The US authorities have indicted Alexander Connor Moucka and John Binns for their involvement in major corporate breaches.
Alexander “Connor” Moucka, aka Judische and Waifu, who is suspected of conducting a series of hacks tied to a high-profile breach of the data management platform Snowflake earlier this year, was arrested in Canada on October 30 2024. His alleged accomplice, John Erin Binns (aka Irdev, IntelSecrets, V0rtex, and SubVirt), was apprehended in Turkey earlier this year.
In a separate instance, Binns confessed to infiltrating T-Mobile’s systems, obtaining customer data, and selling it to an external party. He now faces a range of charges in the US, including hacking, money laundering, identity theft, and wire fraud.
The indictment, filed by the US Department of Justice, links Moucka and Binns to breaches involving massive amounts of customer data stolen from Snowflake cloud accounts, with AT&T being one of the primary targets. By using info-stealer malware to infect systems and exploit vulnerabilities in Snowflake accounts, these hackers accessed not only AT&T but also large corporations like Ticketmaster, Santander Bank, and Advance Auto Parts.
Moucka and Binns allegedly accessed "billions of sensitive records," which included highly confidential data like call logs, banking information, Social Security numbers, and more.
In addition to stealing data, the hackers extorted at least three victims, obtaining payments worth around 36 Bitcoin (about $2.5 million at the time). Moreover, media reports suggest that AT&T paid $370,000 to have the records deleted, indicating a hefty toll on affected businesses.
Besides extortion, the hackers sought to capitalize by selling stolen data on dark web forums, where they demanded millions for the information of high-value targets.
Over 165 companies reportedly experienced unauthorized access, including prolonged periods where the attackers roamed customer environments undetected. For instance, Santander’s breach affected approximately 30 million customers, while Advance Auto Parts incurred substantial financial losses due to the attack.
The indictment includes serious charges such as including conspiracy to defraud or harm the US, multiple violations of the Computer Fraud and Abuse Act for unauthorized access, extortion involving ransomware tactics, wire fraud, and aggravated identity. If convicted on all counts, the defendants could face a very long time in prison.