Hacker Sent to Prison for Selling UPMC Employee Data on The Dark Web
A Michigan man received a seven-year prison sentence on October 18. Justin Johnson, 30, got incarcerated for hacking into UPMC databases. Johnson stole data of over 65000 employees during the attack in 2014. He later sold the data on the dark web.
Mark Hornak, U.S. District Chief, presided over the case. Hornak imposed a maximum sentence against Johnson. He got charged with conspiracy to defraud the state. In addition to that, he got accused of aggravated identity theft. Accordingly, Johnson pled guilty to only two of the forty-three allegations in May.
So, How Did He Get Access to The UPMC Database
Stephen R. Kaufman, acting U.S. Attorney, commented on the issue. Kaufman revealed Johnson's darknet account names. He claimed that Jonson operated under the names "TheDeathStar" and "Dearthy Star" in the dark market.
Moreover, he claimed that Johnson breached and hacked into the UPMC human resources server databases. The attack took place in 2013 and 2014. Johnson stole sensitive data, including personal identification information. I addition to that, he also stole W-2s.
In early December 2013, Johnson breached UPMC's database. He gained access by hacking Oracle PeopleSoft. Oracle PeopleSoft is UPMC'S human resource management system.
During the attack, Johnson ran a test query on the compromised HR database. This gave him access to the PII of roughly 23,500 UPMC employees.
The attack went on between January 21 and February 14, 2014. Jonson queried the system several times a day. He manages to steal the PII of thousands of UPMC workers.
Selling UPMC Employee Data on The Dark Web
After stealing data from more than 65000 UPMC employees, Johnson sold the data. He traded the information in the dark market. Johnson advertised the data in several black market forums.
Conspirators purchased the data using cryptocurrency. The cybercriminals then used the information to file false tax returns. According to reports, the conspirators filed 1040 fake tax returns using staff data.
The dark web and cryptocurrency have features that ensure user anonymity. This makes it hard for anyone to track your online traffic. Therefore, cybercriminals prefer them to trade in the dark web. Moreover, you can only access the darknet through special networks like Tor.
Investigations On the Issue and the prison sentence
Several law enforcement agencies investigated the case. These include the U.S. Secret Service, U.S. Postal Service, and IRS. It took them almost five years to work on the case.
According to the investigators, Johnson also stole non-UPMC data. He traded almost 90,000 extra sets of PII to buyers in the dark market. Cybercriminals can commit identity theft and bank fraud using the information.
The agencies arrested Yoandy Perez Llanes, one of the co-conspirators. He got arrested in Venezuela. Llanes pled guilty in Pittsburgh in 2017.
The Damage Done by Dark Web Hackers
According to Kaufman, the attack resulted in almost $1.7 million in false tax return refunds. He also added that "Today's sentence sends a deterrent message that hacking has serious consequences."
Yury Kruty, Acting Special Agent in Charge of IRS-Criminal Investigation, also commented on the issue. Kruty said, "The actions of criminals like Justin Johnson can have long-lasting and devastating effects on the lives of innocent people."
Do you find this content interesting?
This is just a MIRROR ! Find us via our Main TOR domain
And Let us know by leaving a comment and a rating.
Also, don't forget to follow our Official Telegram Channel to stay informed and safe by Reading NOIRdotNEWS