Wednesday, June 19, 2024

Cyber Criminals Hacked Major U.S. Mortgage Company Computer Servers to Steal Sensitive Data – FBI

A Team of 4 Hackers who are resided in San Diego Infiltrated the Mortgage Company Computer Servers to steal the sensitive data between 2011 – 2014.

The Stolen information including loan application information from thousands of customers such as Social Security numbers, addresses, dates of birth, and driver’s license numbers and use it for various malicious activities.

Also Read: Attackers Distributing Dangerous Malware via YouTube to Steal Passwords

Hackers Used Fuzzing Technique

John Bade, A chief Hacker and one of the masterminds of this hacking Group compromise the mortgage companies using a well known common hacking technique called Fuzzing.

Fuzzing helps to overload a web server with massive amounts of data that can lead to the server revealing security loopholes.

In this case, “Once Baden had access to victims’ information, he and his conspirators, Victor Fernandez, Jason Bailey, and Joel Nava, went to work. Fernandez—the group’s ringleader—identified multiple victims’ brokerage accounts and took control of them by calling the companies and providing the victims’ personal information to change passwords and contact information. “

25,000 Compromised Victims

Later they will transfer the funds to an account that controlled by the Hackers form the victims account and sometimes they transferred up to $30,000.

Spoke Person from FBI said, Victims stretched from California to Florida, and one individual lost nearly $1 million in the scheme.

In this case, more than 25,000 victims were compromised by this hackers and FBI believes that it could be more than we expected and its impossible to calculate since There was so much retail fraud over such a long period of time.

“Investigators worked backward from the mortgage company, eventually identifying the hack—and the hackers. By that time, Baden was hiding in Mexico. In 2014, he was named to the San Diego FBI’s Most Wanted Cyber Fugitives list, and the reward offered in the case eventually led to his capture in Mexico, Christopherson said.”

According to FBI,  All four Hackers pleaded guilty to their roles in the fraud scheme. In 2015, Baden was sentenced federally to nine years in prison. In January 2018, Fernandez was sentenced to more than 10 years in prison. Bailey received a sentence of more than five years, and in February 2018, Nava was the last subject to be sentenced, to 44 months in prison.

Website

Latest articles

Amtrak Data Breach: Hackers Accessed User’s Email Address

Amtrak notified its customers regarding a significant security breach involving its Amtrak Guest Rewards...

Chrome Security Update – Patch for 6 Vulnerabilities

Google has announced a new update for the Chrome browser, rolling out version 126.0.6478.114/115...

Hackers Weaponize Windows Installer (MSI) Files to Deliver Malware

Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by a threat actor group,...

Hackers Using VPNs To Exploit Restrictions & Steal Mobile Data

Hackers are offering "free" mobile data access on Telegram channels by exploiting loopholes in...

New PhaaS Platform Lets Attackers Bypass Two-Factor Authentication

Several phishing campaign kits have been used widely by threat actors in the past....

Stuxnet, The Malware That Propagates To Air-Gapped Networks

Stuxnet, a complex worm discovered in 2010, targeted Supervisory Control and Data Acquisition (SCADA)...

Threat Actors Claiming Breach of AMD Source Code on Hacking Forums

A threat actor named " IntelBroker " claims to have breached AMD in June...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles