Cyber crime ringleader sentenced to five years in prison A lead figure in what's considered to be the largest cyber crime

bust in history was sentenced on Tuesday to more than five years in prison. Nichole Michelle Merzi, 26, of Oceanside, Calif., played an integral part in what authorities code-named Operation Phish Phry, an international phishing ring that looted more than $1 million. Merzi, who has been in custody since she was convicted last year of bank and wire fraud conspiracy, aggravated identity theft, computer fraud conspiracy and money laundering, was found guilty of all charges by a district judge, according to a statement released by the Federal Bureau of Investigation (FBI). The operation was a multinational probe that ended in an indictment in the fall of 2009, leading to charges filed against 100 hackers living in the United States and Egypt on counts of computer fraud, conspiracy to commit bank fraud, money laundering and aggravated identity theft. The two figures at the helm of the operation were Merzi and her then-boyfriend, Kenneth Lucas II, who was sentenced in June of 2011 to 11 years in prison after pleading guilty to 49 counts of bank and wire fraud, aggravated identity theft, computer fraud and money laundering conspiracy. The ringleaders teamed up with cyber criminals in Egypt who hijacked the bank account information from Wells Fargo and Bank of America customers through common phishing techniques. According to the FBI, victims of the scheme would receive emails appearing to be from their banks, and were then redirected to websites that posed as official banking institutions asking for their credentials. Once the swindlers stole the information, Lucas and Merzi would enlist the help of money mules who would set up bank accounts to receive, store and transfer money overseas and into accounts in Southern California, said the statement. The investigation was a joint effort led by the FBI, with support from the Social Security Administration's Office of Special Investigations, as well as the Electronic Task Force in Los Angeles.

Data theft: Hacktivists 'steal more than criminals' Hacktivists are proving hard to combat, suggests a study of data breaches Hacktivists stole more data from large corporations than cybercriminals in 2011, according to a study of significant security incidents. The annual analysis of data breaches by Verizon uncovered a huge rise in politically motivated attacks. Verizon found that 58% of all the data stolen during breaches in 2011 was purloined by these groups. Hacktivists were hard to defend against, it said, as their attack strategies were much harder to predict.

The Verizon report catalogued 855 incidents around the world in which 174 million records were stolen.

Data defences "Hacktivism has been around for a some time but it's mainly been website defacements," said Wade Baker, director of research and intelligence at Verizon. "In 2011 it was more about going to steal a bunch of information from a company." The hacktivist attacks were spearheaded by the Anonymous hacker group and its tech-savvy offshoots Antisec and Lulzsec. These activists scored a significant number of successes by knocking out websites and stealing large amounts of data from private companies and government agencies. "Data theft became a mechanism for political protest," said Mr Baker. He added that it was hard to develop specific defences against these attacks because they used tactics and techniques crafted for each occasion. He said the attacks by hacktivists were not very common but often netted huge amounts of data when they did penetrate defences. In contrast to that stolen by hacktivists, about 35% of data pilfered from large companies was taken by organised criminal groups which wanted to sell it or use it to commit another crime. Mr Baker said cybercriminals continued to be a huge threat to large companies, and constantly battered their internet defences looking for weaknesses. These attacks, he said, tended to be opportunistic and capitalised on any loopholes and vulnerabilities they found. While few firms were going out of business or suffering lasting damage because of a data breach, he said, companies still had work to do to ensure they knew they were safe. "The ability to detect a breach is quite poor across the board," said Mr Baker.