US extradites French ShinyHunters hacker, faces 123 years in prison
The hacker is believed to be a member of the hacking group known for its spree of data breaches across 2020 and 2021
The US has successfully extradited a French hacker accused of committing cyber crime on behalf of the ShinyHunters group.
Sebastien Raoult, 21, faces a maximum prison sentence of 123 years if found guilty on all charges on his nine-count indictment.
The allegations against him include conspiracy to commit computer fraud and abuse, conspiracy to commit wire fraud, four counts of wire fraud, and three counts of aggravated identity theft for using other people’s login credentials.
Originally arrested in Morrocco last year, Raoult was finally extradited to the US last week and will be kept in detention until April to face his next hearing.
His alleged crimes included hacking into running phishing pages that imitated legitimate businesses to steal login credentials. These were then used to hack into corporate systems and steal information of value.
“Too many bad actors believe they can illegally access proprietary information and personal financial information by hiding behind a keyboard,” said Nick Brown, US attorney for the Western District of Washington.
“FBI Seattle Cyber Task Force and our experienced cyber unit is working diligently to identify, arrest, and prosecute those who seek to victimise people, businesses, and industries in the Western District of Washington and around the world.”
What is the ShinyHunters hacking group?
The ShinyHunters group is believed to have been formed in 2020 and participated in various cyber criminal activities including hacking, phishing, stealing data, and extorting victims.
ShinyHunters’ Twitter profile display picture is set as an image of Umbreon, a Pokémon character, suggesting the name of the group is derived from the game’s task of hunting for rare, shiny creatures.
The group hasn’t been in operation for long, in comparative terms, but it has claimed a large number of successful data breaches, including one on Microsoft in May 2020 which saw the theft of more than 500GB worth of source code from its private GitHub page.
Other notable incidents claimed by ShinyHunters include those affecting Wishbone and Tokopedia, both also in May 2020, Pixlr, Mashable, and Pluto TV.
Unlike its target selection, which never followed any obvious patterns, ShinyHunters’ attack methods were more uniform in nature.
Members would typically steal legitimate login credentials through phishing attacks or buy them on the black market.
Those would then be used to access private information from businesses to steal, sell, and leverage in extortion scenarios.
IT best practices for accelerating the journey to carbon neutrality
Considerations and pragmatic solutions for IT executives driving sustainable IT
Free DownloadThe Total Economic Impact™ of IBM Spectrum Virtualize
Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize
Free downloadUsing application migration and modernisation to supercharge business agility and resiliency
Modernisation can propel your digital transformation to the next generation
Free Download
