Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts

A Brazilian citizen has been charged in the United States for allegedly threatening to release data stolen by hacking into a company’s network in March 2020.

Junior Barros De Oliveira, 29, of Curitiba, Brazil has been charged with four counts of extortionate threats involving information obtained from protected computers and four counts of threatening communications, the U.S. Department of Justice (DoJ) said in an unsealed indictment earlier this week.

The said victim, a Brazilian subsidiary of a New Jersey-based company, had its computers breached by the defendant, who then exploited the access to steal confidential customer information from about 300,000 customers on at least three occasions.

✔ Approved From Our Partners

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code

De Oliveira is alleged to have subsequently sent the chief executive officer (CEO) of the company an email message in September 2020 using an alias, demanding a payment of 300 bitcoin (valued at about $3.2 million at the time) in return for not selling the data.

A month later, the defendant forwarded the aforementioned message to both the CEO and an executive working in the Brazilian subsidiary.

In one of the follow-up messages sent to a representative of the company, De Oliveira said he “very interested in helping you guys solve this security flaw” but said it will incur a consulting fee of 75 bitcoin (about $800,000 at the time). The defendant also provided instructions on how to make the payment to a Bitcoin wallet.

Each of the four counts of extortionate threats carries a maximum prison term of 5 years, and a maximum fine of $250,000 or twice the value of any gain or loss, whichever is greater.

Likewise, each of the four counts of threatening communications carries a maximum prison term of 2 years, and a maximum fine of $250,000 or twice the value of any gain or loss, whichever is greater.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.