Mafia-type crime syndicate, or secret society, located in the region of Campania and its capital Naples.

“I just reached out to him and said, ‘Hey, how’s Italy? How’s your son Max?’” Krebs recalls. “And he said ‘Ahahaha, I wait for FBI.’

“I said: ‘It’s not the FBI you have to worry about.’” Should the Camorra be displeased with Vovnenko, bad thinks were sure to happen.

Vovnenko fell afoul of Italian authorities and spent “a while” in what he called “Naples’ worst prison” in a letter of apology he wrote to Krebs. Krebs thinks Vovnenko was in a 12-step program. Vovnenko told his victim that he “forgave” him for posting a picture and Vovnenko’s address on the website “Krebs on Security” when Vovnenko was arrested.

There are many times that hackers outfool security professionals. Daily security scanning can help. And all it takes is for people like Brian Krebs and Trust Guard to help take down these criminals – even if it is one at a time. The key is to find them before it gets personal.

 


 

Special thanks to The Guardian for supplying much of the information found in this article.

Share

Speak Your Mind

*