More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials - such as usernames and passwords needed to remotely connect to the target’s network. Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves.
Darkode was taken down in 2015 as part of an FBI investigation sting operation, but screenshots of the community saved by this author show that DCReavers2 was already well known to the Darkode founders when his membership to the forum was accepted in May 2009.
Perhaps the earliest and most important cybercrime forum DCReavers2 frequented was Darkode, where he was among the first two-dozen members. Philbert did not respond to multiple requests for comment.Īccording to cyber intelligence firm Intel 471, that address has been used in conjunction with the handle “ DCReavers2” to register user accounts on a half-dozen English-language cybercrime forums since 2008, including Hackforums, Blackhatworld, and Ghostmarket. That same phone number is tied to a Facebook account for a 31-year-old Matthew Philbert from Orleans, who describes himself as a self-employed “broke bitcoin baron.” The Myspace account was registered under the nickname “ Darkcloudowner,” and to the email address search in DomainTools on that email address reveals multiple domains registered to a Matthew Philbert and to the Ottawa phone number 6138999251. The information tied to the Myspace account matches the age and town of the defendant. There is a now-dormant Myspace account for a Matthew Philbert from Orleans, a suburb of Ottawa, Ontario.
And a lot of these were small businesses that were just holding on by their fingernails during COVID.” A DARK CLOUD “We’ve identified in excess of a thousand of his victims. “I will say this, Philbert is the most prolific cybercriminal we’ve identified to date in Canada,” Watson said. In an interview with KrebsOnSecurity, OPP Detective Inspector Matt Watson declined to say whether other defendants were being sought in connection with the investigation, but said the inquiry is ongoing. indictment of Philbert (PDF) is unusually sparse, but it does charge him with conspiracy, suggesting the defendant was part of a group. “A quantity of evidentiary materials was seized and held for investigation, including desktop and laptop computers, a tablet, several hard drives, cellphones, a Bitcoin seed phrase and a quantity of blank cards with magnetic stripes,” the statement continues. “During the course of this investigation, OPP investigators determined an individual was responsible for numerous ransomware attacks affecting businesses, government agencies and private individuals throughout Canada as well as cyber-related offenses in the United States,” reads an OPP statement. Federal Bureau of Investigation (FBI) contacted them regarding ransomware attacks that were based in Canada.
authorities dubbed “Project CODA.” The Ontario Provincial Police (OPP) on Tuesday said the investigation began in January 2020 when the U.S. Matthew Philbert of Ottawa, Ontario was charged with fraud and conspiracy in a joint law enforcement action by Canadian and U.S.