Fraudster’s fake data breach claims should remind media to be careful what we report

Posted on by Dissent

Over the past few weeks, DataBreaches had occasionally checked a dark web leak site by an individual or group called “Mogilevich.” However, DataBreaches didn’t report on any of their claimed victims because the site and the claims seemed sketchy and there was no confirmation.

DataBreaches will not name and shame those sites or outlets that did report on the alleged hacks, but many sites and news outlets have responsibly headlined that Mogilevich’s claims were all a hoax. Hoaxes have consequences. Firms who are falsely accused of having been hacked may experience harm to their reputation. They may incur expenses to investigate the (false) claims and have to pay for public relations or legal services. A recent situation with State Farm comes to mind. Threat actors claimed to have hacked them and exfiltrated all customer data. They hadn’t acquired the customer data they had claimed, but that didn’t stop some eager-beaver lawyers and customer(s) from rushing to file suit over the alleged data breach. State Farm had to deal with bad press and litigation over a breach that never happened.

In a farewell post, Mogilevich claimed to have made money from what they describe as professionally executed fraud, but their claims about making money might also be a total hoax:

Hi here it's the Mogilevich group, unfortunately this link led you to an important announcement of our business instead of evidence of a breached database. You may be wondering why all this, and now I'm going to explain everything you need. In reality, we are not a Ransomware as a Service, but professional fraudsters. None of the databases listed in our blog were as true as you might have discovered recently. We took advantage of big names to gain visibility as quickly as possible, but not to fame and receive approval, but to build meticulously our new trafficking of victims to scam. We have sold exactly 8 panel accesses belonging to our private infrastructure, something that in itself has never existed. Initially, the price was a deposit of one thousand dollars, When victims paid, we decided to double the deposit, we manipulated the victims giving him the choice of receiving the money back, or updating the deposit with an additional thousand dollars. From here, about sixteen thousand dollars are taken from the victims. Have you wondered why we were asking for screenshots of potential buyers' crypto wallets? Our goal was to use this evidence of funds to sell alleged accounts Crypto stolen under other identities. From here we were able to take about seven thousand dollars from the victims. We used social engineering pretending to be big buyers to get Initial Access Brokers to send us evidence of their accesses, such as photos and videos. We've used all of this to sell fake accesses and to build our own credibility from Ransomware as a Service. From here, about eleven thousand dollars are taken. The biggest coup was made today.As you know, we have published a well-known drone company as a target. The price for the alleged one-terabyte database was one hundred thousand dollars. We were immediately contacted by interested people, One of them was put at ease, as if he were the boss at the time, we explained to them that the data of that company They were private prototype projects, blueprints, and that unfortunately even a small leak of data in the sample could cause great damage. We made him believe that we had other buyers who were pressing us and that they wanted the projects as soon as possible. So seeing this, the victim did nothing but think that by doing so he would miss an opportunity. After various techniques adopted to make ourselves credible, we came to terms by agreeing on a price of eighty-five thousand dollars. Now the real question is? Why confess all this when we could just run away? This was done to illustrate the process of our scam, We don't think of ourselves as hackers but rather as criminal geniuses, if you can call us that. I think I've taught a lot of people, especially Epic Games, a lesson that by creating ads and tweets has done nothing than advertise us by enlarging our fraudulent network. My tox to confirm its me: E424A6FF3A035D5B733AB6AC253531B36910380D9BA8DDE4115923235457BE574EFA8997FCD5 - Pongo

During Mogilevich’s brief existence, DataBreaches reached out to Mogilevich on Telegram to learn more about the individual or group. At the time, the individual claimed he knew “Kmeta,” but when DataBreaches contacted Kmeta, he said he never heard of Mogilevich. Confronted with that denial, Mogilevich claimed that Kmeta knew him under his previous name. But he didn’t provide it, and that’s where that interaction had ended.

Yesterday, a user named “Pongo” contacted DataBreaches on Telegram to ask DataBreaches to tell an administrator on BreachForums that Pongo was not Kmeta. That seemed to backfire for him because when DataBreaches contacted an administrator to inform them of the unexpected request, the administrator immediately said Pongo’s request proved that Pongo was Kmeta. But while the forum administrator is convinced that Pongo and Kmeta are the same, when asked directly, Kmeta denied being Pongo. But, of course, that’s what you’d expect a liar and a fraudster to say, right?

Kmeta suggested that Pongo was a clown who had never made any money or scammed anybody and was seeking attention. “There is zero proof he scammed anyone,” Kmeta told DataBreaches, adding that all journalists and researchers who reported on Mogilevich/Pongo have just helped him make himself famous.

So is Pongo really Kmeta, or is Kmeta telling the truth, and Pongo is just a Kmeta-wannabe?

DataBreaches isn’t sure, but it is sure that this site will likely not knowingly report on Pongo again unless it’s his arrest.

 

Category: Breach IncidentsBusiness SectorU.S.Uncategorized