STA, 1 October 2019 - German federal police have arrested Matjaž Škorjanc, a Slovenian coder wanted by the US on charges of cybercrime, the newspaper Slovenske Novice reported on Tuesday. His father has confirmed the arrest.
Škorjanc is charged with involvement in a criminal racket that hacked into computers to steal credit card numbers and other data between 2008 and 2013, causing US$4.5 million in damage to the victims.
At the beginning of September, a US federal court in Washington unsealed an indictment against Škorjanc, another Slovenian, an American and a Spaniard for racketeering and conspiracy to commit wire fraud and bank fraud through Darkode, a major computer hacking forum, which was closed down in 2015.
Matjaž Škorjanc. YouTube screenshot
Apart from Škorjanc, charges were filed against Mentor Leniqi, Spaniard Florencio Carro Ruiz and US citizen Thomas McCormick.
McCormick was allegedly the last administrator of Darkode, which was created and initially administrated by Škorjanc. If found guilty, each of those indicted face up to 50 years in prison.
Martin Škorjanc, CEO of H-Bit, has confirmed that his son was arrested in Germany last week based on the indictment and the relevant international arrest warrant.
"There is no legal basis for the prosecution because Matjaž Škorjanc has already been convicted for the same crime and has already served his sentence in full in Slovenia," the father said in a press release.
"This is an unacceptable attempt for a repeat trial in the same case, something that is prohibited under Slovenian, European as well as US law," he added.
The US law enforcement authorities asked for Škorjanc's extradition from Slovenia as early as 2011.
Škorjanc was sentenced to four years and ten months in prison in late 2013 for creating the Mariposa botnet software, malware that had hijacked about 12.7 million computers around the world. He has already served out his sentence.
Related: Learn Slovene with Hackers
STA, 7 August 2019 - Slovenia's largest pharmacy chain, Lekarna Ljubljana, was the target of a ransomware attack on Monday, which temporarily incapacitated its information system and forced the chain to close for business.
After being closed throughout Tuesday due to the problem, the pharmacies reopened on Wednesday but they have so far been able to issue prescription drugs based on paper prescriptions only.
The city-owned chain said that the information system would be restored shortly, so the units are expected to be able to start issuing prescription medications normally later today both for those prescribed on paper and in electronic form.
No further details are available at this point, but Lekarna Ljubljana said that the incident had been reported to the law enforcement authorities.
The Ljubljana Police Department confirmed receiving notification about the system breach from Lekarna Ljubljana, saying they were still making enquiries.
According to information from the Health Ministry, the attack affected the pharmacy chain's local information system, which is not connected to the national e-Health system.
Tadej Hren from the national cybersecurity centre SI-CERT said that the investigation would pinpoint where exactly the breach occurred and what kind of data the hackers had been able to access.
Ransom crypto viruses encrypt all user data files they are able to access. This type of attacks have been common in Slovenia since 2012.
Hren said that in all the cases they dealt with the victims had been picked randomly as part of a wider hacking campaign. The ransom for a decryption key in such cases ranges from EUR 1,000 to EUR 2,000.
In the past year SI-CERT has also been detecting more sophisticated attacks on large companies or institutions, which involve spy viruses which detect the scope of the damage that can be caused before a cryptovirus encrypts everything the hackers can access.
Information available to SI-CERT indicates the attack on Lekarna Ljubljana was likely a more sophisticated one because it is not believed to have been part of a larger campaign.
Lekarna Ljubljana operates more than 50 pharmacies in the capital Ljubljana and other towns, including Grosuplje, Ivančna Gorica, Idrija, Logatec, Vrhnika, Borovnica and Velike Lašče.
Prescription drugs have been issued normally at 14 private pharmacies with concession operating in Ljubljana.
All our stories on hacking Slovenia are here
STA, 23 July 2019 - The Constitutional Court has ordered an injunction against a legislative provision that allows law enforcement authorities to use IMSI catchers, devices that mimic mobile phone towers to intercept mobile traffic.
The court suspended the provision, passed in the amendments to the criminal procedure act in March, pending its final decision on a petition brought by the opposition Democratic Party (SDS) and the Left.
