The brute-force account cracking tool of Sentry MBA has been used to compromise user accounts.
For nine months, an individual who was interested in a hack into the British National Lottery database and hijacking customer accounts was jailed.
Camelot, the UK national crime agency (NCA), said last week that Anwar Batson from Notting Hill, London, had helped and tuition to compromise the lotery operator.
The 29-year old, Idris Kayode Akinwunmi and Daniel Thompson and others, focused on fast cash from the auction, and Batson suggested the use of Sentry MBA to break and control user accounts.
“Even the most basic forms of cybercrime can have a substantial impact on victims,” said NCA senior investigating officer Andrew Shorrock. “No one should think cybercrime is victimless or that they can get away with it.”
Sentry MBA is a widely available digital cracking tool online. The software suite can be used when there are no anti-automation protections, taking into account the need for technical knowledge to smash a service online, with lists of weak passwords and device combos, and vulnerability account combinations exposed by data dumps and paste websites.
According to the 2019 survey of Verizon, 71% of data breaches currently are financially motivated, with about 70% containing defective and corrupted passwords.
The 29-year-old “told others that they could quickly make cash,” named Rosegold, with Sentry MBA, conversed “over hacking, purchasing and selling username and password lists, settings files and personally identifiable information,” UK prosecutions said.
Throughout 2016, the NCA was made aware that a cyber attack against the National Lottery has taken place. The company emphasized that the main drawing structures were not compromised, but the fire was on a site of millions of records.
The National Lotery reported then that around 27,000 player records could be compromised because of “suspicious activity,” and information could have been revealed including addresses, contact details, birth dates and restricted card data.
Batson used the tool to collect credentials, including those of one player from a lottery who had £ 13 stolen from Akinwunmi’s account, of which £ 5 had been shipped to Baston.
The payment was low, but still counted as theft and a crime under the Computer Misuse Act of Great Britain in 1990. Nevertheless, the National Lottery operator had to pay £ 230,000 for the attacks and 250 customers closed their accounts for the advertisement of the event, according to The Register.
Upon pleading guilty for four offences in the Southwark Crown Court and one charge of theft, Batson was sentenced to serve nine months behind bars. Initially, Batson refused to participate.
In 2018, Thompson and Akinwunmi were imprisoned for 8 months and four months respectively, after being charged with brute-force breaking efforts to attack the National Lottery Web site.
Over four years, the US Department of Justice (DoJ) jailed a US resident last week for large identity theft. Babatunde Olusegun Taiwo engaged in a scheme, which included the submission of false tax returns and compensation requests through the U.S. Internal Revenue Service (IRS) of the personal identification details of people exposed through a preliminary data breach.
In fact, Taiwo and co-defendants sought compensation for more than $12 million. The IRS paid $800,000 prior to the involvement of law enforcement.
Source : HackerCombat