Friend
Professional
- Messages
- 2,667
- Reaction score
- 876
- Points
- 113
The former administrator of the American corporation blocked several hundred servers in order to lure a large ransom from his ex-employer. He was well prepared - in order for his idea to burn out, he first reset the passwords of the administrators' accounts so that they would not interfere with him. But the plan was not fully implemented - the extortionist was caught and they want to throw him in prison for more than 30 years, although he himself is no longer young. By the time of his release, he will be 92 years old.
A crime of cosmic proportions
An ex-engineer for the basic IT infrastructure of a large American corporation was arrested for a successful attempt to hack hundreds of servers of a former employer and demand a ransom from him, writes the Bleeping Computer portal. He managed to block the corporation's administrators from accessing 254 servers running Windows Server. The name of the corporation is not given in the court documents - in them it is designated as "Victim-1".
According to court documents, in November 2023, 57-year-old engineer Daniel Rhyne sent a letter to employees of the company where he previously worked with a warning about the hacking of the corporate network. In the letter, he wrote that he blocked administrators from accessing their accounts and simultaneously deleted all backups so that it was not possible to restore the information.
Ryan also warned that he would disable 40 servers a day if he was not paid 20 bitcoins, which at that time was about $ 750 thousand.
Investigators found that Ryan between November 9 and November 25, 2023, received remote access to the company's computer systems without official permission. In doing so, he used a compromised company administrator account.
After the infiltration, Ryan planned a series of tasks on the controlled domain, all of which involved changing the passwords of administrator accounts. In total, he planned to change passwords in 14 admin accounts and 301 user profiles to "TheFr0zenCrew!"
According to court documents, Rhine also planned password change tasks for two local administrator accounts, which affected 254 servers. In addition, he decided to change the passwords of two more local administrators, which would affect 3,284 workstations on his former employer's network.
But Ryan did not stop there. He entered into the task scheduler the shutdown of random servers for a few days in December 2023
One mistake - and the hacker was
caught Ryan made a mistake on the fact that he used a hidden virtual machine for hacking, to which, as investigators found out, he connected from his personal laptop using a personal account. On his laptop, the history of web surfing was later found - as it turned out, on November 22, 2023, Ryan searched the Web for information on how to delete domain accounts, clear Windows logs and change domain user passwords using the command line.
A week earlier, on November 15, 2023, Ryan performed a similar internet search on his laptopCi. One of his requests made that day was "command prompt to change local admin password", another was "command prompt to remotely change local admin password".
"On November 25, 2023, at approximately 4:00 PM ET, network administrators working at Victim-1 began receiving password reset notifications for the Victim-1 domain admin account, as well as for hundreds of Victim-1 user accounts. Shortly thereafter, Victim-1's network administrators discovered that all other accounts of Victim-1's domain administrators had been deleted, thereby depriving the domain administrator of access to Victim-1's computer networks", the court documents said.
An elderly cybercriminal
An interim outcome of the investigation was the arrest of Rhine, which took place on August 27, 2024, at the time he was 57 years old. However, after the first appearance in court in Kansas City (USA), he was temporarily released from custody, writes Bleeping Computer.
But at the same time, Rhyne was charged with extortion, intentional damage to a computer and wire fraud. If he is found guilty by a court decision, he will face the prospect of spending up to 35 years of his life in prison. This is the maximum punishment that awaits him, not counting a fine of $ 750 thousand, that is, Ryan risks being released at the age of 92.
A crime of cosmic proportions
An ex-engineer for the basic IT infrastructure of a large American corporation was arrested for a successful attempt to hack hundreds of servers of a former employer and demand a ransom from him, writes the Bleeping Computer portal. He managed to block the corporation's administrators from accessing 254 servers running Windows Server. The name of the corporation is not given in the court documents - in them it is designated as "Victim-1".
According to court documents, in November 2023, 57-year-old engineer Daniel Rhyne sent a letter to employees of the company where he previously worked with a warning about the hacking of the corporate network. In the letter, he wrote that he blocked administrators from accessing their accounts and simultaneously deleted all backups so that it was not possible to restore the information.
Ryan also warned that he would disable 40 servers a day if he was not paid 20 bitcoins, which at that time was about $ 750 thousand.
Investigators found that Ryan between November 9 and November 25, 2023, received remote access to the company's computer systems without official permission. In doing so, he used a compromised company administrator account.
After the infiltration, Ryan planned a series of tasks on the controlled domain, all of which involved changing the passwords of administrator accounts. In total, he planned to change passwords in 14 admin accounts and 301 user profiles to "TheFr0zenCrew!"
According to court documents, Rhine also planned password change tasks for two local administrator accounts, which affected 254 servers. In addition, he decided to change the passwords of two more local administrators, which would affect 3,284 workstations on his former employer's network.
But Ryan did not stop there. He entered into the task scheduler the shutdown of random servers for a few days in December 2023
One mistake - and the hacker was
caught Ryan made a mistake on the fact that he used a hidden virtual machine for hacking, to which, as investigators found out, he connected from his personal laptop using a personal account. On his laptop, the history of web surfing was later found - as it turned out, on November 22, 2023, Ryan searched the Web for information on how to delete domain accounts, clear Windows logs and change domain user passwords using the command line.
A week earlier, on November 15, 2023, Ryan performed a similar internet search on his laptopCi. One of his requests made that day was "command prompt to change local admin password", another was "command prompt to remotely change local admin password".
"On November 25, 2023, at approximately 4:00 PM ET, network administrators working at Victim-1 began receiving password reset notifications for the Victim-1 domain admin account, as well as for hundreds of Victim-1 user accounts. Shortly thereafter, Victim-1's network administrators discovered that all other accounts of Victim-1's domain administrators had been deleted, thereby depriving the domain administrator of access to Victim-1's computer networks", the court documents said.
An elderly cybercriminal
An interim outcome of the investigation was the arrest of Rhine, which took place on August 27, 2024, at the time he was 57 years old. However, after the first appearance in court in Kansas City (USA), he was temporarily released from custody, writes Bleeping Computer.
But at the same time, Rhyne was charged with extortion, intentional damage to a computer and wire fraud. If he is found guilty by a court decision, he will face the prospect of spending up to 35 years of his life in prison. This is the maximum punishment that awaits him, not counting a fine of $ 750 thousand, that is, Ryan risks being released at the age of 92.
