Cyber Justice

Three people were handed years-long sentences in federal court on Wednesday for a range of crimes connected to a widespread hacking and identity theft campaign. Alessandro Doreus, Jean Elie Doreus Jovin and Djouman Doreus pleaded guilty to conspiracy to commit fraud and aggravated identity theft in September 2021. Prosecutors said they defrauded hundreds of people from 2015 to 2020 by gaining access to Social Security numbers, account numbers, usernames and passwords.

A US District Judge gave 29-year-old Florida resident Alessandro Doreus and 34-year-old Georgia resident Jovin sentences of six years and nine months in federal prison. Djouman Doreus, 29 years old and also a Floridian, was handed a five-year sentence. The trio used the stolen information to take out loans, open credit cards and create financial accounts, frequently emailing each other files containing thousands of names, Social Security numbers, and dates of birth. In at least one instance, they used the fraudulently opened credit cards to pay fake vendor accounts that Jovin opened and controlled. They also filed fraudulent tax returns as a way to get refunds from the IRS. Law enforcement found that Jovin purchased stolen credentials on a dark web marketplace that gave him access to computer servers. The Justice Department said Jovin shared these compromised server credentials with Alessandro Doreus.[1]

These cyber criminals managed to evade law enforcement by opening dozens of email accounts. They were eventually stopped in August 2020 when the FBI executed a search warrant at the home of Alessandro Doreus and found the information of at least 300 people. During the raid, the FBI seized nearly $500,000 that they believe resulted from the group’s scams. “The Doreus trio wrongly assumed that their crimes would be untraceable, hidden under a cloak of Internet anonymity,” said IRS-CI Special Agent in Charge Brian Payne.

Image: FBI IC3

Nearly $7 billion was lost through internet crimes in 2021, surpassing a record set in 2020 by about $1.7 billion, according to the FBI’s annual Internet Crime Report. The center received 847,376 complaints throughout the year, with most concerning ransomware, business e-mail compromise (BEC) schemes, and the criminal use of cryptocurrency. It represents a 7% increase compared to 2020 and the FBI received an average of more than 2,300 complaints each day. The FBI said BEC crimes led to 19,954 complaints with an adjusted loss of nearly $2.4 billion in 2021.

In regulatory action, the U.S. Department of Transportation's Pipeline and Hazardous Materials Safety Administration (PHMSA) has proposed a penalty of nearly $1 million to Colonial Pipeline for violating federal safety regulations, worsening the impact of the ransomware attack last year. The $986,400 penalty is the result of an inspection conducted by the regulator of the pipeline operator's control room management (CRM) procedures from January through November 2020.[2]

The PHMSA said that "a probable failure to adequately plan and prepare for manual shutdown and restart of its pipeline system [...] contributed to the national impacts when the pipeline remained out of service after the May 2021 cyberattack."

Colonial Pipeline, operator of the largest US fuel pipeline, was forced to temporarily take its systems offline in the wake of a DarkSide ransomware attack in early May 2021, disrupting gas supply and prompting a regional emergency declaration across 17 states. The incident also saw the company paying out $4.4 million in ransom to the cybercrime syndicate to regain access to its computer network, although the US government managed to recover a significant chunk of the digital funds paid. "The pipeline shutdown impacted numerous refineries' ability to move refined product, and supply shortages created wide-spread societal impacts long after the restart," PHMSA said in a Notice of Probable Violation and Proposed Compliance Order. Colonial Pipeline's ad-hoc approach toward consideration of a 'manual restart' created the potential for increased risks to the pipeline's integrity as well as additional delays in restart, exacerbating the supply issues and societal impacts."

In response Colonial said, "This notice is the first step in a multi-step regulatory process and we look forward to engaging with PHMSA to resolve these matters," a spokesperson for Colonial Pipeline told media sources, adding that its, "incident command structure facilitates a deliberate approach when responding to events. As the 2021 cybersecurity incident demonstrated, Colonial's approach to operating manually gives us the flexibility and structure necessary to ensure continued safe operations as we adapt to unplanned events. Our coordination with government stakeholders was timely, efficient and effective as evidenced by our ability to quickly restart the pipeline in a safe manner five days after we were attacked, which followed localized manual operations conducted before the official restart."

Justice has many twists and turns.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization and wish to share cyber security views from across the Globe. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs. com

Weekly Cyber Intelligence Briefings: