<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
    <channel>
        <atom:link href="https://staging.en.ain.ua/tag/frauds/feed/" rel="self" type="application/rss+xml" />
        <title><![CDATA[EN.AIN.UA retest]]></title>
        <link><![CDATA[https://staging.en.ain.ua/]]></link>
                <description><![CDATA[EN AIN]]></description>
        <language>en-US</language>
        <pubDate>Tue, 09 Nov 2021 14:40:09 +0200</pubDate>

                    <item>
                <title><![CDATA[US authorities accuse a 22-year-old Ukrainian of hacking attacks]]></title>
                <link>https://staging.en.ain.ua/2024/05/10/us-authorities-accuse-a-ukrainian-of-hacking-attacks/</link>
                <description><![CDATA[On November 8, 2021, the US Department of Justice announced the detention of 22-year-old Ukrainian Yaroslav Vasinskyi. He is accused of numerous ransomware attacks against US companies, including an attack against the tech company Kaseya, as stated in the official]]></description>
                <author><![CDATA[vd+rss00@empat.tech]]></author>
                <guid isPermaLink="false">us-authorities-accuse-a-ukrainian-of-hacking-attacks</guid>
                <pubDate>Tue, 09 Nov 2021 14:40:09 +0200</pubDate>
                <enclosure url="https://ain-dev.s3.eu-central-1.amazonaws.com/en/2021/11/ac41729f77f39b538a38d731a8148bdc-dark-1024x538.jpg"
                                         />
                                    <category>Countries</category>
                                                    <content:encoded><![CDATA[<p>On November 8, 2021, the US Department of Justice announced the detention of 22-year-old Ukrainian Yaroslav Vasinskyi. He is accused of numerous ransomware attacks against US companies, including an attack against the tech company Kaseya, as <a href="https://www.justice.gov/opa/pr/ukrainian-arrested-and-charged-ransomware-attack-kaseya" rel="nofollow">stated</a> in the official report of the agency.</p>    <ul><li>The agency also announced the seizure of $6.1 million in ransomware payments that had previously been made by victims of the Sodinokibi/REvil attacks.</li><li>Another accused is 28-year-old Russian Yevgeniy Polyanin. According to the indictments, Vasinskyi and Polyanin accessed the internal computer networks of several victim companies and used Sodinokibi/REvil ransomware to encrypt the data on the computers of victim companies. And then, they demanded money in exchange for access to the data. In total, Vasinskyi managed to carry out approximately 2,500 ransomware attacks globally using Sodinokibi/REvil, while Polyanin was responsible for some 3,000 such attacks.</li><li>Vasinskyi has been taken into custody in Poland, where he remains held by authorities pending proceedings in connection with his requested extradition to the United States. Polyanin has been indicted. The ministry thanked the National Police of Ukraine and the Prosecutor General’s Office of Ukraine for their assistance. According to the agency, in Romania, in cooperation with local law enforcement authorities, it has arrested two other Sodinokibi/ REvil actors.</li><li>Many agencies, particularly the FBI, were working to identify the hackers behind the Sodinokibi/REvil attacks. According to the agency, Vasinskyi has spent a lot of time hiding under different names to avoid identification.</li><li>He is particularly accused of attacking the international IT company Kaseya in the summer of 2021. According to court documents, Vasinskyi used Sodinokibi/REvil malware to gain access not only to Kaseya’s network but also to that company’s end-user networks. The malware employed by the accused caused customer data to become encrypted, effectively locking those globally affected clients out of their own systems. About 1,500 businesses were affected during this attack. The total ransom demanded exceeded $70 million.</li><li>Vasinskyi and Polyanin are charged with fraud and money laundering. If convicted of all counts, each faces a maximum penalty of 115 and 145 years in prison, respectively.</li></ul>]]></content:encoded>
                            </item>
                    <item>
                <title><![CDATA[BTC-Alpha, a crypto exchange created by Ukrainians, with a trading volume of $223M, attacked by hackers]]></title>
                <link>https://staging.en.ain.ua/2024/05/10/btc-alpha-attacked-by-hackers/</link>
                <description><![CDATA[The BTC-Alpha cryptocurrency exchange, founded by the Ukrainian Vitalii Bodnar, was attacked by hackers. Vitalii said about it on Facebook and YouTube. He noticed that fraudsters did compromise user data, but they didn’t steal their money. At the moment, BTC-Alpha]]></description>
                <author><![CDATA[vd+rss00@empat.tech]]></author>
                <guid isPermaLink="false">btc-alpha-attacked-by-hackers</guid>
                <pubDate>Thu, 04 Nov 2021 15:43:55 +0200</pubDate>
                <enclosure url="https://ain-dev.s3.eu-central-1.amazonaws.com/en/2021/11/111.png"
                                         />
                                    <category>News</category>
                                                    <content:encoded><![CDATA[<p>The BTC-Alpha cryptocurrency exchange, founded by the Ukrainian Vitalii Bodnar, was attacked by hackers. Vitalii <a href="https://www.facebook.com/vitaliibodnar/posts/5075242525838283" rel="nofollow">said</a> about it on Facebook and <a href="https://www.youtube.com/watch?v=akWvgUnvTZg" rel="nofollow">YouTube</a>. He noticed that fraudsters did compromise user data, but they didn’t steal their money. At the moment, BTC-Alpha is currently unavailable until all details of the attack are figured out.</p>    <h3 class="wp-block-heading">About BTC-Alpha</h3>    <p>The BTC-Alpha cryptocurrency exchange was founded in Ukraine in 2015 and recently belonged to the Coinmarketcap TOP 100 Exchanges (now it is much lower because of understandable circumstances). Its founder and leadership are Ukrainians. However, the company initially was oriented toward Europe and Asia because, when the exchange was founded, the cryptocurrencies were not well developed in Ukraine.</p>    <p>According to BTC-Alpha’s founder Vitalii Bodnar, today, the company negotiates with the Ministry of the Digital Transformation of Ukraine to register in Ukraine as soon as the cryptocurrency law comes in force.</p>    <p>Currently, BTC-Alpha has 365,000 users, but there are not many users from Ukraine among them. <a href="https://coinmarketcap.com/exchanges/btc-alpha/" rel="nofollow">According</a> to Coinmarketcap, the current daily trading volume on BTC-Alpha is $223 million.</p>    <h3 class="wp-block-heading">How the hack became possible</h3>    <p>BTC-Alpha was hacked on November 1, 2021 — just on the 5th anniversary of the company. According to Vitalii, the attack has been well planned over a half-year ago. He also noticed that the attack was performed not through the exchange code (a technical bug) but because of human failure.</p>    <blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow"><p>“They were gunning for our both Ukrainian and foreign employees. As they managed to hack public persons of our company, they sent viruses through their computers directly to our employees, and one of them let this virus in,” explained Vitalii.</p><p>“They were gunning for us long and seriously. A pre-analysis confirmed that enormous resources were spent on this attack to ‘congratulate’ us on our birthday in this way.”</p></blockquote>    <p>“The analysts of BTC-Alpha estimated the cost of this attack about a few hundreds of thousands of dollars. Due to the fast reaction of the team, the attack consequences were minimized: no user funds were stolen, but their user credentials were compromised. “The passwords are hashed, and we don’t store them in an open format,” Bodnar said.</p>    <p>After the attack, the hackers demanded a ransom of 100 BTC for stolen data, but BTC-Alpha refused to negotiate.</p>    <p>Bodnar also admitted that, although BTC-Alpha did not lose any user coin, the attack hardly damaged their reputation. There are still a bunch of unsolved issues that currently do not allow the company to make a full assessment of the damage.</p>    <h3 class="wp-block-heading">What should users do</h3>    <p>The exchange is currently not working; the users can’t access their accounts. It can cause some impatience. But Bodnar assures that all assets are intact. At the moment, all funds have been transferred to the cold wallets to secure them. The access to the users will be re-granted as soon as BTC-Alpha will be online again.</p>    <div class="wp-block-image"><figure class="aligncenter size-large"><img decoding="async" src="https://cdn.ain.ua/ua/2021/11/111-768x549.png" alt=""></figure></div>    <p>After the work of the exchange is back up and running meaning, Bodnar promises to conduct an independent financial audit, which will confirm that the users’ balances coincide with the actual ones in the accounts of the company.</p>    <p>According to Vitalii, the analytical department is continuing to investigate the situation and the security of the platform. Soon it will be known when BTC-Alpha will be able to restore work.</p>]]></content:encoded>
                            </item>
                    <item>
                <title><![CDATA[Ukrainian regulator suspects EverFX, Freshforex, and five other brokers of fraud. A total of 90 companies are on the list]]></title>
                <link>https://staging.en.ain.ua/2024/05/10/ukrainian-regulator-suspects-90-companies-of-fraud/</link>
                <description><![CDATA[The National Commission on Securities and Stock Market has updated the list of investment projects in which Ukrainians are not recommended to invest. Financial initiatives are included in the list if the regulator concludes that they are unreliable and participation]]></description>
                <author><![CDATA[vd+rss00@empat.tech]]></author>
                <guid isPermaLink="false">ukrainian-regulator-suspects-90-companies-of-fraud</guid>
                <pubDate>Fri, 29 Oct 2021 10:00:00 +0300</pubDate>
                <enclosure url="https://ain-dev.s3.eu-central-1.amazonaws.com/en/2021/10/cbc1b63c71be4055fbd8e40fa177b04e-dark-1024x538.jpg"
                                         />
                                    <category>News</category>
