Information for Victims in Large Cases
U.S. v. Andrey Turchin
The indictment charges TURCHIN with conspiracy to commit computer hacking, two counts of computer fraud and abuse (hacking), conspiracy to commit wire fraud, and access device fraud. TURCHIN and his accomplices perpetrated an ambitious hacking enterprise broadly targeting hundreds of victims across six continents. TURCHIN employed a collection of hacking techniques and malicious software (malware) to gain and maintain access to victim networks. For instance, he often used specially designed code to scan the Internet for open Remote Desktop Protocol (RDP) ports and conduct brute-force attacks to initially compromise victim networks. Once inside the victim’s system, he moved laterally throughout the network and deployed additional malicious code to locate and steal administrative credentials and establish persistent access. The conspirators often modified antivirus software settings to allow malware to continue to run undetected. TURCHIN and his co-conspirators then marketed and sold the network access on various underground forums commonly frequented by hackers and cybercriminals, such as Exploit.in, fuckav.ru, Club2Card, Altenen, Blackhacker, Omerta, Sniff3r, and L33t, among others. As has been publicly reported, the “fxmsp” group has been linked to numerous high-profile data breaches, ransomware attacks, and other cyber intrusions.
U.S. v. Pigida et al
Volodimyr Pigida and Marina Bondartenko are charged with operating a Ponzi scheme through their business Trend Sound Promoter. Through the scheme, defendants are alleged to have caused more than $11 million is losses. They are further alleged to have fraudulently used proceeds from their scheme for their own benefit, to include the purchase of houses and vehicles. Finally, the charges allege that the defendants committed fraud by hiding assets and transactions in connection with Trend Sound Promoter’s bankruptcy proceeding.
U.S. v. Fedir Oleksiyovych Hladyr, U.S. v. Dmytro Valerievich Fedorov, U.S. v. Andrii Kolpakov, U.S. v. Denys Iarmak
Members of a prolific hacking group widely known as FIN7 (also referred to as the Carbanak Group and the Navigator Group, among other names) engaged in a highly sophisticated malware campaign targeting more than 100 U.S. companies, predominantly in the restaurant, gaming, and hospitality industries. FIN7 hacked into thousands of computer systems and stole millions of customer credit and debit card numbers as well as proprietary and non-public information, which the group used or sold for profit. In the United States alone, FIN7 successfully breached the computer networks of companies in 49 states and the District of Columbia, stealing over 15 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations. Companies that have publicly disclosed hacks attributable to FIN7 include such familiar chains as Chipotle Mexican Grill, Chili’s, Arby’s, and Jason’s Deli.
United States v. Jorge Consuegra-Rojas
On February 15, 2018, Consuegra-Rojas was charged in the Western District of Wisconsin with multiple crimes related to access device fraud and possession of counterfeit access devices. Consuegra-Rojas and another individual were arrested in Mauston, Wis., on September 12, 2016, after attempting to use a counterfeit credit card at a Festival Foods store. A search of Consuegra-Rojas’s vehicle revealed counterfeit credit cards, false identification documents, 280 gift cards, multiple cellular telephones, two computers, three flash drives, six skimmers, and a credit card reader/writer. The subsequent investigation revealed that the three flash drives and two computers contained a total of 1,679 stolen credit card numbers. The stolen credit card numbers were used to buy gift cards and other merchandise at a variety of retailers throughout Minnesota between September 6 and September 12, 2016, including Home Depot, Walmart, and Sam’s Club.