Connect with us

Cyber Attacks/Data Breaches

Ex-twitter employee gets 42 months for taking $300,000 bribe and sharing confidential information of twitter accounts.

Published

on

For his role in accessing, monitoring, and communicating confidential and sensitive information that could have been used to locate Twitter users of interest to the Saudi Royal Family, a California man was given a sentence of 42 months in federal prison yesterday.

After a two-week jury trial, 45-year-old Ahmad Abouammo was found guilty of acting as a foreign agent without notifying the Attorney General, conspiracy, wire fraud, international money laundering, and falsifying records in a federal investigation on Aug. 9.

“By selling individuals’ personal information to a foreign power for profit, Mr. Abouammo violated the trust that was placed in him to protect their privacy. According to Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division, “His conduct was made all the more egregious by the fact that the information was intended to target political dissidents speaking out against that foreign power.” We are committed to holding those responsible for advancing covert influence campaigns on behalf of foreign regimes and acting illegally as unregistered foreign agents accountable.

U.S. Attorney Stephanie M. Hinds of the Northern District of California stated, “This case revealed that foreign governments, here the Kingdom of Saudi Arabia (KSA), will bribe insiders to obtain the user information that is collected and stored by our Silicon Valley social media companies.” The Court emphasized in imposing today’s sentence that the defendant shared user information with a foreign government known for its hostility toward dissidents while working with his even more culpable co-defendant, who fled to the Saudi Arabian Arab Republic in order to avoid trial. Insiders who have access to user data are warned by this sentence to protect it, especially from oppressive regimes, or face significant prison time.

According to Assistant Director Alan E. Kohler Jr. of the FBI’s Counterintelligence Division, “this case exposes attempts by the Kingdom of Saudi Arabia to illegally obtain personally identifiable information in order to target critics and dissidents.” By law, anyone working to advance the agenda of a foreign government must register as that country’s foreign agent. Mr. Abouammo flagrantly disregarded this law by utilizing his position at Twitter to not only locate and sell user data but also to launder money through the sale of Saudi royal family gifts. The FBI’s unwavering commitment to preventing foreign governments from stalking, harassing, or intimidating citizens within our borders is demonstrated by his sentence.

Abouammo began receiving bribes from a KSA official as early as December 2014, according to trial evidence. As a Media Partnerships Manager for the Middle East and North Africa (MENA) region, Abouammo worked at Twitter. Abouammo was required by the policies of Twitter to safeguard the information of Twitter users, disclose any conflicts of interest, and report any gifts from individuals whose businesses involved Twitter. However, the evidence presented at trial demonstrated that Abouammo lied to FBI investigators and falsified a document when questioned about the transactions in October 2018, accepting bribes from KSA officials in exchange for accessing Twitter user accounts and relaying information on KSA dissidents and critics to their government officials and the Saudi Royal family. The KSA official was in charge of the “private office” of a member of the royal family who, at the time, was Minister of State, then Minister of Defense and Deputy Crown Prince.

According to the evidence, the foreign official met with Abouammo in December 2014 in London and gave him a high-end Hublot watch. When he put the watch up for sale on Craigslist later, Abouammo mentioned that it was worth $42,000. After the gathering in London, Abouammo started over and again getting to private data about a few Twitter accounts, no less than one of which was the record of a compelling client who was condemning of individuals from the Saudi Regal Family and the KSA government. In addition, Abouammo continued to communicate with a Saudi Arabian official, including regarding the influential critical account. Abouammo’s father opened a bank account in Lebanon in February 2015, and Abouammo was able to access that account, according to evidence presented at trial. The foreign official then deposited $100,000 into the account in February 2015, and Abouammo used small, bogus wire transfers to bring the money into the United States. After Abouammo left Twitter for a different job, the account received an additional $100,000 along with a note from the official expressing regret for the delayed payment.

Abouammo was questioned by FBI agents about his involvement in the scheme with KSA officials at his residence in October 2018. At trial, the evidence showed that Abouammo gave the FBI investigators false information and a false invoice for one of the payments he got from the foreign official.

Judge Chen said that Abouammo’s actions were “serious” and “consequential” when he sentenced him, and that “exposing dissident information is a serious offense.” Abouammo was given a sentence of three years of supervision following his release from prison by Judge Chen, in addition to a sentence of 42 months in prison. issued a $242,000 forfeiture judgment for the watch and cash Abouammo received as bribes; and instructed Abouammo to surrender on March 31, 2023, in order for him to begin serving time in prison.

The case was looked into by the FBI.

Collaborator U.S. Lawyers Colin Sampson and Eric Cheng for the Northern Locale of California and Preliminary Lawyer Christine Bonomo of the Public safety Division’s Counterintelligence and Commodity Control Area arraigned the case, with the help of Beth Margen and Alycee Path.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Cyber Attacks/Data Breaches

Founder of BreachForums, a cybercrime website, got 20 years of supervised release without prison time.

Published

on

By

The founder and operator of BreachForums, Conor Brian Fitzpatrick, received a sentence of time served and 20 years of supervised release for his involvement in running the cyber crime website.

Fitzpatrick, who used the online nickname “pompompurin,” was captured in March 2023 in New York and faced charges of conspiracy to commit access device fraud and possession of child pornography. He was later freed on a $300,000 bond, and in July 2023, he admitted to the charges.

BreachForums was a major online platform for trading stolen data since March 2022. Before it was shut down a year later, the website had over 340,000 members.

The website offered various types of stolen data, such as bank account information, Social Security numbers, personally identifying information (PII), hacking tools, breached databases, and account login information for hacked online accounts with service providers and merchants.

BreachForums also promoted services for accessing victim systems without authorization. The website affected millions of U.S. citizens and hundreds of U.S. and foreign companies, organizations, and government agencies.

Fitzpatrick also ran a “Leaks Market,” where he acted as a trusted intermediary (i.e., escrow) between users on the website who wanted to exchange hacked or stolen data, tools, and other illegal material.

“Fitzpatrick also allegedly operated an ‘Official’ databases section where BreachForums directly sold access to verified hacked databases through a “credits” system managed by the platform,” the U.S. Department of Justice stated.

Court records obtained by DataBreaches.net indicate that Fitzpatrick’s mental health may have influenced his sentence. Prosecutors suggested a 15-year prison term for the defendant a day before sentencing.

The 21-year-old is expected to spend the first two years of supervised release on house arrest with a GPS location tracker and receive mental health treatment. He has also been ordered to avoid using the internet for the first year and register with the state sex offender registration agency in any state where he lives.

The amount of restitution Fitzpatrick has to pay for victims’ losses has not been decided yet. Earlier this month, Fitzpatrick was imprisoned for breaking the terms of his pre-sentencing release by using an unmonitored computer and a virtual private network (VPN).

However, the illegal service did not stop after law enforcement seized the domains in March 2023. In June 2023, BreachForums was revived by the notorious ShinyHunters group, who were previously active on the Raid Forums, the takedown of which led to the launch of BreachForums.

Continue Reading

Cyber Attacks/Data Breaches

Australia, U.K and U.S. have imposed financial penalties on a Russian Hacker for his role in the 2022 cyberattack on Medibank

Published

on

By

A Russian citizen, Alexander Ermakov, who goes by various online aliases, has been sanctioned by the governments of Australia, the U.K., and the U.S. for his involvement in a major cyberattack on Medibank, an Australian health insurance provider, in 2022.

Ermakov is accused of hacking into the Medibank network and stealing and leaking the personal and medical data of about 9.7 million current and former customers of the company. The data breach was carried out by the REvil ransomware gang, which has since ceased operations.

The sanctions prohibit anyone from dealing with Ermakov’s assets, including cryptocurrency wallets or ransomware payments, and impose a travel ban on him. Anyone who violates the sanctions could face up to 10 years in prison.

