The FBI’s Most Wanted Hackers Are All Still at It

Worried about the most wanted hackers? Try RingCaptcha two factor authentication for SMS

While the U.S. appears to have made headway on the largest legal case against some of the most wanted hackers, nothing resembling arrests appears imminent. The four accused remain at large, and frankly, the three who still reside in Russia — well, hacking is considered about as serious a crime over there as getting a parking ticket.

So far, Russia hasn’t cowed to diplomatic pressure to extradite anyone the U.S. wants to haul into court — so why would things turn out differently for the recently indicted, who are a pair of Russian spies along with two Russian criminal hackers?

Of course, we wish they would turn out differently in this case, but look at what we’re dealing with here: Professional hackers, meaning those who earn a living doing it, move from place to place and create new online aliases as fast as they can.

They (and their bots) can try to impersonate people you want to have as members or customers in order to get into your website or app and wreak havoc. If you’re not using two-factor authentication with all external parties, well, we bet you’ll want to after you read all the way through this article.

The Most Wanted Hackers

To make this a bit more concrete, let’s take a look at some of the characters  on the FBI’s most wanted list. Yes, they include three of the four Russians indicted for the 2014 heist of 500 million Yahoo user accounts — Alexsey BelanDmitry Akesandrovich DokuchaevIgor Anatolyevich Sushchin, and Karim Taloverov.

While the espionage aspects of their case have certainly intrigued us, they haven’t been as enterprising as some of the others on the list that we’re about to discuss. All of them remain at large, hacking away, conveniently located in other countries that don’t have extradition treaties with the U.S.

Peteris Sahurovs

One of the most wanted hackers, Peteris Sahurovs, would be kept out by RingCaptcha 2FA SMS.
The FBI is offering a $50,000 reward for Peteris Sahurovs, whose ransomware schemes included selling fake antivirus software.

Aliases include: PIOTREK, PIOTREK89, and SAGADE

FBI Reward: $50,000

Charges: In 2010, Sahurovs made over $2 million by selling fake antivirus software. He used fraudulent references and bank accounts to place advertisements for a hotel chain on news websites. These so-called “malvertisements” contained malicious code so that when you clicked on them, your desktop would be flooded with pop-ups and fake security alerts.

Users were forced to pay $49.95 for a fake anti-virus software to regain control of their computers; otherwise, they were constantly inundated with bogus security alerts. If you didn’t buy the fake software, eventually, the virus prevented you from accessing any computer data at all.

On May 17, 2011, Sahurovs was indicted for wire fraud, conspiracy to commit wire fraud, and unauthorized access to a protected computer. The same day, a federal warrant was issued for his arrest.

How to protect yourself: Make sure your computer is running real antivirus and firewall software. Enable the software to automatically check for updates. Consider upgrading to a version with more features than those available in freeware, just to make sure you’re covered. We love Comodo because the U.S. CIA called it is the hardest to hack out of anything in the category — the highest praise possible.

To protect your small business from spreading malware — like the news websites did — make sure you take a closer look at everyone who wants to advertise on your site. This kind of due dilligence ends up costing a lot less than what you might pay to repair damages after the fact.

Nicolae Popescu

Use RingCaptcha 2FA to keep the most wanted hackers like Nicolae Popescu from wreaking havoc on your website or app.
Nicolae Popescu and his associates auctioned off nonexistent vehicles to the highest bidder.

Aliases include: Nicolae Petrache, Nae, Stoichitoiu

FBI Reward: $1 million

Charges: Nicolae Popescu and his associates made $3 million auctioning off fake goods online. He’d post fake auction listings on websites like eBay, Autotrader.com, and Cars.com. His listings would include images and descriptions of cars and other goods that essentially didn’t exist.

From there, he’d negotiate with potential buyers via email, and send them an invoice that seemed like it was from a legitimate payment source, like PayPal or Amazon, with instructions on how to wire the payment to a U.S. bank account. A conspirator, who set up the account under a false identity, would then wire Popescu the proceeds.

Unfortunately, the Romanian government had captured him in 2010, but he was able to walk out of court and escape because of a legal glitch. A federal arrest warrant was issued for Nicolae Popescu on December 20, 2012, in the U.S., following an indictment for eight different charges.

How to protect yourself: When you’re shopping online, sign up for Verified by Visa or MasterCard SecureCode for an extra layer of security in your credit-card transactions. If you’re running a marketplace or e-commerce site (like Cars.com, for example), verify your users as they join with RingCaptcha’s SMS authentication. This blocks bulk registrations and deters fraudulent transactions.

Izz ad-Din al-Qassam Cyber Fighters

Aliases include: M3S3C3 and M3HRAN for Ahmad Fathi; Nitrojen26 and Sadegh Nitrojen for Mohammad Sadegh Ahmadzadegan; PLuS for Omid Ghaffarinia, Turk Server for Nader Saedi (and no aliases known for Sina KeissarHamid Firoozia, nor Amid Firoozia)

Charges: From late 2011 to mid-2013, this group of seven Iranians ran a series of distributed denial-of-service (DDoS) attacks on 46 U.S. companies that were primarily in the financial sector. DDoS attacks overwhelm services to render them unavailable. The campaign caused the victims to lose tens of millions of dollars over the course of 176 days.

The attacks were coordinated by the Iranian government and the Islamic Revolutionary Guard Corps. The group also unsuccessfully tried to hack a dam in Port Chester, N.Y., which seemed comically small — the only damage it would’ve done was flood a bunch of basements. Authorities suspect the hackers went after the dam as an experiment before trying to interfere with major infrastructure (like a hydroelectric power grid).

On March 24, 2016, the U.S. indicted the seven hackers for a host of charges related to the hackings. The FBI has not posted any reward information related to this case.

How to protect yourself: Hire a developer to run a script on your site that tests for sudden changes in volume — so if DDoS attackers try to overwhelm your site, you can catch it early. From there, your Internet service provider (ISP) can help you block the malicious traffic. Actually, we recommend you base your choice of ISP on which ones offer built-in DDoS protection.

We highly recommend Cloudflare, which has the most scalable DDoS protection available — including versions that are bundled into other security offerings, domain name hosting, and content delivery networks (which speed up websites).

See the Pattern?

We could go on to tell you about the other 22 hackers on the FBI’s list but by now we’re hoping you’ve gotten the gist of our message. As much as we love the efforts of legal authorities in the fight against cybercriminals, unfortunately there’s only so much you can do when the perps reside in countries that are at best indifferent about doing business with the U.S.

Unfortunately, some economies just don’t pay techies what they deserve yet make it difficult for them to set sail for more capitalistic societies. That leaves little choice but turning to a life of crime — often through increasingly sophisticated organizations.

Perhaps reading about the types of threats that might be knocking at your door has whetted your appetite for using RingCaptcha to vet others outside of your organization. Click here to get started.

  • Jeffrey McGuinness

    This a pretty existentialist view of hacking — the biggest ones are never going to be stopped? Never ever? Wow!