Close Menu
Cybercrime and Ransomware

Jordanian National Admits Selling FBI-Linked Access to 50 Company Networks

Staff WriterBy No Comments4 Mins Read2 Views

Summary Points

  1. A 40-year-old Jordanian, Feras Khalil Ahmad Albashiti, pleaded guilty to operating as an access broker, selling access to at least 50 company networks by exploiting firewall vulnerabilities in 2023.
  2. Albashiti sold malware capable of disabling endpoint security and escalating internal user privileges, which he demonstrated by using it on an FBI server during the investigation.
  3. He was linked to cybercriminal activities, including intrusions into government systems and a ransomware attack causing over $50 million in damages.
  4. Arrested in July 2024, Albashiti faces up to 10 years in prison and a $250,000 fine, with sentencing scheduled for May.

Underlying Problem

Feras Khalil Ahmad Albashiti, a 40-year-old Jordanian, pleaded guilty to operating as an access broker who sold unauthorized access to over 50 company networks. The Justice Department reported that in 2023, Albashiti exploited vulnerabilities in two commercial firewalls to break into these networks. During the investigation, FBI agents, under deep cover, bought access from him on a cybercrime forum, where he used the alias “r1z.” In the process, Albashiti also sold malware designed to disable endpoint security products from multiple firms, and he demonstrated that the malware was effective by using it on an FBI server—without knowing he was being watched. Investigators linked Albanishti to previous cyber intrusions, including attacks on U.S. government systems and a ransomware attack causing over $50 million in damages. This connection was established by tracing his email from 2018, which he used both to create his cybercrime account and to apply for a U.S. visa. Arrested in July 2024, Albashiti has since pleaded guilty, avoiding formal charges, and is set for sentencing in May, facing up to a decade in prison and a hefty fine. The FBI and Justice Department have reported these details to shed light on his criminal activities and ongoing cyber threats.

Security Implications

This case shows how an employee, even unknowingly, can give access to sensitive company networks—similar risks can happen to your business. If a staff member shares login details or allows unauthorized entry, cybercriminals or spies could infiltrate your systems. Consequently, your data, operations, and reputation could be at severe risk. As a result, you might face financial losses, legal issues, and damage to customer trust. Therefore, implementing strict access controls, monitoring employee activity, and raising cybersecurity awareness are crucial. In short, neglecting these steps makes your business vulnerable to similar breaches that could threaten your entire operation.

Possible Action Plan

The recent incident where a Jordanian national pleaded guilty after unknowingly selling FBI agent access to 50 company networks underscores the critical importance of timely remediation in cybersecurity. Rapid response not only prevents further exploitation but also restores trust and security across affected systems.

Detection and Analysis
Implement continuous monitoring to identify malicious activities swiftly. Conduct thorough forensic investigations to understand the scope of access and identify vulnerabilities.

Access Control Enhancement
Enforce strict access management policies, including multi-factor authentication and principle of least privilege, to limit unnecessary or excessive permissions.

Credential Management
Regularly update and revoke compromised credentials. Use strong, unique passwords and secure storage solutions.

User Education
Train employees on cybersecurity best practices, phishing awareness, and the importance of verifying access requests to prevent social engineering exploits.

Patch and Update
Apply security patches promptly to fix known vulnerabilities, reducing the risk of unauthorized access.

Network Segmentation
Segment networks to contain breaches and prevent lateral movement within systems, limiting the reach of malicious actors.

Incident Response Planning
Develop and routinely update an incident response plan to ensure swift action, clear communication, and coordination during security incidents.

Legal and Regulatory Compliance
Coordinate with legal authorities and ensure compliance with relevant laws and regulations related to cybersecurity and data protection.

Audit and Review
Periodically review security policies, access logs, and system configurations to detect potential weaknesses and ensure adherence to security standards.

Recovery and Communication
Implement procedures for swift recovery of affected systems and transparent communication with stakeholders to maintain trust and demonstrate accountability.

Advance Your Cyber Knowledge

Discover cutting-edge developments in Emerging Tech and industry Insights.

Access world-class cyber research and guidance from IEEE.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1cyberattack-v1-multisource

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.