Cybercriminals Allegedly Used a StubHub Backdoor to Steal Taylor Swift Tickets

As the world continues to navigate the complexities of cybercrime, two individuals have been arrested and charged with allegedly using a backdoor on StubHub to steal nearly 1,000 concert tickets, including those for Taylor Swift's Eras Tour. Tyrone Rose, 20, and Shamara P. Simmons, 31, of Jamaica, Queens, were arraigned in connection to the theft and sales.

The investigation reveals that between June 2022 and July 2023, approximately 350 orders totaling 993 tickets on StubHub were accessed through a third-party contractor called Sutherland. The alleged backdoor was used to access a secure area of the network where already sold tickets were given a URL and queued to be emailed to the purchaser for download.

The District Attorney's office claimed that the proceeds of the cybercrime totaled around $635,000 and involved tickets for Ed Sheeran concerts, NBA games, and the US Open Tennis Championships. While the investigation is ongoing, it's clear that these cybercriminals were able to exploit a vulnerability in StubHub's system to steal thousands of dollars' worth of concert tickets.

The Dark Side of Online Marketplaces

Every year, criminals make billions from the operations of highly organized scam compounds in Southeast Asia. These scams have grown increasingly sophisticated, and experts say there's no bigger marketplace than Huione Guarantee—a Cambodian gray market selling scam services that researchers claim has facilitated more than $24 billion in transactions.

The banking arm of Huione Guarantee's parent company, Huione Group, had its financial license suspended by officials in Cambodia this week. The United Nations Office on Drugs and Crime and crypto tracing firm Elliptic previously linked money moving through Huione Pay to cyberscamming, stating that the platform is a "willing facilitator of pig butchering and other fraud."

Russian Cryptocurrency Exchange Garantex Taken Down in Law Enforcement Action

The US Department of Justice announced an operation with Germany and Finland to disrupt the digital infrastructure behind notorious Russian cryptocurrency exchange Garantex. For years, the platform has allegedly been used for money laundering and other criminal transactions, including sanctions evasion.

Law enforcement said that the platform has processed at least $96 billion in cryptocurrency transactions since April 2019. US authorities froze over $26 million in funds used to facilitate money laundering as part of the Garantex takedown.

Scammers Impersonating Notorious Ransomware Attackers

The FBI warned this week that scammers pretending to be attackers from the BianLian ransomware gang are demanding ransoms from corporate executives in the US. The demands include claims that the group has breached a company's network and threaten to publish sensitive information unless a target pays up.

The scammers' ransom demands range from $250,000 to $500,000 payable via a QR code linking to a Bitcoin wallet. The real BianLian group has links to Russia and has targeted US critical infrastructure since June 2022, according to a November alert from the US Cybersecurity and Infrastructure Security Agency.