Sebastien Raoult of ShinyHunters was ordered to pay $5,000,000. The U.S. District Court in Seattle sentenced Raoult to three years in prison.
Raoult had previously admitted guilt in September 2023 to conspiring to commit wire fraud and aggravated identity theft, for which he could have received a maximum sentence of 27 years in prison.
Known online as “Sezyo Kaizen,” Raoult, a 22-year-old Frenchman, was a member of the hacker collective ShinyHunters. After being detained in Morocco in 2022, he was extradited to the United States in January 2023.
Between April 2020 and July 2021, Raoult and his co-conspirators caused financial damages exceeding $6 million, resulting from the theft of the personal information of millions of people and their sale on the dark web.
By creating phishing pages that looked just like the employer login portals, Raoult was able to trick victims into providing sensitive information such as account credentials.
After gaining access to company systems using the credentials they had stolen, ShinyHunters members proceeded to pilfer any and all data from the corporate network, cloud instances, and even systems belonging to outside service providers.
“The lengths to which Mr. Raoult and his co-conspirators went to steal personal and financial information are remarkably devious, and he played a substantial part in the scheme by creating code and phishing websites,” said Richard A. Collodi, an FBI agent.
ShinyHunters stole data from more than 60 organizations using this corporate access, including millions of people’s financial information and personally identifiable information.
Then, if the targeted company didn’t pay them a ransom, the hackers threatened to sell or leak that data on websites like EmpireMarket, RaidForums, and Exploit.
In many instances, the hackers carried out their threats by disclosing customer information to the public, harming the companies’ reputations and finances.
“For over two years, Mr. Raoult participated in extensive computer hacking that caused millions of dollars in losses to victim companies and unmeasurable additional losses to hundreds of millions of individuals whose data was sold to other criminals,” according to Criminal Chief Sarah Vogel.
“Mr. Raoult’s motive was pure greed. He offered data that had been compromised. He pilfered cryptocurrency from people. He even made money by selling his hacking tools to other hackers so they could target more people.
Raoult promised not to hack again after expressing regret for his previous actions.
“I acknowledge my mistakes and wish to move past them. No more exploiting vulnerabilities. Raoult declared during his sentencing, “I don’t want to let my family down again.”
After serving time in jails in Morocco and the United States, Raoult’s three-year sentence will be reduced, allowing him to be released on supervised release in approximately ten months.
The Head of the ShinyHunters group receives three years
A major player in the ShinyHunters cybercrime group faces three years in prison and having to return $5 million in illicit gains.
The 22-year-old Sebastien Raoult was in charge of creating websites for ShinyHunters that imitated authentic login pages from well-known companies. The organisation would send workers phishing emails that would take them to Raoult’s fictitious websites, where the victims’ login credentials would be harvested.
After breaching victims’ accounts, the group would sell the sensitive, private, and financial information they had taken on different dark web markets and forums dedicated to cybercrime. ShinyHunters occasionally threatened to release the stolen data’s owner in exchange for a ransom payment, threatening to use the stolen data itself.
The stolen material would be examined for more login credentials that would allow access to more information stored on business networks and external services like cloud storage providers.
The US Attorney’s Office for the Western District of Washington claims that the French national was employed by ShinyHunters for more than two years. Estimates suggest that the group made over $6 million during this time due to the high volume of sales.
“For over two years, Mr. Raoult participated in extensive computer hacking that caused millions of dollars in losses to victim companies and unmeasurable additional losses to hundreds of millions of individuals whose data was sold to other criminals,” stated Sarah Vogel of the Western District of Washington.
“Mr. Raoult’s motivation was greed. He offered data that had been compromised. He pilfered cryptocurrency from people. Even as other hackers targeted more victims, he made money by selling his hacking tools.”
The gang is believed to have gained access to more than 60 businesses. ShinyHunters has claimed credit for a number of high-profile incidents, including those involving Microsoft and AT&T Wireless, even though they haven’t received official recognition for the attacks.
“The lengths to which Mr. Raoult and his co-conspirators went to steal personal and financial information are remarkably devious, and he played a substantial part in the scheme by creating code and phishing websites,” said Richard A Collodi, special agent in charge of the FBI’s Seattle field office.
“Thanks to the diligent work of federal and international law enforcement, Mr Raoult will be held accountable for his cybercrimes, which caused millions of dollars of harm to companies and customers.”
Raoult said in court that he was aware of the seriousness of his offenses and that he intended to stop cybercrime because he didn’t want to let his family down anymore.
Raoult’s family has been asked to keep an eye on him when he returns to France to make sure he doesn’t turn back to criminality, but US District Judge Robert S. Lasnik stated that he thought the seriousness of his sentence had “gotten through to [him]”.
After being detained in Morocco earlier in the year, Raoult was extradited to the United States in late December of 2022. The US eventually agreed to extradition with Morocco after France refused to send him back.
According to court documents, Raoult’s three-year sentence is divided into 12 months for the conspiracy to commit wire fraud charge and 24 months for the aggravated identity theft charge. Raoult will also receive credit for the time he spent incarcerated in Morocco.
After serving his sentence, he will be released from custody under supervision for an additional 36 months.
Although they have not yet been sentenced, Gabriel Kimiaie-Asadi Bildstein, 23, of Tarbes, France, and Abdel-Hakim El Ahmadi, 23, of Lyon, France, were also named on the initial indictment.