Apr 192019

Todd Ackerman reports:

MD Anderson Cancer Center is ousting three scientists in connection with concerns China is trying to steal U.S. scientific research, the first such publicly disclosed punishments since federal officials directed some institutions to investigate specific professors in violation of granting agency policies.

MD Anderson took the actions after receiving e-mails last year from the National Institutes of Health, the nation’s largest public funder of biomedical research, describing conflicts of interest or unreported foreign income by five faculty members. The agency, which has been assisted by the FBI, gave the cancer center 30 days to respond.

Read more on The Houston Chronicle.

Apr 192019

Laura Hautala reports:

It’s some of the most sensitive medical information a person could have. Records for potentially thousands of patients seeking treatment at several addiction rehabilitation centers were exposed in an unsecured online database, an independent researcher revealed Friday [link corrected by DataBreaches.net].

The records included patients’ names, as well as details of the treatment they received, Justin Paine, the researcher, says. Each patient had multiple records in the database, and Paine estimates there could be about 145,000 patients total in the database.

Paine notified the main treatment center, as well as the website hosting company, when he discovered the database. The data has since been made unavailable to the public. Paine found the data by typing keywords into the Shodan search engine that indexes servers and other devices that connect to the internet.

Read more on CNET.

Apr 192019

Breaches that involve health data generally will cost you more. Asia Fields reports:

Washington State University learned a costly lesson after a hard drive containing the personal information of more than a million people was stolen from a self-storage locker in 2017. Now, the university is going to have to pay even more.

In a settlement approved in King County Superior Court on Thursday, the university agreed to pay up to $4.7 million in cash reimbursements, attorneys fees and administrative expenses. On top of that, the university will pay for two years of credit monitoring and insurance services for up to 1,193,190 people, according to the settlement agreement.

Read more on Seattle Times.

Apr 192019

Vin Ebenau reports:

A Monmouth County man will spend five years in prison for hacking into the private cloud based accounts of two women and then stealing lewd videos and images of them which he preceded to post on publicly accessible websites, announced New Jersey Attorney General Gurbir Grewal.

Patrick S. Farrell, 37, of Clarksburg (Millstone Township) was sentenced by Superior Court Judge Richard W. English in Monmouth County.

Read more on WOBM.

Apr 192019

Defendant’s “Codeshop” Website Sold Troves of Stolen Credit Card Data and Bank Account Logins on the Black Market

April 17 – Earlier today, in federal court in Brooklyn, Djevair Ametovski, a Macedonian citizen, was sentenced by United States District Judge Eric N. Vitaliano to 90 months’ imprisonment after previously pleading guilty to access device fraud and aggravated identity theft.  Those crimes related to Ametovski’s operation of “Codeshop,” a website he created for the sole purpose of selling stolen credit and debit card data, bank account credentials and personal identification information.  Judge Vitaliano also ordered the defendant to forfeit $250,000 and to pay restitution in an amount to be determined by the Court at a later date.  Ametovski was arrested in Ljubljana, Slovenia, in January 2014, and was extradited to the United States in May 2016.

Richard P. Donoghue, United States Attorney for the Eastern District of New York, and David E. Beach, Special Agent-in-Charge, United States Secret Service, New York Field Office (USSS), announced the sentence.

“Ametovski and his co-conspirators were merchants of crime, stealing victims’ information and selling that information to other criminals,” stated United States Attorney Donoghue.  “This Office and our law enforcement partners will tirelessly pursue cybercriminals who seek to profit at others’ expense.”  Mr. Donoghue thanked the Slovenian Ministry of the Interior and Ministry of Justice, the United States Marshals Service, the U.S. Department of State Regional Security Officers in Slovenia and the Netherlands, and the Justice Department’s Office of International Affairs, for their assistance with the investigation and prosecution of the defendant.

“The sentencing of this transnational cybercriminal emphasizes the commitment of the Secret Service to disrupt and dismantle global criminal networks,” stated USSS Special Agent-in-Charge Beach.  “The Secret Service will continue to work closely with our network of law enforcement partners to dismantle criminal enterprises seeking to victimize innocent people, regardless of geographic distance or borders.”

Ametovski and his co-conspirators operated Codeshop between August 2010 and January 2014, victimizing hundreds of thousands of individuals around the world by hacking into the computer databases of financial institutions and other businesses and through “phishing” scams designed to induce accountholders to unwittingly surrender private identification information.  They packaged this stolen data for sale and posted it on the Codeshop website, a fully indexed and searchable website that allowed users to search by bank identification number, financial institution, country, state and card brand to find the data they wanted.  The stolen data could then be used to make online purchases and to encode plastic cards to withdraw cash at ATMs.  Ametovski used a network of online money exchangers and anonymous digital currencies, including Bitcoin, to reap revenues from the Codeshop website and to conceal all participants’ identities, including his own.  Over the course of the scheme, Ametovski obtained and sold stolen credit and debit card data for more than 1.3 million cards.

The government’s case is being handled by the Office’s National Security & Cybercrime Section.  Assistant United States Attorneys Saritha Komatireddy and David K. Kessler are in charge of the prosecution.

The Defendant:

DJEVAIR AMETOVSKI (also known as “xhevo,” “codeshop,” “sindrom” and “sindromx”)
Age: 32

E.D.N.Y. Docket No. 16-CR-409 (ENV)