Featured Article

Meet the cybercriminals of 2022

Arrested, but not forgotten


A golden award trophy on a background of dark green jail bars.
Image Credits: Bryce Durbin / TechCrunch

Arrested, seized, doxed and detained. These are just some of the ways police and prosecutors around the world took down the biggest cybercrime operations of the year, even if it meant resorting to new and unconventional eyebrow-raising methods. From stashing billions of bitcoin under the floorboards to teenage hackers gatecrashing Fortune 500 networks, this year saw some of the most jaw-dropping breaches — and the highest-profile apprehensions.

As we close out 2022, we look back at the cybercriminals we lost this year … to the law.

Sanctions and seizures hit the crypto scene

U.S. officials scored some major wins against crypto-laundering in 2022. At the beginning of the year, the Justice Department said it had seized more than $3.6 billion worth of bitcoins allegedly stolen in the 2016 hack of crypto exchange Bitfinex and that it had arrested a married couple suspected of laundering the money.

The couple — Ilya Lichtenstein, 34, and Heather Morgan, 31 — face up to 25 years in prison if convicted on charges of conspiring to launder money and defrauding the U.S. government.

Later in the year, the Office of Foreign Asset Control (OFAC), a watchdog within the U.S. Treasury tasked with enforcing sanctions violations, announced that it had sanctioned decentralized cryptocurrency mixing service Tornado Cash for its role in enabling billions of dollars’ worth of cryptocurrency to be laundered through its platform.

Tornado Cash, along with other mixers such as AlphaBay, allows customers to conceal the source of their crypto funds when participating in a transaction in exchange for a fee. It blends potentially identifiable or tainted cryptocurrency funds with others to obfuscate the source and destination of crypto assets. More than $1.5 billion in proceeds of crime, like ransomware and fraud, has been laundered through Tornado Cash to date, experts estimate.

U.S. doxes alleged Conti ransomware member

In August, the U.S government shared an image of a suspected Conti ransomware operator known as “Target,” the first time it has outed a major ransomware actor. The program also offered up to $10 million for information leading to the identification and location of Target, along with four other alleged Conti members known as “Tramp,” “Dandis,” “Professor” and “Reshaev.”

The State Department said Conti has carried out more than 1,000 ransomware operations targeting U.S. and international critical infrastructure. Most recently, the gang infiltrated 27 government institutions in Costa Rica and demanded a $20 million ransom.

Image Credits: State Department (handout)

Another gang dealt a devastating hit in 2022 was NetWalker, a ransomware gang that has been linked to numerous high-profile incidents including an attack on the University of California San Francisco, which paid a ransom demand of more than $1 million, and an attack targeting cyberthreat startup Cygilant. Between August 2019 and January 2021, ransomware attacks involving NetWalker pulled $46 million in ransom payments, according to cryptocurrency analysis firm Chainalysis.

In October, Sebastien Vachon-Desjardins, a 34-year-old from Quebec, was sentenced in a Florida court in October after pleading guilty to charges related to his involvement with NetWalker. Vachon-Desjardins, who worked as an IT consultant for Public Works and Government Services in Canada, was previously arrested by Canadian police in January 2021 and sentenced to seven years in prison. During a search of his home, law enforcement officials discovered and seized 719 bitcoin and $790,000 in Canadian currency.

James Zhong, the hacker who stole billions of Silk Road’s bitcoin

In a surprising yet anticlimactic conclusion to one of the government’s longest-running cyber cases, the mystery of the notorious dark web drugs marketplace Silk Road’s missing billions was solved. In November, U.S. federal agents said it found $3.36 billion worth of bitcoin that had been stashed in a popcorn can under the bathroom closet floorboards in the home of the hacker nearly a decade earlier. Prosecutors brought charges against the hacker, a Georgia resident named James Zhong, whose plea agreement with the feds saw him forfeit the huge cache of cryptocurrency, along with $600,000 in cash and other precious metals.

Somewhat confusingly, Zhong is the second hacker to have ultimately turned over Silk Road’s stolen billions — albeit at a lower exchange rate than today. In 2020, a hacker who went by the alias Individual X forfeited another huge cache of Silk Road’s bitcoin that they had stolen years earlier during a hacking spree over 2012 and 2013. The Justice Department’s latest forfeiture closed the door on another billion-dollar mystery, even if the feds kept secret how the funds were stolen or how they came to find the hacker, long after Silk Road’s founder Ross Ulbricht was jailed.

The partial contents of the popcorn can, containing memory cards with billions of cryptocurrency and other precious metals. Image Credits: Justice Dept. (handout)

Raccoon Stealer operator charged over mass password theft

U.S. officials in October charged a Ukrainian national over his alleged role in the Raccoon Infostealer malware-as-a-service operation that infected millions of computers worldwide. Mark Sokolovsky, who goes by the online handle “raccoonstealer,” is accused of having a major role as a key administrator of the malware, which prosecutors say was used to steal more than 50 million unique credentials and forms of identification from victims around the world since February 2019.

Sokolovsky is charged with computer fraud, wire fraud, money laundering and identity theft and faces up to 20 years in prison if found guilty. Sokolovsky is in Amsterdam awaiting extradition to the United States.

Sokolvsky’s arrest led to an uptick in new Mars Stealer campaigns, including the mass-targeting of Ukraine in the weeks following Russia’s invasion and a large-scale effort to infect victims by malicious ads. However, in November, a security research and hacking startup told TechCrunch that it had found a coding flaw that allows it to lock out operators of the Mars Stealer malware from their own servers and release their victims.

​​Seller of WhatsApp-hacking tech pleads guilty

Signal jammers, Wi-Fi interception tools and WhatsApp hacking tools. These are some of the things that one Mexican businessman admitted in federal court to selling for both commercial and personal reasons. The Justice Department accused Carlos Guerrero of, among other things, arranging the sale of hacking tools to Mexican politicians and using other equipment he sold to intercept the phone calls of a U.S. rival. It goes to show that it’s not just nation states and governments with powerful phone spying technology at their disposal.

Lapsus$ rounded up once, twice

The Lapsus$ gang rose to notoriety in 2022. The data extortion group, which first emerged a year earlier, quickly claimed a number of high-profile victims, including Okta, Microsoft, Nvidia and Samsung.

While the gang once seemed invincible, a number of its members were arrested in March this year. In a statement given to TechCrunch at the time, City of London Police confirmed that seven people between the ages of 16 and 21 had been arrested in connection with Lapsus$.

News of the arrests came just hours after a Bloomberg report revealed a teenager based in Oxfordshire, U.K. is suspected of being the mastermind of the Lapsus$ group. Researchers investigating the gang’s recent hacks said they believed the 16-year-old, who uses the online moniker “White” or “Breachbase,” was a leading figure in Lapsus$. Bloomberg was able to track down the suspected hacker after his personal information was published online by rival hackers. Weeks later, U.K. police said they had charged two of the teenagers with multiple cyber offenses.

SSNDOB, a marketplace for stolen Social Security numbers, is no more

U.S. officials in June announced the takedown of SSNDOB, a notorious marketplace used for trading the personal information — including Social Security numbers, or SSNs — of millions of Americans.

The landmark operation was carried out by the FBI, IRS and the DOJ, with help from the Cyprus Police, and saw authorities seize four domains hosting the SSNDOB marketplace.

SSNDOB listed the personal information for approximately 24 million individuals in the United States, including names, dates of birth, SSNs and credit card numbers and generated more than $19 million in revenue, according to prosecutors. Chainalysis reported separately that the marketplace has received nearly $22 million worth of bitcoin over 100,000 transactions since April 2015, though the marketplace is believed to have been active for several years prior to its eventual seizure.

The FBI’s seizure notice on SSNDOB shortly after the site was taken down by federal authorities. Image Credits: TechCrunch (screenshot)

Ex-Amazon engineer convicted of Capital One data heist

Also in June, Paige Thompson, a former engineer in Amazon’s cloud division, was convicted of a breach that compromised the personal and financial information of 100 million CapitalOne customers in 2019. The breach was one of the biggest bank heists in U.S. history, which included the theft of credit scores, limits and balances, and also affected a million Canadians. Thompson was accused of using her knowledge as an Amazon software engineer to breach CapitalOne’s online cloud storage, hosted on Amazon’s servers, and compromising the cloud storage of several other companies, including Vodafone, Ford and Ohio’s state motor vehicle agency. Prosecutors said the former Amazon engineer was “one bad day away from sharing the data she stole.” As such, Thompson was sentenced to time served, allowing her to avoid prison.

A major REvil operator was extradited to the United States

With a $10 million bounty on their heads after a brazen ransomware attack on Kaseya that spread to hundreds of its downstream customers, it was only a matter of time before the REvil ransomware group’s luck would run out. That’s what happened with Yaroslav Vasinskyi, a 22-year-old Ukrainian national, who was arrested in Poland in October and later arraigned and extradited to Dallas, Texas to face accusations of computer hacking and fraud by way of his alleged involvement with REvil. Vasinskyi is one of two other alleged REvil members charged by U.S. prosecutors in relation to the attack on Kaseya. It was only after the FBI recovered the decryption key that victims were able to gain access back to their encrypted files.

U.K. arrest teenagers linked to Uber and GTA hacks

In September, police in London confirmed that a 17-year-old teenager suspected of involvement in high-profile breaches at ride-hailing giant Uber and Rockstar Games had been charged with multiple counts of computer misuse and breaches of bail.

These hacks were two of the most high-profile of 2022. Uber, which said it believed a hacker affiliated with Lapsus$ was responsible for the attack, was forced to take several of its internal tools offline while it expelled the hacker from its network. Shortly before Uber’s Slack system was taken offline, Uber employees received a message that read, “I announce I am a hacker and Uber has suffered a data breach.” The hacker also reportedly said that Uber drivers should receive higher pay.

In the case of Rockstar Games, the attacker — who also goes by the alias “TeaPot” — claimed to have gained access to Rockstar Games’ internal messages on Slack and early code for an unannounced Grand Theft Auto sequel by gaining access to an employee’s login credentials.

It’s all in the (lack of) details: 2022’s badly handled data breaches

More TechCrunch

After Apple loosened its App Store guidelines to permit game emulators, the retro game emulator Delta — an app 10 years in the making — hit the top of the…

Adobe comes after indie game emulator Delta for copying its logo

Meta is once again taking on its competitors by developing a feature that borrows concepts from others — in this case, BeReal and Snapchat. The company is developing a feature…

Meta’s latest experiment borrows from BeReal’s and Snapchat’s core ideas

Welcome to Startups Weekly! We’ve been drowning in AI news this week, with Google’s I/O setting the pace. And Elon Musk rages against the machine.

Startups Weekly: It’s the dawning of the age of AI — plus,  Musk is raging against the machine

IndieBio’s Bay Area incubator is about to debut its 15th cohort of biotech startups. We took special note of a few, which were making some major, bordering on ludicrous, claims…

IndieBio’s SF incubator lineup is making some wild biotech promises

YouTube TV has announced that its multiview feature for watching four streams at once is now available on Android phones and tablets. The Android launch comes two months after YouTube…

YouTube TV’s ‘multiview’ feature is now available on Android phones and tablets

Featured Article

Two Santa Cruz students uncover security bug that could let millions do their laundry for free

CSC ServiceWorks provides laundry machines to thousands of residential homes and universities, but the company ignored requests to fix a security bug.

21 hours ago
Two Santa Cruz students uncover security bug that could let millions do their laundry for free

OpenAI’s Superalignment team, responsible for developing ways to govern and steer “superintelligent” AI systems, was promised 20% of the company’s compute resources, according to a person from that team. But…

OpenAI created a team to control ‘superintelligent’ AI — then let it wither, source says

TechCrunch Disrupt 2024 is just around the corner, and the buzz is palpable. But what if we told you there’s a chance for you to not just attend, but also…

Harness the TechCrunch Effect: Host a Side Event at Disrupt 2024

Decks are all about telling a compelling story and Goodcarbon does a good job on that front. But there’s important information missing too.

Pitch Deck Teardown: Goodcarbon’s $5.5M seed deck

Slack is making it difficult for its customers if they want the company to stop using its data for model training.

Slack under attack over sneaky AI training policy

A Texas-based company that provides health insurance and benefit plans disclosed a data breach affecting almost 2.5 million people, some of whom had their Social Security number stolen. WebTPA said…

Healthcare company WebTPA discloses breach affecting 2.5 million people

Featured Article

Microsoft dodges UK antitrust scrutiny over its Mistral AI stake

Microsoft won’t be facing antitrust scrutiny in the U.K. over its recent investment into French AI startup Mistral AI.

23 hours ago
Microsoft dodges UK antitrust scrutiny over its Mistral AI stake

Ember has partnered with HSBC in the U.K. so that the bank’s business customers can access Ember’s services from their online accounts.

Embedded finance is still trendy as accounting automation startup Ember partners with HSBC UK

Kudos uses AI to figure out consumer spending habits so it can then provide more personalized financial advice, like maximizing rewards and utilizing credit effectively.

Kudos lands $10M for an AI smart wallet that picks the best credit card for purchases

The EU’s warning comes after Microsoft failed to respond to a legally binding request for information that focused on its generative AI tools.

EU warns Microsoft it could be fined billions over missing GenAI risk info

The prospects for troubled banking-as-a-service startup Synapse have gone from bad to worse this week after a United States Trustee filed an emergency motion on Wednesday.  The trustee is asking…

A US Trustee wants troubled fintech Synapse to be liquidated via Chapter 7 bankruptcy, cites ‘gross mismanagement’

U.K.-based Seraphim Space is spinning up its 13th accelerator program, with nine participating companies working on a range of tech from propulsion to in-space manufacturing and space situational awareness. The…

Seraphim’s latest space accelerator welcomes nine companies

OpenAI has reached a deal with Reddit to use the social news site’s data for training AI models. In a blog post on OpenAI’s press relations site, the company said…

OpenAI inks deal to train AI on Reddit data

X users will now be able to discover posts from new Communities that are trending directly from an Explore tab within the section.

X pushes more users to Communities

For Mark Zuckerberg’s 40th birthday, his wife got him a photoshoot. Zuckerberg gives the camera a sly smile as he sits amid a carefully crafted re-creation of his childhood bedroom.…

Mark Zuckerberg’s makeover: Midlife crisis or carefully crafted rebrand?

Strava announced a slew of features, including AI to weed out leaderboard cheats, a new ‘family’ subscription plan, dark mode and more.

Strava taps AI to weed out leaderboard cheats, unveils ‘family’ plan, dark mode and more

We all fall down sometimes. Astronauts are no exception. You need to be in peak physical condition for space travel, but bulky space suits and lower gravity levels can be…

Astronauts fall over. Robotic limbs can help them back up.

Microsoft will launch its custom Cobalt 100 chips to customers as a public preview at its Build conference next week, TechCrunch has learned. In an analyst briefing ahead of Build,…

Microsoft’s custom Cobalt chips will come to Azure next week

What a wild week for transportation news! It was a smorgasbord of news that seemed to touch every sector and theme in transportation.

Tesla keeps cutting jobs and the feds probe Waymo

Sony Music Group has sent letters to more than 700 tech companies and music streaming services to warn them not to use its music to train AI without explicit permission.…

Sony Music warns tech companies over ‘unauthorized’ use of its content to train AI

Winston Chi, Butter’s founder and CEO, told TechCrunch that “most parties, including our investors and us, are making money” from the exit.

GrubMarket buys Butter to give its food distribution tech an AI boost

The investor lawsuit is related to Bolt securing a $30 million personal loan to Ryan Breslow, which was later defaulted on.

Bolt founder Ryan Breslow wants to settle an investor lawsuit by returning $37 million worth of shares

Meta, the parent company of Facebook, launched an enterprise version of the prominent social network in 2015. It always seemed like a stretch for a company built on a consumer…

With the end of Workplace, it’s fair to wonder if Meta was ever serious about the enterprise

X, formerly Twitter, turned TweetDeck into X Pro and pushed it behind a paywall. But there is a new column-based social media tool in town, and it’s from Instagram Threads.…

Meta Threads is testing pinned columns on the web, similar to the old TweetDeck

As part of 2024’s Accessibility Awareness Day, Google is showing off some updates to Android that should be useful to folks with mobility or vision impairments. Project Gameface allows gamers…

Google expands hands-free and eyes-free interfaces on Android