Notorious SIM-Swapping, Malware-Spreading, Bomb-Threatening Hackers Arrested

Polish authorities have arrested four suspected hackers whose many alleged crimes include using SIM swaps to steal accounts and send messages to falsely incriminate their victims. The hackers became notorious after they sent bomb threats to 1,066 kindergartens across Poland within the space of two days, prompting more than 10,000 people to be evacuated from 275 of the kindergartens. On one occasion they even tried to punish a detective and former member of parliament for investigating them by racking up huge mobile phone bills in his name.

Zaufana Trzecia Strona reports (in Polish) that the four arrested suspects are:

  • Kamil S., a hacker who used the alias Razzputin and is also of interest to the United States Federal Bureau of Investigation
  • Paweł K., a criminal ‘banker’ who used the pseudonym Manster_Team
  • Janusz K., considered by authorities to be one of the most talented and dangerous hackers in Poland
  • Łukasz K., described as an important figure in the criminal underground

They are variously accused of:

  • sending phishing messages that impersonated the police, tax authorities, bailiffs, delivery firms and the cybersecurity services of Orange Poland
  • infecting over 1,000 computers and mobile phones with malware
  • obtaining personal information and using it to swap SIMs
  • exploiting these methods to steal PLN199,000 (USD51,000), PLN220,000 (USD56,000) and PLN243,000 (USD62,000) from the bank accounts of three victims
  • attempting to steal PLN7.9mn (USD2mn) from a fourth victim, and only being foiled because the victim’s banker did not recognize the voice of the SIM swapper when he called to verify the transfer
  • creating at least 50 fake online stores that cheated over 10,000 victims

TVN24 reports (in Polish) about their most outrageous criminal endeavors, which began when Łukasz K. looked for hackers on internet forums that could help him hurt a former business partner. Janusz K. responded and was paid PLN5,000 (USD1,300) to send an email that seemingly originated from the account of the business partner and which threatened to bomb a school. The bogus email resulted in the business partner being arrested and detained for 48 hours. Łukasz K. enjoyed the plot so much that he then instructed Janusz K. to repeat it on a much larger scale, with the additional twist that each of the kindergarten threats also included a demand for money.

The targets of this campaign of harassment responded by hiring one of Poland’s most famous private detectives, Krzysztof Rutkowski. This represented a high-profile challenge to the hackers as Rutkowski is famous for his appearances on Polish television and also for using the diplomatic passport he obtained whilst he was a member of parliament to enter foreign countries and capture fugitives who could not be extradited. But instead of being intimidated by the hiring of Rutkowski, the hackers responded by adding several thousand złotys to his phone bill.

Europol issued a statement that confirmed the arrests were made by Poland’s Central Bureau of Investigation (Centralne Biuro Śledecze Policji) under the supervision of the Regional Prosecutor’s Office in Warsaw (Prokuratura Regionalna w Warszawie).

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.