Marquavious Britt, a 26-year-old hacker, is alleged to have tried selling access to a Managed Service Provider’s (MSP) data via the dark web for just $600 – leaving a trail of damage amounting to millions of dollars.
Britt worked for Chimera, the MSP in question, as a project manager who was tasked with assisting the company move a pharmaceutical organization’s data to Microsoft Office 365.
How Did He Do It?
The FBI says that Britt made an initial attempt to extort Chimera’s clients by seeking ransom payments in cryptocurrency terms in exchange for their critical data held hostage. When this attempt failed, the suspect tried selling access to Chimera’s data hosted by a number of cloud servers – including sets of information that were dear to a host of law firms and a pharmaceutical company.
Britt’s case exposed his efforts to trade Chimera’s data online, which was detected when various posts were made on the dark web under the nickname “w0zniak” – a possible reference to Steve Wozniak, Apple’s cofounder.
It is alleged that Britt gained access to the pharmaceutical company’s communication system and applied the gathered knowledge to try blackmailing the company through a mail he sent on July 26.
In principle, the suspect acquired rights to the company chief’s emails and managed to peruse the CEO’s documents in a bid to figure out the company’s competitors and potential partners. After that, Britt would target the IT group by deleting their account. After this step, he went ahead and mailed the CEO to spell his ransom terms. In the email, he threatened the CEO that he would release critical information to his competitors unless paid in Bitcoin.
The FBI provided a copy of the said ransom email, which outlined some of the methodologies used by the suspect to hack the company’s communication system. According to Britt’s writing, in which he appeared to represent a hacker group, the hackers used a bluekeep malware to breach the organization’s servers. They further applied phishing techniques to target user accounts.
Consequently, they were able to obtain important data – including social security numbers, banking information, and proprietary data. In return for this set of information, the email spelt out a ransom of 1.5 Bitcoin.
Thereafter, one other Chimera’s customer suffered an attack on its web hosting services. Britt’s employer alleges that the suspect hijacked their GoDaddy account and accessed the email accounts of people associated with the food manufacturing firm. Fortunately, Chimera was able to do a forensic study on the case and averted any possible damage.
The above events led to Britt’s sacking in circumstances that were described by his employer as a case of on-the-job negligence. It is after this resolution that Raymond Alexander, co-owner of Chimera, got wind of the advertisement for the sale of access to Chimera’s customer data on the dark web.
The authorities were alerted, and they moved in to apprehend Georgia-based Britt on January 17.
Tech-Savvy but OPSEC-Dumb
According to court files and an interview granted by Britt’s employer, the alleged cybercriminal who operated a darknet account as “w0zniak” was described as an IT-smart individual but with little experience in criminal activity.
The suspect was caught b feds who had got wind of information regarding “information belonging to an MSP being posted for sale on the dark web on September 30. The agents made arrangements to buy the data and went ahead to make a $600 payment in Bitcoin. This would help the authorities trace back the transaction to Britt in Georgia.
Furthermore, the investigation revealed the trade of personal identifiable information harvested from TaxSlayer, Britt’s workplace following the termination of his tenure at Chimera.
You can join the discussion here