Ottawa’s Matthew Philbert pleaded guilty to fraud, unauthorized use of a computer, possess/traffic in computer password and mischief to computer data.
It’s not every day that fraud victims get their money back.
But Canada’s most prolific hacker, who launched ransomware attacks from his Ottawa home that left some targets in financial ruin, will be making full restitution.
Article content
Matthew Philbert, 33, pleaded guilty to years of cyber attacks and was recently sentenced to two years in jail. The court has set a date later this year to sort out potential restitution, but this newspaper has learned that he will pay back every cent. It’s around $49,200 in all.
THIS CONTENT IS RESERVED FOR SUBSCRIBERS ONLY
Subscribe now to read the latest news in your city and across Canada.
- Exclusive articles from Elizabeth Payne, David Pugliese, Andrew Duffy, Bruce Deachman and others. Plus, food reviews and event listings in the weekly newsletter, Ottawa, Out of Office.
- Unlimited online access to Ottawa Citizen and 15 news sites with one account.
- Ottawa Citizen ePaper, an electronic replica of the print edition to view on any device, share and comment on.
- Daily puzzles, including the New York Times Crossword.
- Support local journalism.
SUBSCRIBE TO UNLOCK MORE ARTICLES
Subscribe now to read the latest news in your city and across Canada.
- Exclusive articles from Elizabeth Payne, David Pugliese, Andrew Duffy, Bruce Deachman and others. Plus, food reviews and event listings in the weekly newsletter, Ottawa, Out of Office.
- Unlimited online access to Ottawa Citizen and 15 news sites with one account.
- Ottawa Citizen ePaper, an electronic replica of the print edition to view on any device, share and comment on.
- Daily puzzles, including the New York Times Crossword.
- Support local journalism.
REGISTER / SIGN IN TO UNLOCK MORE ARTICLES
Create an account or sign in to continue with your reading experience.
- Access articles from across Canada with one account.
- Share your thoughts and join the conversation in the comments.
- Enjoy additional articles per month.
- Get email updates from your favourite authors.
Article content
The bit coin seized at Philbert’s residence is worth, as of today’s value, around $34,000, and his lawyer, Michael Johnston, has around $16,000 in trust.
So the fraud victims will be fully restituted, and the details will be ironed out in court.
Philbert targeted the computers of more than 1,000 people, businesses and organizations, including three police departments.
In his exhaustive campaign, Philbert used a remote-access malware program that gave the intruder full control over target computers.
Philbert used anonymous email addresses and connections to remote servers to mask his identity in exhaustive phishing schemes.
The emails were sent under the false pretext of securing employment and the attached fake résumé contained malware.
Once a victim opened the attachment, the embedded malware allowed Philbert access and full control over the target computer. Philbert would then collect banking log-ins and send email transfers from the victim’s account without their knowledge, according to an agreed statement of facts filed in court.
The successful Ontario Provincial Police investigation also revealed Philbert’s bitcoin wallet received payment for four different ransomware attacks. In each of these cases, the target computer was rendered unusable until the victim paid a ransom in cryptocurrency.
Article content
On the day police arrested Philbert at home — Nov. 30, 2021 — they searched the place and seized his cryptocurrency. In all, police seized 0.61943121 BTC (equivalent to around $46,000 at the time) and transferred it to an OPP cryptocurrency wallet.
The OPP investigation also established that Philbert gave virtual access to the stolen log-in credentials and passwords to unidentified third parties.
“Once this information is disseminated to unidentified third parties, the opportunities to further disseminate this information are limitless,” according to his admission of facts in court.
The OPP case identified 1,113 total victims. Once they unwittingly clicked on the malware bait, Philbert could intercept, view and control their computers, right down to turning on the web cameras, collecting passwords and, really, anything else he wantedy. He took screenshots of a live camera view, a virtual meeting in progress and an email account, all without anyone knowing, according to the admitted facts.
Most of the victims whose computers were compromised did not lose money.
Article content
He was bold enough to target the computers of not one, but three police departments: Nishnawbe Aski Police in Thunder Bay and the City of Kawartha Lakes Police Department in Ontario and the West Vancouver Police Department.
And Philbert was cold enough to target the computer system of Ronald McDonald House in Halifax. Employees there, like the police departments, would not have known their computers were compromised and did not lose any money.
The OPP case against Philbert began in January 2020 after the FBI shared the fruits of its investigation into his cyber attack on a computer server owned by the State of Alaska.
OPP detectives got busy and secured judicial authorization for a handful of warrants for tracking, covert entry and later the search.
Philbert pleaded guilty to fraud, unauthorized use of a computer, possess/traffic in computer password and mischief to computer data.
Our website is your destination for up-to-the-minute news, so make sure to bookmark our homepage and sign up for our newsletters so we can keep you informed.
Article content