The ShinyHunters successfully attacked the networks and data of around sixty companies starting in spring 2020. Nearly four years later, the conviction of one of the members of this informal collective of hackers by the courts American – Sébastien Raoult was sentenced this Tuesday, January 9 to 3 years in prison – is an opportunity to make (bad) accounts of their computer hacking.
According to the confidences of one of the three young French people targeted by this procedure, the gang would have in fact amassed around three million euros in the space of two years. In March 2021, the ShinyHunters, for example, demanded a ransom of $1.2 million in Bitcoin or Monero from one of their victims, whose identity was not specified. Analysis of bitcoin flows suggests, explains the American prosecution, that the gang of cybercriminals would then have received around $425,000.
One in a thousand
A thirst for money that followed more modest beginnings. As ZDNET noted, the gang’s first fraudulent sales, spotted in May 2020, were not very profitable. They then stood at only $18,000 for 73 million stolen user data.
The mechanism for setting the price of stolen data is partly illuminated by exchanges revealed by the American justice system. In this exchange on Discord in August 2020, three million user data give a sale price of 3000 (the currency is not specified), or a price of one per thousand.
These more modest sums undoubtedly first reflected a lesser interest in the sale of data before possible amateurism. Sébastien Raoult, the cybercriminal convicted this Tuesday, January 9 by the American justice system, already had to his credit the hacking of a crypto-asset exchanger, according to his statements. As for Gabriel Bildstein, also targeted by this procedure, he was already indicted at that time in the Gatehub affair, this theft of crypto-assets.
Six million dollars in damage
In the end, the ShinyHunters cybercriminals caused approximately six million dollars in damage. An underestimated amount, however, warns American justice, referring only to the financial statements of seven victims. The GitHub platform, targeted in spring 2020 by a phishing campaign later called Sawfish – “my greatest success”, Sébastien Raoult boasted – had in fact counted more than 650 user accounts hacked by the ShinyHunters.
Hacks which would have earned Sébastien Raoult the equivalent of 100,000 euros, according to statements to investigators from one of the ShinyHunters. The latter, however, denied having made money from his thefts. American justice still ordered him to compensate the victims to the tune of $5 million. The young Frenchman indicated that he wanted to retrain in cybersecurity.