                                                    <content:encoded><![CDATA[<p>The National Commission on Securities and Stock Market has updated the list of investment projects in which Ukrainians are not recommended to invest. Financial initiatives are included in the list if the regulator concludes that they are unreliable and participation in them may be fraught with loss of money for investors.</p>    <blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow"><p>According to the National Commission, “the regulator considers it its systemic task to protect the rights and interests of investors, so it constantly researches the market and identifies questionable financial projects. These companies have attracted our attention because they meet the signs of a fictitious investment project, which were developed by the Commission and are publicly available to all citizens on its website.”</p></blockquote>    <p>This time the National Commission added seven projects to the list:</p>    <ul><li><a href="https://global.everfx.com/" rel="nofollow" target="_blank">EverFX</a></li><li><a href="https://freshforex.org/" rel="nofollow" target="_blank">Freshforex</a></li><li><a href="https://trading.royal-trust-group.org/login" rel="nofollow" target="_blank">Royal Trust Group</a></li><li><a href="https://gt-tc.trade/" rel="nofollow" target="_blank">GTTC TRADE</a></li><li><a href="https://finvestings.com/ru" rel="nofollow" target="_blank">FINVESTING</a></li><li><a href="https://lk.tradingplatform.finance/" rel="nofollow" target="_blank">TRADING GLOBAL</a></li><li> <a href="https://limefx.com/" rel="nofollow" target="_blank">LimeFX</a></li></ul>    <p>Currently, the list contains 90 records. Projects that the regulator considers dubious can be found <a href="https://www.nssmc.gov.ua/en/activity/insha-diialnist/zakhyst-investoriv/#tab-2" rel="nofollow">here</a>. You can read about the signs of fictitious investment initiatives <a href="https://www.nssmc.gov.ua/en/activity/insha-diialnist/zakhyst-investoriv/#tab-3" rel="nofollow">here</a>.</p>]]></content:encoded>
                            </item>
                    <item>
                <title><![CDATA[A new mass-fraud scheme is hitting the half-trillion-dollar VC industry, expert says. How to detect and prevent]]></title>
                <link>https://staging.en.ain.ua/2024/05/10/mass-fraud-scheme-is-hitting-the-vc-industry/</link>
                <description><![CDATA[New mass-fraud scheme is hitting the VC industry. One of the best-known venture experts in Ukraine, investor and entrepreneur Denis Dovgopoliy, on his LinkedIn page, has revealed what are now informally called “gray” and “black” schemes and are already popular in the]]></description>
                <author><![CDATA[vd+rss00@empat.tech]]></author>
                <guid isPermaLink="false">mass-fraud-scheme-is-hitting-the-vc-industry</guid>
                <pubDate>Thu, 28 Oct 2021 16:20:27 +0300</pubDate>
                <enclosure url="https://ain-dev.s3.eu-central-1.amazonaws.com/en/2021/10/5e8023b3f0bb28e6f6411b141eb6127a-dark-1024x538.jpg"
                                         />
                                    <category>News</category>
                                                    <content:encoded><![CDATA[<p>New mass-fraud scheme is hitting the VC industry. One of the best-known venture experts in Ukraine, investor and entrepreneur Denis Dovgopoliy, on his LinkedIn page, has <a target="_blank" href="https://www.linkedin.com/pulse/half-trillion-dollar-venture-capital-industry-has-big-dovgopoliy/" rel="nofollow">revealed</a> what are now informally called “gray” and “black” schemes and are already popular in the US and Western Europe but only starting to hit in Ukraine and neighboring countries. </p>    <p>He also named three old ones that were popular back in the 2000s. <a href="https://ain.ua" rel="dofollow">AIN.UA</a> shares his insights.</p>    <hr class="wp-block-separator is-style-dots">    <h2 class="wp-block-heading">Ye olde schemes</h2>    <p>Back in 2005, when Dovgopoliy came to the industry, there were only three main types of scammers, he says.</p>    <ol><li>Scammers who tried to sell a non-existent startup or a startup with a non-existent product, but the existing methodologies du jour cut off most such attempts.</li><li>Pseudo investors sent startups for overpriced audits to a related auditing company. Understandably, after such an audit, a negative decision was made about the investment.</li><li>Raiding companies and using startups and venture capital firms to launder criminally obtained money. </li></ol>    <blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow"><p>“Over the years, the industry has adopted these risks. Entrepreneurs and investors who understand the rules of the game have learned to mitigate such risks. But new times call for new solutions,” says Denis Dovgopoliy.</p></blockquote>    <h2 class="wp-block-heading">New mass-fraud scheme is hitting the VC industry</h2>    <p>Entrepreneurs and consultants who helped funds do the due diligence and raise money for startups (one of those are Denis himself) encountered a new kind of fraud that split into two independent lines — they called them “gray” and “black” schemes.