Ex-Navy IT Head Gets 5 Years for Selling People’s Data on Darkweb

Cyber Security Threat Summary:
Marquis Hooper, a former U.S. Navy IT manager, has received a sentence of five years and five months in prison for illegally obtaining US citizens' personally identifiable information (PII) and selling it on the dark web. The man was indicted with his wife, Natasha Renee Chalk, in February 2021 and pleaded guilty to aggravated identity theft and conspiracy to commit wire fraud in March 2023” (Bleeping Computer, 2023).

Using his background as a chief petty officer of the Seventh Fleet, which Hooper legitimately held until October 2018, Hooper signed up for a service that runs background checks and confirms identities. The service, which has not been named, maintains a database containing the PII of millions of people. After getting access to the service, Hopper gave his account access to his wife, who helped him conduct searches within the massive pool to locate valuable PII over the next 2.5 months.

The two illegally obtained the sensitive personal information of 9,000 people and subsequently sold the data on the dark web in exchange for Bitcoin payments valued at around $160,000 at the time. The PII purchased on the forum was used to commit document forgery and bank fraud among other malicious activity.

In once case, stolen PII was used to create a fake driver’s license, which was then used in an attempt to withdraw money from a victim’s bank account. In December of 2018, the account used by Hooper was closed after it was suspected of being used to commit fraud.

After losing access to the account, Hopper worked with an unnamed co-conspirator to regain access to the database. He offered to pay the conspirator a fee for letting them use a new account to continue stealing and selling PII, but a stricter verification procedure blocked the conspirator from completing the task.

To facilitate access to the database, Hooper provided multiple false documents of a Naval supply officer, and a letter purporting to be from a commanding officer. The co-conspirator submitted these to the database company, but the account was still declined, possibly based on suspected fraud.

Hooper’s wife currently faces a maximum penalty of 20 years in prison and $250,000 in fines and is scheduled to hear her sentence on November 20, 2023.