On October 22, 2018, The Chicago Sun Times revealed the findings of unsealed court documents which detailed an FBI investigation into a ring of suspected cryptojackers. The alleged ring is comprised of a group of online gamers who met while playing the popular video game Call of Duty.
Masterminding the Scheme
Call of Duty is a first-person shooter that allows players in different geographical locations to interact and communicate during gameplay. Using the communication tools embedded in the game, the alleged ring was able to plan the details of their theft. The thieves are reported to have made away with over $3 million worth of cryptocurrency form their victims.
While the FBI has yet to reveal the identities of the people suspected to be involved in the syndicate, the details of how the thefts happened are now clear. The group identified victims and acquired their personal information to access their cryptocurrency accounts and subsequently drain them.
Using details like names, phone numbers, as well as other unspecified information, the hackers were able to gain access to the phones of the victims. Once they had control of the mobile devices, the hackers then proceeded to empty all the funds contained in their hot wallets.
Hot wallets are cryptocurrency accounts that can be accessed online. While these types of wallets are popular due to their ease of use, they are a security risk because they connected to the Internet.
Prediction Market Augur Targeted
In December 2016, blockchain-based startup Augur filed a complaint with the FBI, revealing their suspicions that members of their workforce, as well as their investors, were being targeted by hackers. The charge launched the FBI-led investigation into the alleged gaming ring of thieves.
Augur is a prediction market based on blockchain technology. The protocol allows people to bet on any number of scenarios, from sports games all the way to assassinations. The platform has a native cryptographic token called Reputation (REP) that users can use to place their bets.
The FBI investigation found that the ring was able to steal $805,000 in REP Tokens. While the authorities are, as of yet, unable to ascertain the value of the total amounts stolen by the hackers, the investigators’ conservative estimates put the amount at around the $3.3 million mark. While employees and investors of Augur were targeted for their REP tokens, the hackers also stole other digital currencies.
To access and launder their ill-gotten gains, the hackers used other cryptocurrency networks, such as BTC and ETH. They simply moved the funds around until the money was deposited into cryptocurrency wallets under their control.
A Tale of Blackmail
The FBI has yet to determine the size of the ring though it has identified a few of the group’s active players. One of the suspects is a man who lives in Dalton, Georgia in the U.S. On August 1, the FBI raided his home and seized computers and cell phones.
Another man identified as the “Bloomington man” is also a key suspect. Curiously, the suspect claims he is also a victim of the ring and was forced to participate in all the illegal activity. Through an online interview, the Bloomington man explained: “I have done nothing but cooperate with Augur and the FBI,” he said.
“I have never once profited from anyone [by] crypto-hacking, ever.”
The Bloomington man alleges that he was forced to join the ring when the gang threatened to SWAT him. SWATting is the act of calling law enforcement officers with false reports of a violent crime in occurrence to prompt the dispatch of a significant number of police officers to an address. SWATting is illegal and can result in serious injuries, as well as other grievances like the destruction of property, to the people whose address is implicated in the call.
SWATting has long been used as a weapon in the cryptocurrency sector. For instance, noted bitcoin developer Hal Finney and his family were victims of SWATting back in 2014. Finney, who at the time was in the last stages of Lou Gehrig’s disease and was confined to a wheelchair, was left in the lawn of his home in the cold for half an hour while the authorities searched his home.
The call was placed by an unknown man who had been blackmailing the Finney family. The criminal had been harassing the Finneys for about a year, demanding 1,000 bitcoins in exchange for peace. The blackmailer eventually called the police claiming he had killed two people at the Finney address and was planning to kill one more.
The violence prompted a heavy-handed response by the police to the scene. In the ensuing chaos, Finney was exposed to potentially fatal conditions. Speaking of the experience, Fran Finney, the developer’s wife expressed concern for his well being during the raid saying:
“I was just panicking that he was going to need suction or something. He didn’t have anything with him except his ventilator.”
While Finney survived the raid, the Bloomington man told the FBI that he was forced into the ring because of fear of being SWATted. In his March 2017 interview with the FBI, the man claimed that the group furnished him with the personal details of the victims after he consented to avoid any repercussions from the gang. The FBI affidavit states that he then used these details to help the ring gain access to about 100 phones. The Bloomington suspect has, however, denied that the hacked mobile devices come to a hundred and that the actual number is smaller.
While the Bloomington man denies all wrongdoing, the FBI affidavit reveals the depths of his involvement. In transcripts of online conversations, the FBI found the suspect discussing their scam. The Bloomington man was chatting with another suspect about attempting to extort a victim after stealing his REP tokens. The January 31, 2017 exchange ended with the other suspect responding “LOL. Hack the planet.”
While none of the suspects have yet to be formally charged, the sordid story is a reminder to stay vigilant to avoid falling victim to such criminals.