The U.K. government said the sanctions are part of their efforts to combat the malicious cyber activities of Russia, which threaten the security and prosperity of the U.K. and its allies.

The U.S. Treasury Department also criticized Russia for harboring and supporting cyber criminals who launch ransomware attacks against the U.S. and other countries, targeting their businesses and critical infrastructure. The Treasury Department urged Russia to take action to stop cyber criminals from operating freely in its territory.

“Russian cyber actors continue to launch disruptive ransomware attacks against the United States and allied countries, targeting our businesses, including critical infrastructure, to steal sensitive data,” said Under Secretary of the Treasury Brian E. Nelson.

“This action demonstrates that the United States stands with our partners to disrupt ransomware actors who victimize the backbone of our economies and critical infrastructure,” the Treasury Department said.

Continue Reading

Cyber Attacks/Data Breaches

Reddit hackers are threatening to release the stolen data from the February breach.

Published

on

By

 

 

A cyberattack on Reddit in February, in which the threat actors claimed to have stolen 80GB of data from the company, was carried out by the BlackCat (ALPHV) ransomware gang.

Reddit revealed on February 9 that a phishing attack on an employee on February 5 resulted in the hacking of its systems.

The threat actors were able to access Reddit’s systems through a phishing attack, stealing internal documents, source code, employee data, and limited information about the company’s advertisers.

In a post, Reddit CTO Christopher Slowe, aka KeyserSosa, explained, “After successfully obtaining the credentials of a single employee, the attacker gained access to some internal documents, code, as well as some internal dashboards and business systems.”

“We don’t show any signs of a breach in our primary production systems,” which are the parts of our stack that run Reddit and store most of our data.

However, Reddit stated that neither user passwords nor credit card information nor production systems were compromised.

Reddit did not provide many details about the phishing attack, but they did say that it was similar to a Riot Games phishing attack that allowed hackers to gain access to systems and steal source code for League of Legends (LoL), Teamfight Tactics (TFT), and the Packman legacy anti-cheat platform of the company.

The threat actors demanded $10 million from Riot during the attack to prevent the leak of the stolen data. However, the threat actors attempted to sell the data on a hacking forum for $1 million if a ransom was not paid.


The ALPHV ransomware operation, more commonly referred to as BlackCat, now asserts that it was behind the February 5th cyberattack on Reddit. This information was first discovered by Dominic Alvieri and shared with BleepingComputer.

The threat actors claim to have stolen 80 GB of compressed data from the company during the attack and now plan to leak the data in a “Reddit Files” post on the gang’s data leak site.

The perpetrators of the threat claim that they attempted to get in touch with Reddit twice, on April 13 and June 16, and demanded $4.5 million in exchange for the deletion of the data.
“In my first email, I told them that I would wait for their IPO.” However, this seems like the ideal occasion! We are exceptionally sure that Reddit won’t pay any cash for their information,” compromised the ransomware activity.

“However, I am overjoyed to learn that the public will be able to read about all of the statistics they track about their users as well as all of the fascinating confidential data we collected. Did you know that they also censor users in secret? together with items from their GitHub!”

BleepingComputer has been able to confirm that this is the same attack that was disclosed by Reddit in February, despite the fact that Reddit declined to make any comments regarding BlackCat’s post.

Despite the fact that BlackCat is a group responsible for ransomware, they did not encrypt any devices during this attack.

A similar attack on Western Digital in March 2023, which resulted in a significant outage of the company’s My Cloud cloud service, is thought to have been carried out by the same hacking group.

The Western Digital attack’s perpetrators initially denied having a name, but screenshots of the stolen data were leaked on the ALPHV data leak website, where the perpetrators taunted the company about the attack.

In May, Western Digital sent notifications about data breaches to customers of its online stores, advising them that their data had been stolen during the attack.

Continue Reading

Trending