[DataBreaches] SCOOP: Australian national known as “DR32” to stand trial in U.S. on hacking charges

Australia has ordered an Australian national, David Kee Crees, extradited to the U.S., where he faces 22 counts involving hacking, fraud, and aggravated identity theft. Two of Crees’ better-known aliases were “Abdilo” and “DR32.” “Abdilo” DataBreaches started reporting on Crees in 2015 when he was known to this site as “Abdilo.” At the time, he targeted so many educational institutions that this site reported on him about a dozen times. But his hacks of educational institutions were not his only activities; he was also attacking Australian businesses and government agencies. In those days, however, his attacks on government agencies did not cause severe damage as he attacked web applications that contained either public information or information that would be made public. In December 2014, Brian Krebs reported on abdilo in a post about Lizard Squad, the group that spoiled Christmas 2014 for many people by launching a DDoS attack on PlayStation Network and Xbox Live. Discussing abdilo, Krebs wrote, in part: It’s worth noting that the individual who registered LizardStresser is an interesting and angry teenager who appears to hail from Australia and uses the nickname “abdilo.” In the comments under the post, a commenter named abdilo as “David Crees” and mentioned other aliases of his: Notavirus, Surivaton, and Grey Hat Mafia’s Bitch. His Surivaton alias most recently appeared on March 1 of this year on Github for a “RemoteBGPHijack” repository. Although abdilo was a bit of an energizer bunny in his hacking back then and even live-streamed his SQL injection hacks, he was either unconcerned about getting arrested or had poor OpSec. In early 2015, Abdilo had already been raided by the Australian Federal Police, but even that didn’t deter him. What happened after that is not as well publicly documented as his earlier activities. In fact, in 2018, this blogger even tweeted a query as to whether he was still around or active. Abdilo got in touch with DataBreaches, but didn’t say much about what he was involved in or doing at that point. Some open source searches revealed that in 2019, Crees registered a business in Australia that he called SQLI. It was registered at an address in Oaklands Park. In 2021, Crees registered a second business that he called ROOTKIT. It was registered at an address in Collinswood. Court filings by the U.S. allege that these businesses were used for money laundering purposes. Although DataBreaches lost track of abdilo, he was reportedly very busy. In March 2022, the U.S. presented a case to a grand jury in Colorado. They indicted Crees on 22 counts. The case arose from an investigation by the U.S. Department of Homeland Security, Homeland Security Investigations (HSI) and covered a period from approximately June 2020 to July 2021. During that time, DHS/HSI used undercover agents who made deals with Crees and investigated his claims. In all of the incidents described below, Crees was dealing with one undercover agent who claimed he was representing a buyer or potential buyer. A second undercover agent would sent payments to Crees as part of the deals being made. Consistent with U.S. policy in filing indictments and documents that will be made public, the names of the victim entities are not included in the indictment and affidavit in support of the extradition request. Only general descriptions of the entities are provided in the court filings, although Crees will be informed of the actual identity for defense purposes. Note: The bulk of this report is based on the indictment by the grand jury in Colorado and the affidavit in support of the extradition request. These documents are not publicly available in the U.S. at this time and are still under seal here. They were obtained from the Australian court that heard and ruled on the extradition request, with the understanding and agreement that DataBreaches would not reproduce the filings in any publication. Any images included in this article were obtained by DataBreaches via OSINT research and not from any court documents. Typos in quoted statements by DR32 are as in the court filings. Who Is David Crees? Crees is a 24 year-old Australian national who at times, has used his real name on internet forums and platforms. The pictures of Crees in his Twitter header, below, match other photos of him obtained by the U.S. government. Crees was very engaged in biohacking and would post pictures of his hands and arms to show implanted LEDs. The photos he posted of himself were used by law enforcement to help confirm his identification. U.S. law enforcement did not find it terribly challenging to identify DR32 as Crees. In his conversations with the undercover agent, Crees told the agent that he lives in Adelaide, Australia and used to live in Alice. On another occasion, Crees mentioned that he had acquired a famous email address. When the agent received an email from that address, the name on it was “David Crees.” But there was more. Because Crees was so involved in biohacking and posted on a manufacturer’s forum, the government was able to get the manufacturer’s records as to whom and to where they had shipped items Crees had posted about. It didn’t hurt that Crees had actually posted as “Abdilo/David Crees.” The manufacturer’s records show that they had shipped to David Crees at 8 Redmond St Unit 4, Collinswood, South Australia. That is the same address where Crees had registered his “Rootkit” business under his real name (see figure above). In addition to the aliases mentioned above, Crees did have other aliases, some of which were shared. Crees Charged with 22 Counts As an overview of what Crees has been charged with, the following is a summary of the 22 counts he is facing: Counts Description Counts 1-7 Fraud and related activity in connection with computers, and aiding and abetting, in violation of Title 18, United States Code (U.S.C.), Sections 1030(a)(2)(C), 1030(b), 1030(c)(2)(B)(i), and 2, which carries a maximum penalty of five years in prison for each count; Counts 8-14 Fraud […]

https://www.databreaches.net/scoop-australian-national-known-as-dr32-to-stand-trial-in-u-s-on-hacking-charges/

SecOpsNews / news

[DataBreaches] SCOOP: Australian national known as “DR32” to stand trial in U.S. on hacking charges #3333