Tuesday, March 5, 2024

Cyber Criminals Hacked Major U.S. Mortgage Company Computer Servers to Steal Sensitive Data – FBI

A Team of 4 Hackers who are resided in San Diego Infiltrated the Mortgage Company Computer Servers to steal the sensitive data between 2011 – 2014.

The Stolen information including loan application information from thousands of customers such as Social Security numbers, addresses, dates of birth, and driver’s license numbers and use it for various malicious activities.

Also Read: Attackers Distributing Dangerous Malware via YouTube to Steal Passwords

Hackers Used Fuzzing Technique

John Bade, A chief Hacker and one of the masterminds of this hacking Group compromise the mortgage companies using a well known common hacking technique called Fuzzing.

Fuzzing helps to overload a web server with massive amounts of data that can lead to the server revealing security loopholes.

In this case, “Once Baden had access to victims’ information, he and his conspirators, Victor Fernandez, Jason Bailey, and Joel Nava, went to work. Fernandez—the group’s ringleader—identified multiple victims’ brokerage accounts and took control of them by calling the companies and providing the victims’ personal information to change passwords and contact information. “

25,000 Compromised Victims

Later they will transfer the funds to an account that controlled by the Hackers form the victims account and sometimes they transferred up to $30,000.

Spoke Person from FBI said, Victims stretched from California to Florida, and one individual lost nearly $1 million in the scheme.

In this case, more than 25,000 victims were compromised by this hackers and FBI believes that it could be more than we expected and its impossible to calculate since There was so much retail fraud over such a long period of time.

“Investigators worked backward from the mortgage company, eventually identifying the hack—and the hackers. By that time, Baden was hiding in Mexico. In 2014, he was named to the San Diego FBI’s Most Wanted Cyber Fugitives list, and the reward offered in the case eventually led to his capture in Mexico, Christopherson said.”

According to FBI,  All four Hackers pleaded guilty to their roles in the fraud scheme. In 2015, Baden was sentenced federally to nine years in prison. In January 2018, Fernandez was sentenced to more than 10 years in prison. Bailey received a sentence of more than five years, and in February 2018, Nava was the last subject to be sentenced, to 44 months in prison.

Website

Latest articles

GTPDOOR – Previously Unknown Linux Malware Attack Telecom Networks

Researchers have discovered a new backdoor named GTPDOOR that targets telecommunication network systems within...

US Court Orders NSO Group to Handover Code for Spyware, Pegasus to WhatsApp

Meta, the company that owns WhatsApp, filed a lawsuit against NSO Group in 2019....

New SSO-Based Phishing Attack Trick Users into Sharing Login Credentials  

Threat actors employ phishing scams to trick individuals into giving away important details like...

U.S. Charged Iranian Hacker, Rewards up to $10 Million

The United States Department of Justice (DoJ) has charged an Iranian national, Alireza Shafie...

Huge Surge in Ransomware-as-a-Service Attacks targeting Middle East & Africa

The Middle East and Africa (MEA) region has witnessed a surge in ransomware-as-a-service (RaaS)...

New Silver SAML Attack Let Attackers Forge Any SAML Response To Entra ID

SolarWinds cyberattack was one of the largest attacks of the century in which attackers...

AI Worm Developed by Researchers Spreads Automatically Between AI Agents

Researchers have developed what they claim to be one of the first generative AI...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles