Often news stories focus on the harm caused by international cybercriminals who target the U.S., however, sometimes U.S. based cybercriminals target international victims. Two recent cases highlight that cybercriminals can strike anytime and anywhere.
Last month, 37 year-old Asu Pala, from New Hampshire, was sentenced to 82 months in U.S. Federal Court for his role in a complex scheme to steal money from victims in Europe. Pala’s scheme was managed from 2003 to 2007 and infected German citizens’ computers with a virus that forced the computers’ modems to secretly dial premium telephone numbers rented from German telephone companies by Pala’s co-conspirators. The premium telephone lines operated like 1-900 numbers. Telephone companies charged callers for added expenses on top of standard connection fees and sent a portion of the added expenses to Pala’s co-conspirators who had rented the phone lines. Most of the victims were unaware that their modems were calling these numbers. Many did not notice the small charges on their phone bills and simply paid the cost. This is typical of many cybercrime schemes, which steal small amounts from a large pool of victims. The crime often unnoticed by the victim due to the small amount. The significance of the harm is only realized once the full number of victims is known.
Another U.S. based cybercriminal, Jesse William McGraw, was sentenced in Texas earlier this month to 110 months on each of two counts for his role in attempting to create a Bot network from the computers at the hospital where he worked. During his 11:00 p.m. to 7:00 a.m. shift as a security guard, McGraw gained physical access to more than 14 computers including a nurses station and the climate control system for the hospital. McGraw installed, or transmitted, a program to the computers that allowed him to remotely access the computers. McGraw later admitted that he intended to use the Bots to launch denial of service (DDOS) attacks on rival hacker groups. McGraw boldly made a video recording of what he called his “botnet infiltration.” While the theme of “Mission Impossible” played, McGraw described step by step his method of accessing a computer and installing a malicious program. McGraw ignored the risk that his actions could have had very harmful effects on patients at the hospital. Potential risks included affecting treatment services or possibly even disclosing personal patient records.
The schemes of these two U.S. cybercriminals are strong evidence that cybercriminals can strike anytime and anywhere. It is reassuring that law enforcement successfully investigated and prosecuted both criminals. However, their crimes highlight that cybercriminals act without concern for their victims harm. Even the physical safety of innocent hospital patients did not deter a cybercriminal like McGraw. This is just a reminder of the danger of cybercrime and the need to always maintain good cybersecurity practices.