Sunday, December 22, 2024

Investigators have laid out how hackers claim they stole Ticketmaster data. Will they go to jail?

Must read

An international hacking syndicate is allegedly responsible for stealing millions of customer records in cyber attacks on Pizza Hut, an Indonesian e-commerce site and now, Ticketmaster.

Only one member has ever been prosecuted over the group’s activities.

Sebastien Raoult was a French citizen living in Morocco when he caught the attention of authorities for his involvement with the ShinyHunters hacking group in 2022.

During the course of four years, ShinyHunters stole 200 million customer records from more than a dozen companies when authorities caught up with Raoult.

Sébastien Raoult was a part of the ShinyHunters group when he was arrested and extradited over data theft.(Supplied: AFP)

He was extradited to the US for his involvement with the group, and was ordered to pay $7.5 million in restitution.

ShinyHunters persist

ShinyHunters latest claimed hit in May was on Ticketmaster, and reportedly included names, addresses, credit card numbers (the last four digits and expiry date), phone numbers and payment details.

About two million Australians were potentially impacted, and ShinyHunters threatened to sell the information online for $750,000. 

An investigation from Google-owned security firm Mandiant detailed how the attack likely played out.

Loading…

Mandiant said they were first notified through ‘threat intelligence’ that a customer’s credentials had been compromised through the cloud storage facility Snowflake.

“During this investigation, Mandiant determined that the organisation’s Snowflae instance had been compromised by a threat actor using credentials previously stolen via infostealer malware,” the company said.

“The threat actor used these stolen credentials to access the customer’s Snowflake instance and ultimately exfiltrate valuable data.”

Snowflake stores and analyses customer databases and information for businesses around the world — including Ticketmaster.

A generic stock photo of a "hacker" superimposed with words like "For Sale, information on citizens, price: $50,000".

Hackers threatened to release the data unless they were paid a ransom.(Graphic: ABC News)

A month later, only one arrest

ShinyHunters group announced the arrest of one of its administrators shortly after one of its forums were seized by the federal bureau, following an investigation into the hack.

“We regret to inform you that administrator Baphomet (our ‘space cowboy’), has been arrested, leading to the seizure of pretty much all of our infrastructure by the FBI,” the group posted.

“At this point, the future of our forum remains uncertain. No members of ShinyHunters have been arrested. We are currently waiting for further confirmations from our staff, and we will keep you updated with any new announcements in this channel.”

However, the FBI said it could not comment about any potential arrest and declined to say whether anyone had been taken into custody in relation to the hack.

Will anyone be arrested over the Ticketmaster hack?

Latest article