</p>    <h3 class="wp-block-heading">Details of the Gray scheme</h3>    <p>The startup pays for a consulting or advertising contract, which, minus a commission, it begins to receive in the form of revenue. Thus, the conditional $50,000 returns in the form of $30,000-$40,000 ARR multiplied at round A industry multiplier (7-15x). That means, for the $50,000-$100,000 startup can get an additional $1 million in valuation. That said, the execs know how to manage the churn of the project.</p>    <p>This scheme works for both b2b and b2c startups with checks from $20 to $100 for a monthly or annual payment.</p>    <blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow"><p>“The case is an apparent fraud on the investor who determines or confirms the startup’s valuation at the investment round. We found a company that tried to add +$4M to their valuation this way,” says Dovgopoliy.</p></blockquote>    <h3 class="wp-block-heading">Details of the Black scheme</h3>    <p>The second scheme is more unpleasant. It implies that for $50,000, you can get up to $300,000 in such proceeds, but then the money will come in either from stolen cards or cards from risky countries. </p>    <blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow"><p>“Such a scheme falls ultimately under AML law and is 100% criminal. It can be determined by having access to the startup’s billing during due diligence,” says Dovgopoliy. </p></blockquote>    <h3 class="wp-block-heading">How to detect the scheme</h3>    <p>Both schemes can be detected by picking out the cluster of paying clients who do not use the service at all – scammers can easily automate the creation of new accounts, payments, including recurring ones. Still, they cannot imitate the usage of the startup’s product at the moment. Moreover, the second scheme sometimes has a high payback request. </p>    <blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow"><p>“We managed to find more than 20 startups that have suspicious signs in two months. There are checks on them, and even two forensics goes,” Dovgopoliy shares. “At the moment, we have already managed to find two independent contractors for such schemes.”</p></blockquote>    <p>Experts are now trying to understand the scale of this kind of fraud on the market. It is yet unclear what damage those schemes have already done.</p>]]></content:encoded>
                            </item>
                    <item>
                <title><![CDATA[SSU exposes criminals laundering tens of millions of dollars through the Dark Web]]></title>
                <link>https://staging.en.ain.ua/2024/05/10/ssu-exposes-criminals-laundering-money-through-the-dark-web/</link>
                <description><![CDATA[The SSU Cyber Security Department and US intelligence agencies conducted a joint operation to expose Ukrainians who were engaged in money laundering through the Dark Web and legalized tens of millions of dollars over the course of their activities. According]]></description>
                <author><![CDATA[vd+rss00@empat.tech]]></author>
                <guid isPermaLink="false">ssu-exposes-criminals-laundering-money-through-the-dark-web</guid>
                <pubDate>Wed, 27 Oct 2021 14:16:58 +0300</pubDate>
                <enclosure url="https://ain-dev.s3.eu-central-1.amazonaws.com/en/2021/10/a6744527ae4a01409344658fc6c8a631.jpg"
                                         />
                                    <category>News</category>
                                                    <content:encoded><![CDATA[<p>The SSU Cyber Security Department and US intelligence agencies conducted a joint operation to expose Ukrainians who were engaged in money laundering through the Dark Web and legalized tens of millions of dollars over the course of their activities. <a href="https://ssu.gov.ua/en/novyny/kiberfakhivtsi-sbu-ta-spetssluzhby-ssha-vykryly-zlochyntsiv-yaki-vidmyly-desiatky-milioniv-dolariv-z-darknet" rel="nofollow">According</a> to the SSU, the criminals’ clients were hackers engaged in cyber theft.</p>    <figure class="wp-block-image size-large"><img decoding="async" src="https://cdn.ain.ua/ua/2021/10/cd09b2c3f0c9ba2b96de0c91715c9177.jpg" alt=""><figcaption>Photo credit: <a href="https://ssu.gov.ua/en/novyny/kiberfakhivtsi-sbu-ta-spetssluzhby-ssha-vykryly-zlochyntsiv-yaki-vidmyly-desiatky-milioniv-dolariv-z-darknet" rel="nofollow">SSU</a></figcaption></figure>    <p>To get money, the criminals organized a large-scale scheme. They used different nicknames on the Dark Web, had many fictitious persons, and worked through various financial services.</p>    <p>The clients of the criminals were hackers engaged in cyber theft who wanted to take the stolen money in cash; for example, criminals who hacked into the bank accounts of companies around the world and took the victims’ virtual money.</p>    <p>Furthermore, these individuals made and sold flash drives with malware that hacked digital wallets and stole cryptocurrency from them.</p>    <figure class="wp-block-image size-large"><img decoding="async" src="https://cdn.ain.ua/ua/2021/10/0069fcf90683a4660cb7a7b0eb7fe160.jpg" alt=""><figcaption> Photo credit: <a href="https://ssu.gov.ua/en/novyny/kiberfakhivtsi-sbu-ta-spetssluzhby-ssha-vykryly-zlochyntsiv-yaki-vidmyly-desiatky-milioniv-dolariv-z-darknet" rel="nofollow">SSU</a> </figcaption></figure>    <p>The SSU arrested the criminals in Mykolaiv in international cooperation with the US authorities. As a result of searches, the law enforcement officers seized from the perpetrators:</p>    <ul><li>Computer equipment with evidence of illegal activities</li><li>Malicious software and hardware</li><li>Draft notes and cash</li></ul>    <p>The investigators are now analyzing the obtained evidence to bring criminal charges against all responsible persons, including foreign beneficiaries of the frauds.</p>]]></content:encoded>
