07 July 21, 17:07
Quote:A Moroccan man suspected of being “Dr HeX” – the prolific threat actor behind a nine-year cyber-blitz on thousands of victims through phishing, website defacing, malware development, fraud and carding – has been arrested.
Interpol announced the bust – which took place in Morocco in May – on Tuesday, describing it as the result of a joint two-year probe dubbed Operation Lyrebird that saw Interpol working closely with the Moroccan police and security firm Group-IB.
The unnamed suspect allegedly helped to develop carding and phishing kits to sell on criminal online forums. One example of a carding site is Joker’s Stash, which was taken down in December. It was a popular cybercriminal destination that specialized in trading in payment-card data, offering millions of stolen credit and debit cards to buyers.
As described in Interpol’s announcement, the buyers of Dr HeX’s carding and phishing kits used them to masquerade as online-banking facilities, allowing the suspect and others “to steal sensitive information and defraud trusting individuals for financial gain, with the losses of individuals and companies published online in order to advertise these malicious services.”
We saw one such example of how the carding economy works in October, when Dallas-based smoked-meat franchise Dickey’s Barbecue Pit saw 3 million customer payment cards turn up on the site. Anyone purchasing the information could create cloned cards to physically use at ATMs or at in-store machines that aren’t chip-enabled; or, they can simply use the information to buy things online.
According to a writeup from Group-IB, the suspect was allegedly involved in attacks on 134 websites over the course of nine years, from 2009-2018, leaving his signature “Dr HeX” nickname on the attacked web pages. Dr HeX was just one of the nicknames the suspect allegedly used, but that’s the one that the security firm chose to dub the threat actor whom they tracked.
Read more: Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing | Threatpost