Cases 1

From CyberSecurity
Revision as of 07:37, 6 December 2005 by Avichal (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

APPENDIX

Note: The numbering here gets messed up by newlines. It's supposed to run from 1..5. See my word document for correctly formatted stuff - Avichal
The following presents a few real-life cases, highlighting the use of cyberforensics to catch and prosecute cybercriminals (the date indicated is the date of capture or arrest).

  1. 1995, Feb 15: Kevin D. Mitnick.

Kevin David Mitnick is one of the most famous criminal hackers to be jailed. “His downfall was his Christmas 1994 break-in to Tsutomu Shimomura's computers in San Diego, California. Less than two months later, Tsutomu had tracked him down after a cross-country electronic pursuit.” The evidence collected to catch and prosecute Kevin D. Mitnick included:

  • Network traffic captured, which was used to recreate his online sessions.
  • Analysis of Tsutomu Shimomura’s machine-state after the break-in: method and time of file access and log files were used to create estimated step-by-step actions of the perpetrator.
  • ISPs (Netcom) Login records for a stolen account. These were compared with other login and phone records, in order to trace the path of the attacker.

In August 1999, Kevin Mitnick was given a 46 months sentence by the District Court in Los Angeles.

  1. 2001, May: Russian “Carders” (Credit Card Thieves)

Credit card thieves in Russia were using similar names to open multiple Paypal accounts, and then using these accounts to buy high-value computer goods from eBay auctions. Paypal's team investigating this issue used sniffer tools to capture the network traffic and analyzed it to determine the originating IP address. Using this and other information gathered in investigation, PayPal froze all fraudulent accounts opened by the perpetrators, who, by this time, had managed to purchase goods worth more than $100,000. Following this Paypal actually started receiving phone calls from the perpetrators demanding that the funds in their accounts be released to them. Being in Russia, the brazen perpetrators considered themselves out of reach. FBI got involved in the investigation and lured them into custody by offering them security jobs while posing as a high-technology company. Paypal's investigative team then used EnCase®, a forensic investigation toolkit, to gather evidence from their computers to gather evidence which was finally used to convict them.

  1. 2005, Aug 26: Farid Essebar(Morocco), Attila Ekici(Turkey) – authors Zotob, Mytob worms

FBI and Microsoft worked closely in this investigation. Microsoft monitored the attacks as they occurred, and used the gathered information to track the perpetrator’s electronic trail. Analysis of the code revealed a signature with the nickname Diabl0. Further investigation was able to link the nickname to the author Farid Essebar. Moroccon and Turkish law enforcement agencies are believed to have played an instrumental in the investigation.

  1. 2004, May 7: Sven Jaschen (Germany), author of Sasser worm

Sven Jaschen, a German college student was arrested after authorities were tipped off by his friends following Microsoft’s announcement of a $250,000 reward for the capture of Sasser’s author. However evidence on the suspect’s computer which could have linked him to the crime had been erased. Authorities determined that Sven had sent the source code for the worm to a friend using a US based instant messaging service. US authorities assisting in the investigation, with the help of the messaging service provider were able to gather evidence linking the transmission back to the German suspect. Sven Jaschen eventually confessed his crimes, and was tried as a minor (he was 17 when he authored the worm) and received a 21 month suspended sentence.

  1. 2000, Apr 23: Australian hacker responsible for attacking SCADA nodes of a sewage management system

Vitek Boden, snubbed by the rejection of his job application, attacked the SCADA system of a Queensland Waste management company. Driving around with a laptop fitted with a radio transmitter, he commandeered SCADA systems at various waste treatment centers, and managed to release millions of liters of sewage into parks, rivers and even the grounds of a Hyatt Regency hotel. He was finally caught, when he was pulled over by police on his last such mission. Examination of his laptop revealed a software which could control SCADA systems, and it’s time of use was linked to the time of actual attacks. Boden was convicted in Oct 2001 and sentenced to two years in prison.

Sources:

  1. Unknown. “Takedown.” Unknown. Accessed Nov 19, 2005. <http://www.takedown.com>
  2. Deborah Radcliff. “Cybersleuthing solves the case.” Computerworld. Jan 14, 2002. Available

<http://www.computerworld.com/securitytopics/security/story/0,10801,67299,00.html>

  1. Kerbs, Brian. “Suspected Worm Creators Arrested.” Washington Post. Aug 27, 2005. Accessed Dec 5, 2005. <http://www.washingtonpost.com/wp-dyn/content/article/2005/08/26/AR2005082601201.html>

and other minor sources.

  1. Unknown. “Global Partnership at work – Catching a Cyber saboteur.” Federal Bureau of Investigation. Accessed Nov 30, 2005 <http://www.fbi.gov/page2/sept05/globalpartnerships091905.htm>
  2. Smith, Tony. “Hacker jailed for revenge sewage attacks.” The Register. Oct 31, 2001. Accessed Dec 5, 2005. <http://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage/>
Retrieved from "http://cubist.cs.washington.edu/CyberSecurity/index.php?title=Cases_1&oldid=3365"