Stupid Hacker Goes To Jail
Posted by: Timothy Weaver on 11/01/2016 08:37 AM
[
Comments
]
Dwayne C. Hans was arrested on a charge of computer fraud, wire fraud, and money laundering.
Sam is a website where contractors can input their bank account credentials in order to get paid. His hack was to alter data on the Pension Benefit Guarantee Corporation (PBGC) in order to transfer more than $1.5 million to a bank account under his control.
So far so good, right? Wrong. The transfer was cancelled before it could be done and followed the trail back to Hans:
"According to Internet Protocol ('IP') address information associated with the defendant's intrusion into SAM.gov, the unauthorized access was gained through IP addresses registered to 'Dwayne C. Hans' at an address in Richland, Washington (the 'Richland address'), at which address the defendant has been observed by the FBI on multiple occasions in August 2016 and September 2016. In addition, the user information that was provided as part of the process to access the SAM.gov website without authorization was associated on SAM.gov with the email address 'dwayne.hansjr@outlook.com."
Yep, Hans was so stupid as to leave his own IP address, his own name, his own home address, and his own personally identifiable email account.
That's not all. Hans also created five bank accounts at the financial institution from which he later stole. He then linked those accounts to an account at J.P. Morgan in order to try to steal $134,000 from two corporate accounts at the bank.
The hack was caught and stopped before the theft could take place:
"The five accounts that the defendant Dwayne C. Hans created were associated with the name 'Dwayne C. Hans' and with information linked to the defendant, including the Richland Address and the defendant's social security number. For example, the new account to which the defendant attempted to link the JP Morgan Account was registered using the name 'Dwayne C. Hans Jr.,' the defendant's birthdate, and the Richland Address. In addition, the defendant listed a home phone number ending in -3434; the same phone number is associated with the bank account that the defendant entered on SAM.gov, as discussed above."
"These five accounts created by the defendant Dwayne C. Hans were also accessed using IP addresses registered to 'Dwayne Hans' at the Richland Address and with other IP address associated with Richland, WA."
That was all it took to find and arrest Hans. If only hackers were that dumb.
Source: Graham Cluley
Sam is a website where contractors can input their bank account credentials in order to get paid. His hack was to alter data on the Pension Benefit Guarantee Corporation (PBGC) in order to transfer more than $1.5 million to a bank account under his control.
So far so good, right? Wrong. The transfer was cancelled before it could be done and followed the trail back to Hans:
"According to Internet Protocol ('IP') address information associated with the defendant's intrusion into SAM.gov, the unauthorized access was gained through IP addresses registered to 'Dwayne C. Hans' at an address in Richland, Washington (the 'Richland address'), at which address the defendant has been observed by the FBI on multiple occasions in August 2016 and September 2016. In addition, the user information that was provided as part of the process to access the SAM.gov website without authorization was associated on SAM.gov with the email address 'dwayne.hansjr@outlook.com."
Yep, Hans was so stupid as to leave his own IP address, his own name, his own home address, and his own personally identifiable email account.
That's not all. Hans also created five bank accounts at the financial institution from which he later stole. He then linked those accounts to an account at J.P. Morgan in order to try to steal $134,000 from two corporate accounts at the bank.
The hack was caught and stopped before the theft could take place:
"The five accounts that the defendant Dwayne C. Hans created were associated with the name 'Dwayne C. Hans' and with information linked to the defendant, including the Richland Address and the defendant's social security number. For example, the new account to which the defendant attempted to link the JP Morgan Account was registered using the name 'Dwayne C. Hans Jr.,' the defendant's birthdate, and the Richland Address. In addition, the defendant listed a home phone number ending in -3434; the same phone number is associated with the bank account that the defendant entered on SAM.gov, as discussed above."
"These five accounts created by the defendant Dwayne C. Hans were also accessed using IP addresses registered to 'Dwayne Hans' at the Richland Address and with other IP address associated with Richland, WA."
That was all it took to find and arrest Hans. If only hackers were that dumb.
Source: Graham Cluley
Comments
