Cybercrime suspects and offenders across three continents have been rounded up this week, with cases spanning hacked IP cameras in South Korea, evil twin Wi-Fi traps in Australia, and a dark web drug empire in rural England.

The National Police Agency of South Korea said on Sunday that four individuals, thought to be working entirely independently, collectively compromised more than 120,000 internet protocol cameras.

Police said that the goal of at least two of the suspects was to take the footage from intimate locations, such as gynecology offices, and create sexually exploitative videos to sell online.

South Korean news outlet Yonhap reported that of the four suspects in question, none of whom were named, two worked typical office jobs while the others were described as either unemployed or self-employed.

The vast majority of the suspected IP camera intrusions were believed to be carried out by just two of the four, who each allegedly compromised approximately 63,000 and 70,000 devices.

They sold their videos on a website officials only referred to as “Site C” for ₩35 million ($23,800) and ₩18 million ($12,200) respectively.

The other two accounted for just 15,000 and 136 camera break-ins respectively.

Police have not yet issued charges for any of the four suspects, but they are still being questioned, as are three people who were arrested on suspicion of purchasing the exploitative videos.

“IP camera crimes are serious crimes that cause enormous pain to victims, so we will definitely eradicate them through active investigation,” said Park Woo-hyun, cyber ​​investigation director at the National Police Agency.

According to the police’s announcement, the suspects largely relied on breaking into cameras with weak or easily locatable factory passwords. Officers visited 58 locations where cameras were compromised to inform the owners and advise on password security.

Evil twin Wi-Fi clone

Over in Australia, a 44-year-old will serve a minimum of five years in prison after operating copycat Wi-Fi networks during domestic flights and at Australian airports.

The man, who was not named by the Australian Federal Police (AFP), was sentenced to seven years and four months in prison on Friday, after being found guilty of using a Wi-Fi Pineapple device to spoof legitimate networks.

Police said unsuspecting users would enter their credentials into what they thought was a legitimate public Wi-Fi access point, but were instead feeding a fraudulent website created by the offender.

The lewd campaign saw the man using the credentials to access women’s online accounts and steal “intimate material.” AFP Commander Renee Colley said some of the victims were teenage girls, the impact on whom could be “devastating and lifelong.”

AFP arrests man, 44, over Wi-Fi cloning and account hacks

A search warrant was issued on April 19, 2024, after the AFP searched the man’s hand luggage as he passed through Perth Airport, an incident that saw officers seize his devices.

The day after, digital forensics showed that he had attempted to delete 1,752 items from a storage application and wipe his phone.

Days later, he also abused “his IT privileges” and used “a computer software tool” to access his employer’s laptop. He used that access to gather information about the communications between his employer and the police after the investigation into him opened.

“A network that requests your personal details – such as an email or social media account – should be avoided,” said AFP Commander Renee Colley. “If you do want to use public Wi-Fi, ensure your devices are equipped with a reputable virtual private network to encrypt and secure your data. Disable file sharing, don’t use things like online banking while connected to public Wi-Fi and, once you disconnect, change your device settings to ‘forget network.'”

“People should also switch off the Wi-Fi on their devices to prevent them from automatically connecting to a hotspot in public spaces,” she said.

Back-country dark web drug bust

Steven Parker, 52, was jailed for six and a half years last week for operating a dark web drug empire from his English countryside home.

The man, formerly of Attleborough, Norfolk, was arrested at his home in June 2022 after local police intercepted a shipment of MDMA pills from Germany.

Officers perused his devices and found evidence linking him to DNMSoldiersNDD, a moniker he used to peddle amphetamines, cannabis, diazepam, ecstasy, heroin, and Xanax online.

Officials said that Parker had been selling illicit goods for “several years.” 

Images supplied by police in the sentencing announcement showed screenshots of Parker’s operation on Darkode, a dark web cybercrime marketplace that law enforcement shut down in 2015.

Police discovered that he was the sole operator and manager of the drug-dealing operation, although his then-partner Louise Daniels, 45, helped with “logistics.” 

Daniels was convicted of money laundering and handed a 12-month community order, 100 hours of unpaid work, and 15 days of rehabilitation activity.

Detective inspector Colin Troll, from the Eastern Region Special Operations Unit (ERSOU), said: “This case demonstrates our commitment to tackling organized crime in all its forms, including those operating in hidden online spaces.

“ERSOU’s specialist investigators work tirelessly alongside colleagues in police forces across the eastern region to tackle cybercriminality. By dismantling this operation, we have disrupted the supply of harmful substances and brought those responsible to justice.” ®