The parties are challenging several contentious provisions on the grounds of invasion of privacy, including Article 150.a of the criminal procedure act, which creates the legal basis for IMSI catchers.
The parties did not propose staying this particular provision, but the court did impose an injunction, arguing that its enforcement could cause damaging consequences that would be hard to repair.
The court holds that the use of IMSI catchers may provide the basis for further invasive encroachment on human rights by the state; among other things, it allows covert investigative measures.
"The measure allows distinctly targeted gathering and processing of many sets of personal data of a broad group of individuals," the court said.
The court is treating the case as an absolute priority. Other provisions challenged by the two parties have not been stayed.
The injunction was welcomed by both parties, while the Interior Ministry regretted it, saying that the use of IMSI catchers would make police work more effective and successful.
The ministry underscored that "IMSI catchers are being used successfully and effectively in several EU countries, helping them in the combat against the worst forms organised and other crime".
The Left's MP Matej T. Vatovec described the injunction as "the first good signal ... that the government's aspiration to establish a police state is excessive".
Digital technology makes it possible to invade privacy as never before, and the contentious amendments create more scope for unconstitutional spying on people, SDS MP Dejan Kaloh commented.
The SDS had expected the court to stay several other contentious provisions, but the court said this could create hard to reverse consequences if the provisions turned out not to be unconstitutional.
"This obviously does not mean that the Constitutional Court's final ruling will be in the government's favour", Kaloh said in a press release.
The two parties are challenging a number of new provisions which deal with covert investigative measures and data collection and surveillance in traffic, arguing grave and disproportional invasion of privacy.
The challenged articles include one that makes it possible to conduct a house search without the person being investigated being present.
The petitioners argue that the possibility of invasion of privacy should be limited to most urgent cases and that proper safeguards should be put in place to prevent abuse.
However, the Justice Ministry repeated in its response today that it did follow the principle of proportionality in drawing up the solutions.
The ministry also welcomed the court's decision to treat the matter as an absolute priority.
The Constitutional Court has recently also annulled a provision in the police powers act that sanctions the use systems for automatic licence plate recognition.
STA, 9 June 2019 - A US federal court in Washington, DC, has unsealed an indictment charging an America, a Spaniard and two Slovenians with racketeering and conspiracy to commit wire fraud and bank fraud through Darkode, a major computer hacking forum. Each of them could be sentenced to 50 years in prison.
The two suspects from Slovenia are Matjaž Škorjanc, 32, and Mentor Leniqi, a 35-year old Serbian citizen, who are together with the Spanish citizen still fugitives.
The US authorities issued arrest warrants for them, while US citizen Thomas McCormick, 26, was arrested last December, a few days after the sealed indictments were filed, according to a US Attorney Office release.
McCormick is said to be the last administrator of Darkode, which is said to have been created by Škorjanc, its first administrator.
Darkode was an online, password-protected forum where international hackers and other cyber criminals convened to develop, buy, sell, trade and share hacking tools.
It was closed in 2015 in a major international sting termed Shrouded Horizon, which was carried out in 19 countries.
Related: Former CEO Pulls Out of NiceHash
The investigation was conducted by the FBI's Washington Field Office with assistance from Europol and their European Cyber Crime Center.
The four suspects are accused of gaining access to bank accounts and credit cards to commit identity theft, whereby causing a damage of US$4.5 million, in 2008-2013.
Škorjanc is also accused of creating malware Butterfly or the Mariposa botnet, and selling it on Darkode.
Škorjanc has a criminal record in Slovenia. In December 2013 he was sentenced to four years and ten months in prison as the Mariposa botnet mastermind.
Leniqi, one of his co-defendants, pleaded guilty in a pre-trial hearing in 2012, striking a deal with the prosecution to get a year and three months in jail.
Coming out of prison, Škorjanc set up bitcoin-mining marketplace NiceHash, which was hacked in 2017, with some 4,700 bitcoins, at the time worth EUR 56 million, stolen.
Related: Learn Slovene with Hackers