The Ontario Provincial Police (OPP) has arrested and charged an Ottawa resident with multiple cyber-crimes following a 23-month investigation. Officials say the threat actor is the most prolific criminal of his kind identified in Canada.
Matthew Philbert had been on the Europol and FBI’s watchlist for years before Canadian authorities finally detained and charged the 31-year-old with multiple cyber crimes.
A news release issued by the OPP this week reveals that:
“In January 2020, the OPP was contacted by the Federal Bureau of Investigation (FBI) regarding ransomware attacks that were based in Canada. The OPP Cyber Operations Section, under the direction of the OPP Criminal Investigation Branch, commenced a separate but parallel investigation with assistance provided by the Royal Canadian Mounted Police’s National Cybercrime Coordination Unit (NC3) and Europol. During the course of this investigation, OPP investigators determined an individual was responsible for numerous ransomware attacks affecting businesses, government agencies and private individuals throughout Canada as well as cyber-related offenses in the United States.”
Philbert is charged with “possession of device to obtain unauthorized use of a computer system or to commit mischief,” fraud and unauthorized use of computer.
Evidence seized during his arrest included “desktop and laptop computers, a tablet, several hard drives, cellphones, a Bitcoin seed phrase and a quantity of blank cards with magnetic stripes,” according to the OPP.
Cybersecurity journo Brian Krebs did some digging to fill in blanks left out by the US indictment of Philbert.
In an interview with KrebsOnSecurity, OPP Detective Inspector Matt Watson said “Philbert is the most prolific cybercriminal we’ve identified to date in Canada,” adding that the department linked him to more than 1,000 cybercrime victims, including many who faced bankruptcy because of his cyber endeavors during the tough times wrought by the ongoing pandemic.
Philbert had a long history of allegedly using the dark web to conduct cybercrime. His actions allegedly go back to the 2000s when primitive forms of ransomware would lock computer screens with scareware – by displaying a webpage spoofing the FBI or Justice Department and warning that victims had been caught accessing child sexual abuse material.
Since the indictment charges Philbert with conspiracy, the FBI and Europol could well be on track to bust more of his associates soon.