“Cyber extortion is unfortunately a rapidly growing threat and highlights the ever-growing need for corporations to remain vigilant in cybersecurity efforts,” said Sean Burke, Acting Special Agent in Charge of FBI Atlanta. “This sentencing is just one example of the FBI working together to hold criminals that hide behind their computers accountable, regardless of their location.”

According to information presented in court, in June 2017, Purbeck purchased access to the computer server of a Griffin medical clinic on a darknet marketplace. He then used the stolen credentials to illegally access the computers of the medical clinic and removed records that contained the sensitive personal information of more than 43,000 individuals, including names, addresses, birth dates, and social security numbers.

In February 2018, Purbeck purchased access to a City of Newnan Police Department server on a darknet marketplace. Purbeck used the stolen credentials to hack into the City of Newnan’s computer systems and stole police reports and other documents, including personal information of more than 14,000 individuals.

Purbeck also attempted to extort a Florida orthodontist in July 2018, demanding a ransom payment in Bitcoin in return for his stolen patient files, threatening to sell the patient and personal information unless the orthodontist paid the ransom. Additionally, Purbeck threatened to sell the personal information of the orthodontist’s minor child. Purbeck harassed the orthodontist and his patients for 10 days with numerous threatening emails and text messages.

Song Wu, Chinese national, was indicted in September 2024, on charges for wire fraud and aggravated identity theft arising from his efforts to fraudulently obtain computer software and source code created by the National Aeronautics and Space Administration (“NASA”), research universities, and private companies.

“Efforts to obtain our nation’s valuable research software pose a grave threat to our national security,” said U.S. Attorney Ryan K. Buchanan. “However, this indictment demonstrates that borders are not barriers to prosecuting bad actors who threaten our national security.” According to information presented in court, Song allegedly engaged in a multi-year “spear phishing” email campaign in which he created email accounts to impersonate U.S.-based researchers and engineers and then used those imposter accounts to obtain specialized restricted or proprietary software used for aerospace engineering and computational fluid dynamics. This specialized software could be used for industrial and military applications, such as development of advanced tactical missiles and aerodynamic design and assessment of weapons. In executing the scheme, Song allegedly sent spear phishing emails to individuals employed in positions with the United States government, including NASA, the U.S. Air Force, Navy, and Army, and the Federal Aviation Administration.  Song also sent spear phishing emails to individuals employed in positions with major research universities in Georgia, Michigan, Massachusetts, Pennsylvania, Indiana, and Ohio, and with private sector companies that work in the aerospace field. Song’s spear phishing emails appeared to the targeted victims as having been sent by a colleague, associate, friend, or other person in the research or engineering community. His emails requested that the targeted victim send or make available source code or software to which Song believed the targeted victim had access. According to the indictment, while conducting this spear phishing campaign, Song was employed as an engineer at Aviation Industry Corporation of China (“AVIC”), a Chinese state-owned aerospace and defense conglomerate headquartered in Beijing, China.  AVIC manufactures civilian and military aircrafts and is one of the largest defense contractors in the world.

Ilya Lichtenstein, 35, of New York City, was sentenced recently to 60 months in federal prison for his involvement in a money laundering conspiracy arising from the hack and theft of approximately 120,000 bitcoin from Bitfinex, a global cryptocurrency exchange. According to information presented in court, Lichtenstein hacked into Bitfinex’s network in 2016, using advanced hacking tools and techniques. Once inside the network, Lichtenstein fraudulently authorized more than 2,000 transactions transferring 119,754 bitcoin from Bitfinex to a cryptocurrency wallet in Lichtenstein’s control. Lichtenstein then took steps to cover his tracks by deleting from Bitfinex’s network access credentials and other log files that could have revealed his conduct to law enforcement. Following the hack, Lichtenstein enlisted the help of his wife, Heather Morgan, in laundering the stolen funds. Lichtenstein, at times with Morgan’s assistance, employed numerous sophisticated laundering techniques, including using fictitious identities to set up online accounts; utilizing computer programs to automate transactions; depositing the stolen funds into accounts at a variety of darknet markets and cryptocurrency exchanges and then withdrawing the funds; converting bitcoin to other forms of cryptocurrency in a practice known as “chain hopping;” depositing a portion of the criminal proceeds into cryptocurrency mixing services; using U.S.-based business accounts to legitimize Lichtenstein’s and Morgan’s banking activity; and exchanging a portion of the stolen funds into gold coins. Additional information on this case is available on the United States Department of Justice’s website for large cases here.  

So what to do to prepare? Some obvious first steps are educating employees on cyber safety measures, making sure emails are encrypted, ensuring cyber insurance is up to date and becoming familiar with your company’s assets. You want to have a procedure and plan written ahead of time.