                            </item>
                    <item>
                <title><![CDATA[Ukrainian company scammed for $63,000 by Romanian website developer]]></title>
                <link>https://staging.en.ain.ua/2024/05/10/ukrainian-company-scammed-for-63k-by-romanian-developer/</link>
                <description><![CDATA[Back in 2019, a big chain of clothing boutiques, Ultrashop, ordered a design of an online store from the company Starsoft Europe. There was a payment of more than ₴1.7 million (approx. $63,000), but there were no replies from the]]></description>
                <author><![CDATA[vd+rss00@empat.tech]]></author>
                <guid isPermaLink="false">ukrainian-company-scammed-for-63k-by-romanian-developer</guid>
                <pubDate>Tue, 07 Sep 2021 16:57:49 +0300</pubDate>
                <enclosure url="https://ain-dev.s3.eu-central-1.amazonaws.com/en/2021/09/acca80c7a38b826dd5e26cfb7e11e774-dark-1024x538.jpg"
                                         />
                                    <category>Countries</category>
                                                    <content:encoded><![CDATA[<p>Back in 2019, a big chain of clothing boutiques, Ultrashop, ordered a design of an online store from the company Starsoft Europe. There was a payment of more than ₴1.7 million (approx. $63,000), but there were no replies from the other party. The related cases are in the courts now. AIN.UA presents the situation in detail.</p>    <hr class="wp-block-separator is-style-dots">    <p>Ultrashop is a chain of brand boutiques that together with mono-brand boutiques of Levi’s, Guess, Baldinini, Karl Lagerfeld, Boss, and Hugo constitute Ultra Group based in Odesa. On the 21st of May 2019, one of the group’s legal entities, EOST Inc., concluded an agreement with the Romania-based company Starsoft Europe to create a web store branded as Ultrashop. The court documents do not mention the name of the Israeli citizen residing in Germany who was concluding the agreement from Starsoft’s side.</p>    <p>According to the Unified State Register of Legal Entities of Ukraine, Odesa-based Starsoft, LLC belongs to Martin Shein. Additionally, according to the register of pre-court decisions, he is a suspect in the other case, and he should be held in custody during the court process:</p>    <figure class="wp-block-image size-large"><img decoding="async" src="https://cdn.ain.ua/ua/2021/09/star1.jpg" alt=""></figure>    <p>According to the files of the case, the implementation of the online store was split into stages, and deliverables should have been presented to the client. Moreover, the company was supposed to deliver the finished online store by November 20, 2019. The representative of Starsoft received payment from EOST Inc. for the development of the store from May to August 2019, with <strong>a total amount of ₴1,745,939</strong> (confirmed by the representative’s receipts).</p>    <p>According to the investigation materials, the second party had no intent to fulfill its part of the agreed obligations and was imitating the online store’s coding work. In May 2019, Starsoft’s CEO gave his order to the UI/UX designer, SEO specialists, and a project manager to develop a website concept, its ad policies, and a project task list. Nonetheless, two technical leads were not receiving any orders to write program code for the store during the period from May to August 2019.</p>    <p>Meanwhile, Starsoft’s representatives were showing the client some pieces of work done from the online store, including the interface’s graphic elements, ad policies, project tasks, claiming that the work on the store was going and it would be delivered in time. EOST Inc. was transferring money as follows: ₴436,323 in May 2019, ₴435,315 in June 2019, and ₴426,649 and ₴420,352 in August.</p>    <p>Meanwhile, Starsoft’s management had left Ukraine and was not communicating since then. The developers who were supposed to work on the project were not receiving salaries, and all had quit by October 2019. Starsoft’s management was not paying the rent since September 2019. In September 2019, the representatives of EOST Inc. had checked the progress of work, and there was less than 5% of completion. Whereas according to the agreement, there should have been 75% of the project done. As of November 30, 2019, the end date stated in the Agreement, the online store was still not delivered to the client.</p>    <p>The total amount of material losses of EOST company was ₴1,745,939.</p>    <p>In August 2020, investigators from the Investigations Unit of the Primorsky Police Department drew up a report regarding suspected fraud by the management of Starsoft. Several members of the company were put on the international wanted list, and as of March 2021, it was established that (presumably) Martin Shein was in Bogota, Colombia. He was detained for extradition to Ukraine.</p>    <p>The case is being investigated: the last court hearing <a href="https://reyestr.court.gov.ua/Review/99196128" rel="nofollow">took place</a> on August 27, 2021. No verdict has been issued yet.</p>]]></content:encoded>
