Ukraine's Secret Service Busts 5 Alleged 'Phoenix' HackersAlleged Phoenix Cybercrime Group Suspects Charged With Selling Hacking As A Service
The Secret Service of Ukraine has arrested five Ukrainian citizens on suspicion of being members of an international hacking group called Phoenix. All have been charged with targeting hundreds of victims over the past two years, including accessing their mobile devices, stealing personal data and selling hacking as a service to others, the SSU says.
See Also: Splunk Security Predictions 2021
All five suspects were arrested during raids conducted by the SSU in five locations - including homes, offices and technical centers disguised as mobile phone shops - in the Ukrainian cities of Kyiv and Kharkiv, the SSU says. The date of the raids has not been disclosed.
СБУ викрила міжнародну хакерську групу: «зламували» мобільні телефони та крали паролі
Вони позиціонували себе як учасники міжнародного хакерського угруповання «Phoenix».
Як проходили обшуки у хакерів, дивіться за посиланням https://t.co/iVs6Kdo57o pic.twitter.com/8Y9aITeiZV— СБ України (@ServiceSsu) November 24, 2021
Searches of the premises led to the recovery of hardware and software that the SSU says was used for malicious activities. Agents also recovered several stolen and lost Apple mobile phones that had been unlocked, their data exfiltrated data, and which were being offered for sale via a network of stores operated by the gang, the SSU says.
The SSU did not immediately respond to Information Security Media Group's request for comment about whether the allegedly stolen devices being offered for sale might have been subverted, for example, by implanting them with malware designed to steal the new owners' information.
Alleged Phishing Activity
The suspects allegedly also ran phishing sites, disguised as sites for popular mobile phone manufacturers such as Apple and Samsung, to lure fresh victims, authorities say. In some cases, this helped them gain access to victims' device remotely, the SSU says.
In such cases, attackers would record victims' login credentials for their devices, then steal the data being stored, including financial information, to enable them to drain funds from financial accounts tied to the device and its apps, the SSU says. "The data obtained in this way enabled the thieves to withdraw funds from accounts and sell information about victims' private lives to third parties," it adds.
List of Charges
Apart from selling stolen data, the suspects allegedly also pursued another scheme for monetary gains: mobile hacking-as-a-service.
Based on chats discovered on suspects' own mobile devices seized by agents in their raids, the SSU says suspects also offered to hack mobile devices, as a service, to other criminals, charging $200 per mobile phone account on average.
Based on its preliminary investigation, the SSU has filed charges against the detained suspects under Article 361 of the criminal code of the Republic of Ukraine, which prohibits the "willful interference with the operation of computers, computer systems and networks."
Article 361 states that in the case of a crime being committed by a group of individuals as part of a conspiracy, all face "restraint of liberty" for up to five years, or a prison term of three to five years.
Security experts say the arrests will send a message to other criminals present and future. "Arresting and charging criminals is perhaps one of the biggest deterrents to up-and-coming, would-be cyber criminals," Javvad Malik, security awareness advocate at KnowBe4, tells Information Security Media Group. "However, as the world moves more and more rapidly with its digital dependency, it is likely we will see law enforcement having to devote more resources to cybercrime in the future."
Complicated Law Enforcement Picture
The law enforcement picture in Ukraine, furthermore, remains complicated, not least following the annexation of Crimea by Russia, and Russian-supported separatists controlling parts of the eastern region of the country, which experts say has created space for criminal activity with defacto Russian protection.
Corruption remains another problem, with Ukraine ranking 117 out of 180 countries - with 1 being least corrupt, and 180 most corrupt - on Transparency International's Corruption Perceptions Index .
Historically, such corruption has helped provide cover for all sorts of criminal operations, typically in exchange for a cut of any proceeds, says Alan Calder, CEO at GRC International Group. "Unfortunately, it seems apparent that there are cybercriminals working in collusion with governments that give them 'shelter', and as long as the criminals behave as their protectors wish, they will be largely immune from prosecution in other jurisdictions."
Protection for criminals can also provide cover for reprisals, he says. "The exposure of criminal networks is always useful, because the more the world is aware of what is going on, the more likely it is to take heed and appropriate defensive action," Calder says. "Frustratingly, however, there will always be a likelihood of a criminal counter-attack on law enforcement agencies who try to expose and prevent the criminals, because we need to remember after all, these are criminals with significant resources and with nation-state protection."