It’s not every day that fraud victims get their money back.
But Canada’s most prolific hacker, who launched ransomware attacks from his Ottawa home that left some targets in financial ruin, will be making full restitution.
Matthew Philbert, 33, pleaded guilty to years of cyber attacks and was recently sentenced to two years in jail. The court has set a date later this year to sort out potential restitution, but this newspaper has learned that he will pay back every cent. It’s around $49,200 in all.
The bit coin seized at Philbert’s residence is worth, as of today’s value, around $34,000, and his lawyer, Michael Johnston, has around $16,000 in trust.
So the fraud victims will be fully restituted, and the details will be ironed out in court.
Philbert targeted the computers of more than 1,000 people, businesses and organizations, including three police departments.
In his exhaustive campaign, Philbert used a remote-access malware program that gave the intruder full control over target computers.
Philbert used anonymous email addresses and connections to remote servers to mask his identity in exhaustive phishing schemes.
The emails were sent under the false pretext of securing employment and the attached fake résumé contained malware.
Once a victim opened the attachment, the embedded malware allowed Philbert access and full control over the target computer. Philbert would then collect banking log-ins and send email transfers from the victim’s account without their knowledge, according to an agreed statement of facts filed in court.
The successful Ontario Provincial Police investigation also revealed Philbert’s bitcoin wallet received payment for four different ransomware attacks. In each of these cases, the target computer was rendered unusable until the victim paid a ransom in cryptocurrency.
On the day police arrested Philbert at home — Nov. 30, 2021 — they searched the place and seized his cryptocurrency. In all, police seized 0.61943121 BTC (equivalent to around $46,000 at the time) and transferred it to an OPP cryptocurrency wallet.
The OPP investigation also established that Philbert gave virtual access to the stolen log-in credentials and passwords to unidentified third parties.
“Once this information is disseminated to unidentified third parties, the opportunities to further disseminate this information are limitless,” according to his admission of facts in court.
The OPP case identified 1,113 total victims. Once they unwittingly clicked on the malware bait, Philbert could intercept, view and control their computers, right down to turning on the web cameras, collecting passwords and, really, anything else he wantedy. He took screenshots of a live camera view, a virtual meeting in progress and an email account, all without anyone knowing, according to the admitted facts.
Most of the victims whose computers were compromised did not lose money.
He was bold enough to target the computers of not one, but three police departments: Nishnawbe Aski Police in Thunder Bay and the City of Kawartha Lakes Police Department in Ontario and the West Vancouver Police Department.
And Philbert was cold enough to target the computer system of Ronald McDonald House in Halifax. Employees there, like the police departments, would not have known their computers were compromised and did not lose any money.
The OPP case against Philbert began in January 2020 after the FBI shared the fruits of its investigation into his cyber attack on a computer server owned by the State of Alaska.
OPP detectives got busy and secured judicial authorization for a handful of warrants for tracking, covert entry and later the search.
Philbert pleaded guilty to fraud, unauthorized use of a computer, possess/traffic in computer password and mischief to computer data.