A 22-year-old French citizen, Sebastian Raoult, has been sentenced to three years in prison and ordered to pay over $5 million in restitution for his role in a sprawling cybercrime ring that hacked and exploited the data of millions across the globe.
Raoult, also known online as “Sezyo Kaizen,” was apprehended in Morocco in 2022 and extradited to the United States to face justice for his multi-layered scheme.
U.S. Attorney Sarah Vogel emphasized the gravity of Raoult’s actions, stating that he “robbed people of millions of dollars.”
This wasn’t just a technical exploit but a calculated act of financial plunder.
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.
Beyond Stolen Data, Stolen Lives:
Vogel further highlighted the broader impact, noting the “unmeasurable additional losses to hundreds of millions of individuals whose data was sold to other criminals.”
Raoult’s actions put countless people at risk of identity theft, financial fraud, and other forms of harm.
Raoult and his co-conspirators targeted businesses worldwide, including companies in Washington State.
They infiltrated protected computer systems, pilfering confidential information and customer records.
This stolen data was sold on notorious dark web forums, enriching the perpetrators while jeopardizing millions.
ShinyHunters: A Digital Bazaar of Stolen Identities The conspirators operated under the alias “ShinyHunters,” flaunting their ill-gotten gains by advertising the sheer volume of stolen records. This practice not only facilitated widespread identity theft but also fueled a thriving black market for personal data.
Raoult’s malicious ingenuity extended beyond brute-force attacks.
He designed websites mimicking legitimate login pages and sent phishing emails to company employees, tricking them into divulging their credentials.
This insidious approach granted the conspirators access to even more sensitive data and widened the scope of their criminal enterprise.
The total number of stolen customer records is estimated to be in the hundreds of millions, with financial losses exceeding $6 million.
Raoult’s actions caused significant economic damage to victim companies and fostered a climate of fear and uncertainty for countless individuals whose personal information was compromised.
Highlighting the human cost of Raoult’s actions, Hinman wrote to the court, “Stealing and selling customer records put these hundreds of millions of individual customers at risk of identity theft and financial loss.” Raoult’s greed enriched himself and exposed millions to potential harm.
Raoult told the court, “No more hacking,” to show that he felt bad about what he did and wanted to move on. I don’t want to disappoint my family again.”
Judge Lasnik acknowledged his remorse but cautioned Raoult’s family and friends to remain vigilant upon his return to France.
The FBI Seattle Cyber Task Force spearheaded the investigation, while Assistant U.S. Attorney Miriam R. Hinman led the prosecution.
The Department of Justice’s Office of International Affairs and Moroccan and French authorities provided crucial assistance in bringing Raoult to justice.
Looking for cost-effective penetration testing services? Try Kelltron’s to assess and evaluate the security posture of digital systems – Free Demo