                            </item>
                    <item>
                <title><![CDATA[Ukrainian generates Xbox gift cards for $10M and sells them on eBay – the story of a big scam]]></title>
                <link>https://staging.en.ain.ua/2024/05/10/ukrainian-generates-xbox-gift-cards-for-10m-and-sells-them-on-ebay/</link>
                <description><![CDATA[The Xbox gift card is a 25-character code that adds a certain amount of money in dollars to the user’s wallet after its activation. This money can be spent on any of the company’s products – video games, Office and]]></description>
                <author><![CDATA[vd+rss00@empat.tech]]></author>
                <guid isPermaLink="false">ukrainian-generates-xbox-gift-cards-for-10m-and-sells-them-on-ebay</guid>
                <pubDate>Tue, 06 Jul 2021 13:05:43 +0300</pubDate>
                <enclosure url="https://ain-dev.s3.eu-central-1.amazonaws.com/en/2021/07/xbox.jpg"
                                         />
                                    <category>Investigations</category>
                                                    <content:encoded><![CDATA[<p>The Xbox gift card is a 25-character code that adds a certain amount of money in dollars to the user’s wallet after its activation. This money can be spent on any of the company’s products – video games, Office and Windows software, etc.</p>    <p><a target="_blank" href="https://www.bloomberg.com/features/2021-microsoft-xbox-gift-card-fraud/" rel="nofollow">According</a> According to Bloomberg, these gift codes were often sold on reseller markets at a lower price. This reselling phenomenon can be traced to Volodymyr Kvashuk, a Ukrainian who lived in the US and, being a Microsoft employee, had unlimited access to the generation of such codes.</p>    <hr class="wp-block-separator is-style-dots">    <h3 class="wp-block-heading">Testing of the payment system did find glitches</h3>    <p>Volodymyr Kvashuk moved to the United States and got a job at Microsoft in 2017. Among his job duties was to test the payments system in the company’s stores. He “bought” a Dell laptop on the website, paid for it with a faux credit card, and documented errors. The system made the purchase and sent notifications, but the money was not debited, and the order was not shipped. After all, all these actions were only necessary to test the system.</p>    <p>In the winter of 2017, Kvashuk found that unlike buying physical products, every time he checked gift card purchases, the Microsoft Store sent real gift codes. The money was still not deducted, and the tester could generate an almost unlimited number of cards.</p>    <p>He realized that his team’s experimental accounts were programmed only to prevent them from sending fake purchases of physical goods such as PCs, tablets, keyboards, etc. Microsoft simply didn’t plan for its digital retail testers to order Xbox gift cards on the job. Kvashuk could have reported the vulnerability to his management, but instead, he started reselling them.</p>    <h3 class="wp-block-heading">Underground business affecting global prices for the gift cards</h3>    <figure class="wp-block-image size-large"><img decoding="async" src="https://cdn.ain.ua/ua/2021/07/image-1.png" alt=""></figure>    <p>Kvashuk started small, generating Xbox cards in increments from $10 to $100. But by the time federal agents arrested him almost two years later, he had stolen more than 152,000 Xbox gift cards, worth $10.1 million, and was living off the proceeds in a lakefront home with plans to buy a ski chalet, yacht, and seaplane.</p>    <p>In January 2018, Kvashuk built a computer program, PurchaseFlow.CS, to sell a really large number of gift cards. With a few clicks in the app, he could select a gift card denomination (30, 75, 100), the currency output (USD, EUR, GBP), and the desired number of purchases. Prosecutors later said the program was “created for one purpose, and one purpose only: to automate embezzlement and allow fraud and theft on a massive scale.”</p>    <p>At one point, Kvashuk reached such volumes that prosecutors said it began to influence global price fluctuations for Xbox gift cards on reseller markets. When prices dropped too low because of an oversupply of codes on the market, he would stop in the hope the lack of product would push the market upward.</p>    <p>Kvashuk bought a red Tesla Model S for $162,899 and then a modern house for $1.675 million. He explained his expenses are disproportionate to the income he earned by investing in cryptocurrencies.</p>    <h3 class="wp-block-heading">Microsoft knew about the scam but couldn’t figure out the scammer</h3>    <p>Kvashuk was very careful. Usually, he and his colleagues switched between a couple of fake profiles that they registered in the Microsoft store. To conceal his identity, Kvashuk figured out his colleagues’ passwords and used their test logins. Also, he masked his Internet traffic by routing it through servers in Japan and Russia.</p>    <p>But in February 2018, Microsoft’s Fraud Investigation Strike Team noticed an unexplained spike in online purchases using gift card codes that was about double normal redemption levels. Investigators assumed that the hack came from an “external bad actor” but soon realized that it was an inside job.</p>    <p>In March, corporate investigators traced the irregular activity to two internal test accounts assigned to Microsoft sales employees. The accounts, they learned, had already gobbled up almost $8 million in codes that were selling on the reseller markets.</p>    <p>Investigators questioned the employees behind those test accounts, who seemed like stunned victims, not perps. Microsoft determined that a testing program called Fiddler, which employees used to file bug reports, contained data divulging tester logins. Anyone with Fiddler access could have hacked the accounts.</p>    <p>The company soon discovered that one of Kvashuk’s accounts had bought three <a href="https://recruitika.com/companies/nvidia/" rel="dofollow">Nvidia</a> graphics cards that had been shipped to a non-existent address. When asked whether he used the test accounts to generate codes, Kvashuk admitted to redeeming about 600 of them, but only for buying movies from the Microsoft store. Four weeks later, Microsoft fired Kvashuk.</p>    <h3 class="wp-block-heading">FBI, searches, and jail</h3>    <p>For a seemingly sophisticated engineer, Kvashuk had made many mistakes. Although he cloaked his address through international servers, he used the same Linux-based computer with the same outdated version of the Firefox browser to commit the theft. In addition, the Microsoft Office license he bought at the start of his scam was registered to an administrative account for SearchDom, his startup. This circumstantial evidence allowed Microsoft to link him to the crime.</p>    <p>Soon, federal agents, who had conducted their own investigation into Kvashuk after Microsoft referred the case to them, searched his home and found a lot of incriminating evidence, such as crypto wallet keys, notebooks with bank account information, USB drives stuffed with stolen codes, and lots of cash.</p>    <p>The agents also found a list of Kvashuk’s future investments. The list was written in Ukrainian and was titled: “How I will manage my next 10 million.”</p>    <figure class="wp-block-image size-large"><img decoding="async" src="https://assets.bwbx.io/images/users/iqjWHBFdfxIU/idHeyKDXk0GU/v0/720x-1.jpg" alt=""><figcaption>Image: <a href="https://www.bloomberg.com/features/2021-microsoft-xbox-gift-card-fraud/" rel="nofollow" target="_blank">Bloomberg</a></figcaption></figure>    <p>In February 2020, federal prosecutors from the Western District of Washington brought Kvashuk to trial for money laundering, identity theft, mail fraud, and filing false tax returns.</p>    <p>Kvashuk’s attorneys argued that their client did not intend to defraud anyone. He generated the gift card codes to help the company because the more free gifts Xbox gave away, the more popular the platform would be, which would increase overall costs.</p>    <p>The judge and jury found his defense ridiculous and <a href="https://www.justice.gov/usao-wdwa/pr/former-microsoft-software-engineer-convicted-18-federal-felonies-stealing-more-10" rel="nofollow">declared</a> him guilty on all counts. He’s likely to be deported back to Ukraine after serving time in prison until March 2027 and will have to pay back $8.3 million.</p>]]></content:encoded>
                            </item>
                    <item>
                <title><![CDATA[Hackers who stole $2.5 billion from European banks exposed in Ukraine]]></title>
                <link>https://staging.en.ain.ua/2024/05/10/cyber-police-exposes-hackers-who-stole-2-5-billion/</link>
                <description><![CDATA[The Cyber Police has exposed a transnational hacker group, which had been spreading the computer virus EMOTET. According to the statement by the Ministry of Internal Affairs’ (MIA) press office, this virus has caused $2.5 billion in damage to American and European]]></description>
                <author><![CDATA[vd+rss00@empat.tech]]></author>
                <guid isPermaLink="false">cyber-police-exposes-hackers-who-stole-2-5-billion</guid>
                <pubDate>Thu, 28 Jan 2021 15:20:34 +0200</pubDate>
                <enclosure url="https://ain-dev.s3.eu-central-1.amazonaws.com/en/2021/01/208efbaa-a84c-4fac-8dd2-f22eeffa91bb-1024x538.jpg"
                                         />
                                    <category>News</category>
                                                    <content:encoded><![CDATA[<p>The Cyber Police has exposed a transnational hacker group, which had been spreading the computer virus EMOTET.</p>    <p>According to the <a target="_blank" href="https://mvs.gov.ua/ua/news/38267_Kiberpoliciya_vikrila_transnacionalne_ugrupovannya_hakeriv_u_rozpovsyudzhenni_naynebezpechnishogo_v_sviti_kompyuternogo_virusu_EMOTET.htm" rel="nofollow">statement</a> by the Ministry of Internal Affairs’ (MIA) press office, this virus has caused $2.5 billion in damage to American and European banks and financial institutions.</p>    <hr class="wp-block-separator is-style-dots">    <h3 class="wp-block-heading"><strong>How the scheme worked</strong></h3>    <figure class="wp-block-image size-full"><img loading="lazy" decoding="async" width="1152" height="864" data-attachment-id="814588" data-permalink="https://en.ain.ua/2021/01/28/cyber-police-exposes-hackers-who-stole-2-5-billion/4cdbc5ea-9e27-41f4-8358-dc02189d9092/" data-orig-file="https://cdn.ain.ua/en/2021/01/4cdbc5ea-9e27-41f4-8358-dc02189d9092.jpg" data-orig-size="1152,864" data-comments-opened="1" data-image-meta='{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}' data-image-title="4cdbc5ea-9e27-41f4-8358-dc02189d9092" data-image-description="" data-image-caption="" data-medium-file="https://cdn.ain.ua/en/2021/01/4cdbc5ea-9e27-41f4-8358-dc02189d9092-800x533.jpg" data-large-file="https://cdn.ain.ua/en/2021/01/4cdbc5ea-9e27-41f4-8358-dc02189d9092-1024x538.jpg" src="https://cdn.ain.ua/en/2021/01/4cdbc5ea-9e27-41f4-8358-dc02189d9092.jpg" alt="" class="wp-image-814588" srcset="https://cdn.ain.ua/en/2021/01/4cdbc5ea-9e27-41f4-8358-dc02189d9092.jpg 1152w, https://cdn.ain.ua/en/2021/01/4cdbc5ea-9e27-41f4-8358-dc02189d9092-768x576.jpg 768w" sizes="(max-width: 1152px) 100vw, 1152px"></figure>    <p>As <a target="_blank" href="https://www.gp.gov.ua/ua/news?_m=publications&amp;_c=view&amp;_t=rec&amp;id=287756&amp;fbclid=IwAR2JQbZP5Qq_02g6EVfhYN21ib-AVJyidmppDPJiacVfDq0FHxYoVSWzTC8" rel="nofollow">reported</a> by the Attorney General’s Office, since 2014, a group of Ukrainian hackers using a piece of malware, the so-called encryption virus (“banking Trojan”), designed to steal personal data (passwords, logins, and payment details), has carried out massive interferences in the functioning of servers of both private and state-run banking institutions.</p>    <p>EMOTET’s infrastructure included servers around the world and was effectively a botnet. The “virus” was spread via spam mailouts, Word documents, Excel tables, and email messages.</p>    <p>After penetrating the target software, the virus used the “infected” device for further spamming, as well as install additional viruses. Consequently, the malware stole users’ personal data, including passwords, logins, browsing history, payment and banking details, etc. Later on, the perpetrators would transfer the money to their controlled accounts.</p>    <h3 class="wp-block-heading"><strong>Simultaneous searches in eight countries</strong></h3>    <figure class="wp-block-image size-full"><img loading="lazy" decoding="async" width="1280" height="958" data-attachment-id="814590" data-permalink="https://en.ain.ua/2021/01/28/cyber-police-exposes-hackers-who-stole-2-5-billion/285fe858-e3e6-43c8-8da0-363eafee0e2d/" data-orig-file="https://cdn.ain.ua/en/2021/01/285fe858-e3e6-43c8-8da0-363eafee0e2d.jpg" data-orig-size="1280,958" data-comments-opened="1" data-image-meta='{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}' data-image-title="285fe858-e3e6-43c8-8da0-363eafee0e2d" data-image-description="" data-image-caption="" data-medium-file="https://cdn.ain.ua/en/2021/01/285fe858-e3e6-43c8-8da0-363eafee0e2d-800x533.jpg" data-large-file="https://cdn.ain.ua/en/2021/01/285fe858-e3e6-43c8-8da0-363eafee0e2d-1024x538.jpg" src="https://cdn.ain.ua/en/2021/01/285fe858-e3e6-43c8-8da0-363eafee0e2d.jpg" alt="" class="wp-image-814590" srcset="https://cdn.ain.ua/en/2021/01/285fe858-e3e6-43c8-8da0-363eafee0e2d.jpg 1280w, https://cdn.ain.ua/en/2021/01/285fe858-e3e6-43c8-8da0-363eafee0e2d-768x574.jpg 768w" sizes="(max-width: 1280px) 100vw, 1280px"></figure>    <p>The Cyber Police, along with local law enforcement agencies, has conducted simultaneous searches in Ukraine, the Netherlands, Germany, France, Lithuania, Canada, the USA, and the UK.</p>    <p>As a result, the enforcers seized server equipment, computer hardware, and data storage media containing information about the companies targeted by the cyber-attacks. Banking cards, money, and secret ledgers with passwords, logins, and keys to services were also seized.</p>    <p>“Criminal proceedings are being conducted under Art. 361 (Unauthorized interference in the functioning of computers, automated systems, computer networks, or telecommunication networks), Art. 361-1 (Creation of malicious software or hardware with the purpose of usage, distribution, or sale), and Art. 190 (Fraud) of the Criminal Code of Ukraine. The attackers face up to 12 years of imprisonment, with confiscation of property,” the MIA comments.</p>    <p>Now, the activity of the EMOTET network, which was distributed across more than 90 servers in many countries, is completely blocked.</p>]]></content:encoded>
                            </item>
            </channel>
</rss>
