We’ve all read about the number of data breaches that have been plaguing the civilized world. In most cases nothing good comes of it and the amount of hassle that it brings for both companies and individuals who have their information compromised is too much for some people. But on occasion something good comes out of one of these data breaches. While this does not make up for all of the bad that comes it is nice to know that cyber criminals are just as vulnerable to this as regular people are and they should probably start to worry.
A Rash of Bomb Scares
In March of 2018 hundreds of schools in the UK and over a thousand schools in the US received bomb threats via Twitter forcing them to be closed as a precaution. If you remember locally here Central York has targeted at this time but appeared to be not related. The group, using aliases, were even bold enough to solicit requests on Twitter. These same bomb threats were called into other places like San Francisco International Airport claiming that an inbound transAtlantic flight was in danger of being hijacked forcing it to be searched and the passengers detained upon its arrival for several hours.
One Down, One Still Free
It did not take long for police to find the person responsible and British teenager George Duke-Cohen was arrested a few days later. He pled guilty to three counts of making bomb threats in December and was sentenced to three years in prison. The problem was that he did not act alone. In September of 2018 a group called Apophis Squad claimed responsibility for the flight indicating that Duke-Cohen did not act alone. He had help and that person was probably in the US.
Of course these people use aliases online to brag about what they had done. Internet Security expert Brian Krebs (whos website was targeted by the group) managed to determine the aliases of the group and helped to figure out the identity of Duke-Cohen. Unfortunately for law enforcement one of the aliases was not used by him and remained a mystery.
Brought Down By Hacked Data
The last alias remained a mystery until January of 2019. Hackers broke into computer game maker Blank Media Games and stole the information of as many as 7.6 million users of their browser-based role playing game called Town of Salem. The information was then sold on the Dark Web. One of the users of the game had an alias that matched the remaining Apophis Squad alias. It was linked to an email address (that was also matched to an Apophis Squad alias) and showed that the individual had registered using a Sprint mobile device and was logging in from North Carolina.
The information available was traced to a 20-year old from Winston-Salem, North Carolina named Timothy Dalton Vaughn. Last week the Justice Department announced that Vaughn had been arrested. If he is convicted of all 11 charges he could face 80 years in federal prison. Duke-Cohen has been charged with 9 federal charges and if extradited and convicted faces 65 years in federal prison.
While the damage that these two individuals cannot be undone just like any damage done to a person following a data breach there is at least a silver lining that cyber criminals can have their information compromised as well. Of course the difference for them is that if they are caught they face jail time rather than just having to spend hours on the phone disputing charges and getting their identity back. It’s a small bit of good news in an otherwise glum subject.