The irony of fate: how a famous cybercriminal fell victim to his own virus
An Israeli hacker did not notice the activation of the infostealer on his personal computer and accidentally sold his own data to third parties.
Israeli company Hudson Rockspecializing in cyber intelligence, discovered curious data about a hacker nicknamed “La_Citrix”. This attacker is known in cybercriminal forums for hacking into companies and selling access to their Citrix/VPN/RDP servers. In addition, he regularly trades in stolen data from compromised computers of his victims.
It turned out that in the process of infecting other people’s devices with a ransomware virus, La_Citrix accidentally infected his own computer as well. As a result, the hacker sold his own data without even noticing it.
Hudson Rock experts unexpectedly revealed La_Citrix data during the analysis of information from other people whose computers also suffered from ransomware viruses. The find spurred the researchers’ curiosity, so they carefully studied the cybercriminal’s computer.
Although it is rarely talked about, hackers quite often become victims of their own viruses. For example, there are more than 7,000 compromised users of a major hacker forum in the Hudson Rock database. RaidForumsmany of which were real attackers (or are to this day).
Looking at data from the La_Citrix computer, they were surprised to see that their systems identified this user as an employee of nearly 300 different companies. However, after reading the found credentials, they understood the reason.
As it turned out, La_Citrix organized all hacker attacks from his personal computer. And the browsers installed on it stored corporate credentials used for hacks.
Curiously, La_Citrix infiltrated companies using credentials found on other ransomware-infected computers, expanding its base with each new attack.
After thoroughly digging into the browser data from the hacker’s computer, experts found auto-complete fields, which revealed the hacker’s real name, his home address, phone number, and other evidence. The researchers said that they would transfer (if not already transferred, of course) data about the attacker to law enforcement agencies.
This story clearly demonstrates that even experienced hackers are not immune from mistakes and can themselves become a victim of their own viruses. Ironically, La_Citrix fell for the same tricks he used to hack other people and their computers. Who knows, maybe if he had not been doing his dark activities from a personal computer, he would still remain anonymous, even taking into account such a major mistake.