Headline
This Tool Lets Hackers Dox Almost Anyone in the US
The US Secret Service’s relationship with the Oath Keepers gets revealed, Tornado Cash cofounders get indicted, and a UK court says a teen is behind a Lapsus$ hacking spree.
“The government needs to stop these companies from packaging and selling our personal information,” US senator Ron Wyden of Oregon told 404 Media in a statement, “and the senior executives that put profit over national security and Americans’ safety should be punished accordingly.”
A new report by the Citizens for Responsibility and Ethics in Washington (CREW), a nonprofit government watchdog, found that US Secret Service agents were in close contact with the leader of the far-right militant group the Oath Keepers during the final months of the Trump administration. Emails published in the report suggest a cordial relationship between agents and Stewart Rhodes, the leader of the group.
In one email, an agent wrote that they had just spoken to Rhodes about an upcoming visit by former president Donald Trump to Fayetteville, North Carolina. The agent described himself as “the unofficial liaison to the Oath Keepers (inching towards official).” The agent also said that Rhodes “had specific questions and wanted to liaison [sic] with our personnel,” and shared Rhodes’ cell phone number.
In May, Rhodes was found guilty of seditious conspiracy over his role in the insurrection at the Capitol on January 6. He was sentenced to 18 years in prison and 36 months of supervised release.
In an indictment unsealed on Wednesday, August 23, the US Department of Justice alleges that the developers behind Tornado Cash, a cryptocurrency mixer, laundered more than $1 billion dollars that included hundreds of millions for a North Korean hacking group. Roman Semenov and Roman Storm were charged with conspiracy to commit money laundering and sanctions violations, as well as conspiracy to run an unlicensed money-transmitting business. Storm, who lives in Washington state, was arrested on Wednesday, while Semenov, a Russian national, has not yet been taken into custody.
Tornado Cash is a privacy service that obfuscates the trail of ownership for cryptocurrency. According to the indictment, the service violated US sanctions, and its operators knowingly helped “hackers and fraudsters conceal the fruits of their crimes.”
In a statement, Storm’s lawyer, Brian Klein, characterized the charges as dangerous and unprecedented. “We are incredibly disappointed that the prosecutors chose to charge Mr. Storm because he helped develop software, and they did so based on a novel legal theory with dangerous implications for all software developers,” he said. Klein said Storm has been released on bail.
Also on Wednesday, a London court found a key member of the cybercrime group Lapsus$ responsible for several high-profile hacks targeting companies like Uber, Nvidia, and Rockstar Games. Arion Kurtaj, who is now 18, faced 12 charges, including three counts of blackmail, two counts of fraud, and six charges under the UK’s Computer Misuse Act.
From 2021 to 2022, Kurtaj, along with other members of Lapsus$, most of whom are believed to be teenagers, carried out a series of attacks focused on extorting major companies and government agencies around the world, the jury found. The Uber hack, for instance, reportedly cost the company $3 million in damages. At the time, Uber said that the hacker who took responsibility posted pornographic material to an internal information page, alongside the message, “Fuck you wankers.”
The hacking spree prompted a major review earlier this month by US authorities who warned of the rising threat of juvenile hackers.