The Cybersecurity 202: Evil Corp indictments show cybercrime pays – for those at the top

THE KEY

Cybercrime definitely pays. At least in the short term. And for the guys at the top. 

That’s one unmistakable conclusion from indictments and sanctions that U.S. and British officials lobbed yesterday against one of the Russian cybercrime underground’s most notorious hacking groups — which literally calls itself Evil Corp, and stole at least $100 million from banks and financial institutions in 40 countries.

A news release from Britain’s National Crime Agency includes a slew of Scarface-worthy photos of Evil Corp leader Maksim Yakubets flashing stacks of cash, showing off his “customized Lamborghini supercar with a personalized [license] plate that translates to ‘Thief’ ” and at his lavish wedding, which cost more than $325,000, according to the NCA.

The agency even posted a Twitter video of Yakubets racing his Lamborghini, falling off a Segway and playing with a lion cub. “If Maksim Yakubets, who used the online identity of ‘Aqua,’ ever leaves the safety of Russia he will be arrested and extradited to the U.S.,” the agency warns. 

The glitzy showiness Yakubets displayed in the photos is relatively common among the top ranks of cybercriminals, Leo Taddeo, a former FBI special agent focused on cybercrimes, told me, comparing it to the lavish lifestyles of superwealthy drug dealers and organized crime leaders. 

Much like those other criminal enterprises, though, the lifestyles of the rich and famous are reserved for just a few people at the top, said Taddeo, the chief information security officer at Cyxtera Technologies.

“These groups operate like syndicates with people at the top — as you see in this indictment — making a lot of money, and people at the bottom making a lot less,” he said. 

The photos offer a rare glimpse into the shadowy world of cybercrime, a massive underground industry that the Center for Strategic and International Studies and tMcAfee estimate costs companies and consumers about $600 billion annually — or nearly 1 percent of the value of all goods and services in the global economy. 

Cybercrime’s victims include individuals whose accounts are pilfered, and myriad companies. Consumers also end up paying more for products or in credit card fees because companies pass on their cybercrime losses. 

Yakubets used malware known as “Bugat” and “Zeus” to steal passwords and other personal information from banking customers, then reroute wire transfers to foreign bank accounts and ultimately into his own pocket, as my colleagues Devlin Barrett and Matt Zapotosky reported.

Among his many thousands of U.S. victims were numerous small to midsize businesses, included a dairy company in Ohio, a luggage store in New Mexico and an order of religious sisters, FBI Deputy Director David Bowdich said during a news conference.

Yakubets also routinely worked on the side for Russia’s domestic intelligence agency, the Federal Security Service, stealing classified material from overseas targets, U.S. Treasury officials said. That’s a common occurrence in Russia where the line between cybercriminals and government-backed hackers is notoriously thin. 

The Justice Department is offering a $5 million reward for information that leads to Yakubets’s capture — the largest such offering ever for a cybercriminal.

Yakubets and an associate who was also indicted, Igor Turashev, are unlikely to end up in a U.S. prison, Justice Department officials acknowledged. That’s because Russia does not extradite its citizens in response to U.S. indictments. 

However, the indictment will still make life more difficult for the men, Taddeo told me, because they won’t be able to travel outside Russia. And Yakubets’s showy displays of wealth will make him an easy target for other cybercriminals who want to bully or extort him, or to compel his help in their own schemes. 

“Russia’s like a prison with 11 time zones,” Taddeo told me. “It’s not easy to be a known successful criminal in Russia because you often pay a price for that with other criminals asking you for all or part of your ill-gotten gains.”

PINGED, PATCHED, PWNED

PINGED: President Trump has routinely spoken with his personal lawyer, Rudolph W. Giuliani, and other associates on cellphones vulnerable to spying by Russia and other foreign adversaries, current and former U.S. officials tell my colleagues Paul Sonne, Josh Dawsey, Ellen Nakashima and Greg Miller. 

That’s particularly concerning because of phone records released this week by the House Intelligence Committee that show officials discussed Trump’s campaign to pressure Ukraine to clamp down on adversaries in the 2020 election on unencrypted lines. Spying on the calls could have allowed Russia to enlist operatives in Ukraine to feed Giuliani false information and further baseless claims such as that Ukraine helped hack the Democratic National Committee in the 2016 U.S. election, my colleagues reported.

Trump is not identified by name in the phone records, but House investigators suspect he may be the identity behind a blocked number listed as “-1” in the files. Trump has continues to use his personal device despite warnings from security officials and has given the number to foreign leaders, five people in communication with him in recent months said.

PATCHED:  TikTok’s leader will tour Capitol Hill next week in hopes of easing lawmakers’ concerns that the Chinese-owned company poses serious national security and privacy risks, my colleagues Tony Romm and Drew Harwell report.

Shanghai-based executive Alex Zhu hopes to meet with critics including Sen. Tom. Cotton (R-Ark,) who alongside Senate Minority Leader Sen. Charles E. Schumer (D-N.Y.) expressed concerns that the app may be sharing Americans’ data and messages with the Chinese government.

“It’s difficult to see a way forward for TikTok without a complete separation from its Beijing-based owner,” Cotton told my colleagues.

Zhu will also probably meet with Sen. Marco Rubio (R-Fla.), who pressed the Commerce Department to investigate TikTok’s parent company’s 2017 acquisition of a U.S. company for potential national-security risks.

PWNED: Apple is trying to placate security concerns after cybersecurity blogger Brian Krebs revealed that the newest models of its iPhones appear to be sending out location data, even after users disable Location Services in their phone settings.

The tracking is necessitated by a new Apple feature called “Ultra-wideband technology,” the company told TechCrunch’s Zack Whittaker. Apple is legally required to shut off the new feature in certain sensitive places and so has to track phones to make sure they aren’t in those places, the company said. 

But critics still question why it took Apple so long to admit what was going on. 

Here’s Guardian Firewall App founder Will Strafach: 

The only current use for the new feature is to allow iPhone users to automatically detect other users they can share files with, but it is rumored to be part of a forthcoming development that will allow users to tag and locate easily lost items such as keys.

PUBLIC KEY

— Cybersecurity news from the public sector:

PRIVATE KEY

— Cybersecurity news from the private sector:

THE NEW WILD WEST

— Cybersecurity news from abroad:

CHAT ROOM

CyberScoop Editor in chief Greg Otto decided to get ahead of the end-of-the-year news pitches by soliciting the worst cyber predictions for 2020 from Twitter. Here’s a sample of what he got:

Anti-virus pioneer, international man of mystery and sometimes presidential candidate John McAfee got a lot of mentions:

ZERO DAYBOOK

— Coming up:

• The Senate Judiciary Committee will host a hearing “Encryption and Lawful Acess: Evaluating Benefits and Risks to Public Safety and Privacy” on Tuesday at 10 a.m.