Pierluigi Paganini January 10, 2024

A U.S. District Court sentenced ShinyHunters hacker Sebastien Raoult to three years in prison and ordered him to pay more than $5 million in restitution.

The member of the ShinyHunters hacker group Sebastien Raoult was sentenced in U.S. District Court in Seattle to three years in prison and more than $5 million in restitution for conspiracy to commit wire fraud and aggravated identity theft.

Sebastien Raoult (also known as “Seyzo Kaizen”), is a French national that has been extradited from Morocco to the United States in January 2023.

Raoult and two other co-conspirators were charged with having hacked into protected computers of corporate entities and for the theft of stolen proprietary information.

According to the indictment, Raoult was a participant in the notorious hacking group “ShinyHunters.”

The conspirators hacked into the protected computers of corporate entities and stole proprietary and corporate information.  The group advertised stolen data for sale and sometimes threatened to leak or sell stolen sensitive files if the victim did not pay a ransom.

ShinyHunters leaked the stolen data on multiple dark web forums, including RaidForums, EmpireMarket, and Exploit. According to DoJ, ShinyHunters posted sales of hacked data from more than 60 companies between April 2020 and July 2021.

“For over two years, Mr. Raoult participated in extensive computer hacking that caused millions of dollars in losses to victim companies and unmeasurable additional losses to hundreds of millions of individuals whose data was sold to other criminals,” said Criminal Chief Sarah Vogel of the Western District of Washington. “Mr. Raoult’s motive was pure greed. He sold hacked data. He stole people’s cryptocurrency. He even sold his hacking tools so that he could profit while other hackers attacked additional victims.” 

Raoult and his co-conspirators created websites mimicking the login pages of legitimate businesses. Then they sent phishing emails to company employees that were designed to look like they came from legitimate businesses and included links to the fake login pages.

Once obtained the victims’ credentials, the hacker group used them to breach victims’ accounts, steal the data stored there, and search the stolen data for credentials to access additional data on companies’ networks and third-party service providers, such as cloud storage services. 

I pubblici ministeri ritengono che i cospiratori abbiano rubato centinaia di milioni di dati dei clienti e causato perdite alle aziende vittime che si stima superino i 6 milioni di dollari.

Sebastian Raoult told the court that he understood his mistakes and admitted that he regretted it.

“I understand my mistakes and I want to put that part behind me.  No more hacking.  I don’t want to disappoint my family again.” said Raoult.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ShinyHunters)