Revealing the identity of the “invisible saint” hacker behind the hacking campaign took place in 44 countries

Tram Ho

A notorious hacker, who made $ 1.5 million by selling information from more than 300 companies and governments in 44 countries, has been identified as a 37-year-old man from Kazakhstan.

Known as ” Fxmsp “, this hacker is famous since 2019 when he posted ads selling the access rights and source code of the world’s leading cybersecurity companies, and insisted that he could turn customers. into an ” invisible saint in network systems “. However, the identity and techniques used by Fxmsp remain a mystery.

Until today, when a court document in the US was released, it revealed that Andrey Turchin – a Kazakh nationality – was the mysterious hacker behind the cyberattacks, while listing the details. Section 5 of the offenses is attributed to Fxmsp. These charges were made in 2018, when US investigators uncovered Turchin’s true identity, but were hidden – which is quite normal in cases involving hackers. foreign. But a judge in the western district of Washington asked for the document to be cracked, which was mainly due to a cybersecurity firm called Group-IB publicly disclosing Turchin’s identity in a report last month. .

A hacker with rich skills

Fxmsp first appeared in 2016, is a hacker with abundant technical knowledge and has a respectable data cracking record, but not much experience in taking advantage of business strengths – according to Group-IB. In the following year, he began posting advertisements for the sale of access to networks of hotels and banks around the world – a sign of a successful “career” and for See the situation of his criminal activities is increasing.

In 2019, Fxmsp took a big headline on websites when advertising access to data belonging to three major cybersecurity companies, including McAfee, Trend Micro, and Symantec. He sold the access and source code of the network for between $ 300,000 and $ 1 million. US officials said Fxmsp victims suffered tens of millions of dollars in losses due to malware, unauthorized access, and damage to the network.

The Fxmsp tactic used by Group-IB is described as ” very simple but effective “. Fxmsp takes advantage of the security breaches that every major company in the world, including organizations that should be closely protected, suffers from. He dug into many famous cybercrime forums of Russian-speaking countries, and after partnering with another hacker named Lampeduza, Fxmsp became one of the hackers with rich marketing and advertising experience. The most effective on the market.

Lộ diện danh tính hacker “thánh vô hình” đứng sau chiến dịch hack diễn ra tại 44 quốc gia - Ảnh 1.

Fxmsp is one of the most effective sellers of access to networks in the history of the underground world of Russian-speaking cyber criminals, ” Group-IB’s Dmitry Volkov said last month. ” Despite using simple methods, Fxmsp has sought to gain access to energy companies, government organizations, and even some Fortune 500 corporations .”

Officials say the Fxmsp case involved investigations by the FBI, the British National Crime Agency, and private security companies.

Prices usually range from a few thousand dollars to more than a hundred thousand dollars, depending on the victim and the level of access and control of the system, ” the Justice Department said. ” Many transactions take place through a broker or a third party, allowing buyers to try to access the network for a limited time to check the quality and reliability of such illegal access. ” .

But despite its success, Fxmsp is still fairly shallow and arbitrary. One of the long-standing rules of the Russian hacker underworld is that you can’t hack Russia – or if you have to keep quiet about it. Fxmsp did the opposite – as reported by Group-IB – when he tried to sell access to Russian government networks that he had cracked. This led him to quickly be banned from participating in cybercrime forums before he realized the mistake, and has never repeated that ever since. However, mistakes at the beginning are clues to help researchers find Fxmsp identity. Turchin is currently facing a series of allegations, including conspiracy to carry out computer hacks, two counts of computer fraud and abuse, conspiracy to conduct digital scams, and device access scams.

It is unlikely to be extradited

US law enforcement said Turchin was more likely to know that if he went to the United States, he would be immediately taken to court. US, European, and Kazakh authorities are investigating the case together. Kazakhstan does not support extradition, and because Turchin is a Kazakh citizen, it is likely to be tried in this country.

Since last year, Fxmsp has stopped working publicly after the press focused on exploiting hacking attacks worth $ 1 million from cybersecurity companies (mentioned above). A recent report from cybersecurity firm Advanced Intelligence, which has been following Fxmsp for years, raises a number of theories, including one that says his hacking group is still working under names. and at different locations.

Reference: MITTechnologyReview

Share the news now

Source : Genk