US government charges hackers behind massive AT&T breach


First came the arrests. Now, it’s time for formalities. The US government has officially charged two hackers who stole 50 billion customer records from AT&T and other companies.

Alexander Connor Moucka was arrested in Canada on the day before Halloween, and John Binns was detained by Turkish authorities back in May – even before AT&T disclosed that the hackers stole the records of “nearly all” of its cellular and landline customers.

Now, the US Department of Justice has officially filed an indictment against Moucka and Binns, naming them as the hackers behind this year’s landmark data breaches.

ADVERTISEMENT

They used multiple infostealer malware campaigns to infect customer systems and then systematically penetrated Snowflake cloud storage accounts.

Over a hundred Snowflake corporate accounts were accessed, including market behemoths such as Ticketmaster, AT&T, Santander Bank, and Advance Auto Parts. The Ticketmaster breach alone exposed over half a billion individuals.

The indictment doesn’t mention AT&T. The document revolves around “Victim-2,” which is described as “a major telecommunications company located in the United States.” But the provided breach dates fit the bill – “Victim-2” is definitely AT&T.

According to the indictment, Moucka and Binns accessed “billions of sensitive customer records.”

Konstancija Gasaityte profile vilius Ernestas Naprys Paulina Okunyte
Get our latest stories today on Google News

They include call and text history records, banking and other financial information, payroll records, Drug Enforcement Agency registration numbers, driver’s license numbers, passport numbers, Social Security numbers, and other personally identifiable information.

Besides, the hackers successfully extorted at least three victims of at least 36 bitcoin ($2.5 million when the victims paid up). They also posted offers to sell victims’ stolen data on cybercriminal forums for millions of dollars.

Wired previously said that AT&T paid a hacker $370,000 in order for them to delete the stolen records. US prosecutors say in the indictment that “Victim-2” paid a ransom.

ADVERTISEMENT

It’s estimated that the Snowflake attacks exposed 165 companies, with attackers roaming their customer environments for days. Around 30 million Santander customers were exposed, while Advance Auto Parts said the attack cost it millions of dollars.