Twenty-Two year-old Sebastien Raoult, a French citizen from the eastern town of Epinal has submitted a guilty plea to the U.S. Attorney’s office in Washington.
Raoult, who was known online as Sezyo Kaizen, was a member of the hacking group ShinyHunters which ransomed and leaked personal data from more then 60 companies between April 2020 and July 2021.
Information released by the US Attorney states that “In total, the conspirators stole hundreds of millions of customer records and caused loss to victim companies that is estimated to exceed $6 million.“
Arrest and extradition
Raoult, a computer science student, was arrested in Morocco in May 2021 at Rabat-Sale airport and was extradited to the US in January 2022 where he initially filed a plea of not guilty to nine charges of conspiracy, computer intrusion, wire fraud, and aggravated identity theft.
His lawyers had been fighting to have Raoult extradited to France where the belief was he would face less serious charges. However, Morocco’s Court of Cassation delivered a “favorable opinion” to have Raoult extradited to the US.
Court case
After pleading guilty to the charges of wire fraud and aggravated identity theft, Raoult is facing a lengthy prison sentence – The conspiracy to commit wire fraud is punishable by a maximum of 27 years in prison. Aggravated identity theft is punishable by a mandatory minimum two-year prison term to follow any other prison sentence imposed in the case.
Whether a jury will find Raoult guilt of the other charges is yet to be seen.
ShinyHunters
Named after the shiny cards in the Pokemon franchise, the group of hackers are believed to have formed in 2020 and within a short space of time managed to compromise many large organisations around the world.
Some of the attacks undertaken by ShinyHunters included:
- 2021
- AT&T Wireless: ShinyHunters began selling information on 70 million AT&T wireless subscribers, which contained user’s phone numbers, personal information and social security numbers.
- Pixlr: ShinyHunters leaked 1.9 million user records from Pixlr, the AI photo editing app
- Bonobos: ShinyHunters leaked the full backup cloud database of mens clothing store Bonobos to a hacker forum. The database contained address, phone numbers, and order details for 7 million customers; general account information for another 1.8 million registered customers; and 3.5 million partial credit card records and hashed passwords
- 2020
- Tokopedia: Tokopedia – an Indonesian e-commerce platform was breached by Shinyhunters, who claimed to have data for 91 million user accounts, including gender, location, username, full name, email address, phone number, and hashed passwords.
- Wishbone: ShinyHunters leaked the full user database of Wishbone – a highly popular comparison app. The database contained usernames, emails, phone numbers, city/state/country of residence, and hashed passwords.
- Microsoft: ShinyHunters claimed to have stolen over 500 GB of Microsoft source code from the company’s private GitHub account. The group published approx. 1GB of data to a hacking forum. Some cybersecurity experts doubted the claims until analyzing the code; upon analysis, ShinyHunters’ claims were no longer in question. Microsoft told Wired in a statement that they are aware of the breach. Microsoft later secured their GitHub account, which was confirmed by ShinyHunters as they reported being unable to access any repositories
- Wattpad: ShinyHunters gained access to the database for the social media writers platform – Wattpad. The database contained 270 million user records. Information leaked included usernames, real names, hashed passwords, email addresses, geographic location, gender, and date of birth.
- Pluto TV: ShinyHunters gained access to the personal data of 3.2 million Pluto TV users. The hacked data included users’ display names, email addresses, IP addresses, hashed passwords and dates of birth.
- Animal Jam: ShinyHunters attacked the online kids game – Animal Jam, leading to the exposure of 46 million accounts.
- Mashable: ShinyHunters leaked 5.22GB worth of data from the Mashable database. Mashable is a ditital news and entertainment website.
According to the records filed in the case, Raoult helped create websites that pretended to be login pages belonging to legitimate businesses. The conspirators sent phishing emails to company employees that were designed to look like they came from legitimate businesses and contained links to those login pages. Victims provided their account sign-on credentials on those fake login pages, and the conspirators obtained the victims’ credentials. Raoult and his co-conspirators used the login information to breach victims’ accounts, steal the data stored there, and search the stolen data for credentials to access additional data on companies’ networks and third-party service providers, such as cloud storage services.
