Feb 132013
 

A thief hacked into a hotel room at the Hyatt House Houston Galleria in Houston, Texas, on September 7th and stole the room occupant Janet Wolf’s laptop. Ms. Wolf, who ironically enough is an IT services consultant for Dell Computers, returned to her room to discover the missing laptop. An investigation by hotel management showed that no one but the room’s occupant had used the key card to gain access to the room during her stay, so it seemed the laptop just disappeared into thin air. The hotel was so concerned about the incident that they posted a security guard at their front entrance in an effort to keep similar incidents from ever happening again.

A few days after the incident, the hotel informed Ms. Wolf via a letter that they had discovered the room’s lock had been hacked open by someone who was unknown at the time, and that they were still investigating the incident. Matthew Allen Cook, age 27 and from Richmond, Texas, was arrested in Houston on October 31 for stealing the laptop,  and was found to have pawned Ms. Wolf’s laptop within a few days of stealing it. He was also suspected in at least two other similar incidents at the same hotel that took place around the same time as this particular incident.

So how did he do it? Well, a security researcher named Cody Brocious had recently demonstrated the ease at which a hotel room lock could be hacked into, and three months later this particular incident occurred. Experts and hotel security believe that Cook used the very same method used by Brocious, which entailed using a simple $50 circuit board with attached wires to override the hotel’s key card lock system and gaining access to rooms. The locks, made by a certain company in Georgia, do give hotel management the ability to override the key card codes in cases of lost power or when they have malfunctioned, but only hotel management is given this information so it is unclear how Cook obtained this information. After his arrest, Cook was found to have allegedly stolen anywhere from $1500 to $20,000 worth of goods, and posted bond not long after.

Experts other than Brocious have reiterated that changes need to be made to hotel lock and key card systems to make them more secure and less vulnerable to attack, which has prompted these lock companies to take a look at improving the security of their products.

Fore more information:

http://www.nydailynews.com/news/national/texas-man-jailed-allegedly-exploiting-flaw-hotel-room-locks-article-1.1209751

http://www.forbes.com/sites/andygreenberg/2012/11/26/security-flaw-in-common-keycard-locks-exploited-in-string-of-hotel-room-break-ins/

 

It was recently announced that a credit union, whose identity and location were withheld, became a victim of its very own infected DVR. Thinking they had become the victim of an outside attack, the credit union had actually posted a warning to its customers on their website regarding the possibility of being at risk for security breaches without even realizing the security breach wasn’t coming from an unknown source, but from its very own network. A security intelligence firm hired by the credit union was the one to break the news that they had actually been the ones who unknowingly opened security back doors that allowed themselves to be targeted for attacks.

But of all things, a DVR is to blame? Isn’t it usually an actual computer that’s to blame for security network breaches? According to NorseCorp (the company hired by this credit union to monitor their security network) chief technology officer Tommy Stianson, there are at least 10,000 hacked DVRs currently in use in the United States alone. This particular DVR had no firewall and therefore had no protection against what ended up infecting it: Zeus, a version of the banking Trojan that simply waited for customers to enter in their account information online to commit theft. Banking Trojans infect computers by using corrupt email messages or websites to gain access to a security network, and then simply wait for customer login information to be entered, at which time every account connected to that login information can be bled dry. What makes banking Trojans so scary is their ability to make account holders’ accounts appear normal online, as if all their transactions are occurring as they’re supposed to, so account holders don’t realize their accounts have been hacked into and cleaned out until they receive their monthly bank statements. By then, then money is almost always long gone. And yes, a DVR can be to blame for something this catastrophic because it contains a computer; so as technology continues to advance and more and more of the items we use on a day-to-day basis have some sort of computer controlling them, stories like this one will become more and more common.

 

 

Jan 242013
 

It’s a very commonly used word these days, but what exactly is cybercrime? According to www.technewsdaily.com, cybercrime is defined as, “Any action that uses a computer as a weapon or an accessory in crime, or when a computer serves as the target of the act being committed”. There are several different kinds of cybercrime, which include user-targeted crime and user-initiated crime.

User-Targeted Crime

This type of cybercrime can commit such acts as hacking into someone’s accounts by guessing the username and/or password and then using that access to steal personal information to be used in identity theft, to steal money from bank accounts, access medical records, and many other malicious things that can wreak havoc on someone’s life for many years to come. Entire networks (such as those owned by major businesses and corporations) can also be penetrated by malicious hackers in which they steal large amounts of personal, financial, political, and corporate information that can be used to severely cripple an entire company. Phishing scams, such as those that pretend to be someone you may know in need of money in which to get get them out of a foreign country, or money that you are supposed to pay in order to receive more money in the future, are also claiming victims every day.

User-Initiated Crime

While most people may think of cybercrime as something that happens to them by some unknown party, it can also be committed by a person using their very own computer. By far, the most common example of this type of cybercrime is online piracy. Yes, it does still exist, even though Napster is long gone. Music, movies, and television shows can all be illegally downloaded and then uploaded onto other sites without written permission, and all of this costs the music, small, and large-screen industry a lot of money in profits each year. Cyber-bullying is another type of user-initiated crime, and while its prevalence is growing at an alarming rate, the law is beginning to put regulations in place to help prevent some of this.

So, how can cybercrime be prevented? According to the experts, it’s virtually impossible to eliminate all cybercrime, but a person can take certain steps to protect themselves from becoming an obvious victim. Things such as making sure they have reputable, up-to-date anti-virus software installed on their computer, and being aware of the types of phishing scams that are out there and how they work can go a long way towards avoiding becoming a victim.

 

The writers at a website called TechNewsDaily.com recently published an article called, “When It’s Time to Leave Facebook”. In this article, they discuss the different kinds of Facebook users: the ones who access their accounts a multitude of times every day to get the latest updates from their friends, and the ones who create an account to keep in touch with just a few people and don’t access it for months or years in between times. The question that was posed was which type of account holder is most at risk for having their account taken over by an unknown party.

Each type of user assumes some sort of risk simply by having a Facebook account, and in some respects, both are equally open to hacking, scams, and having complete strangers post things under the account holder’s profile that weren’t authorized by the actual account holder. The article pointed out that account holders who rarely access their accounts are highly susceptible to having their accounts taken over by unknown parties because they’re not on the site often enough to be aware of the social networking site’s ever-changing privacy and security policies, which leaves them vulnerable to attack because these changes tend to reset the account holder’s privacy settings to a default (read: public) setting. They are also vulnerable because they stay unaware of malicious or harmful information and statuses being posted by a stranger on their behalf because of their lack of time spent on the site. On the other hand, the frequent user of Facebook who constantly posts status updates, current locations, complete addresses, phone numbers, and birth dates is also quite vulnerable because many times this information is more than what a hacker or scammer needs to steal that user’s identity.

The article states that the very infrequent Facebook users would be much safer in the long run by deactivating their accounts or at the very least making them inactive. Making them inactive won’t completely keep the account safe, but it will provide somewhat of a barrier for malicious attacks. The frequent Facebook user who posts every tidbit of their lives and personal information would also be much safer by being less open about what they post and when. For instance, not posting current location (if away from home) or when they’re going to be or are already on vacation, posting only their birth month and day and not including the year, and leaving their phone number and address off of their personal information. By doing these things, Facebook users will not only help keep themselves from malicious attacks on the site itself, but it will help keep them from being victims of identity theft on a much larger scale outside of the Facebook world.

 

A Florida college recently became the next publicized victim of computer hackers. Birth dates and social security numbers were stolen from some 300,000 students and employees of Northwest Florida State College in early October. It is known that at least one hacker breached on folder of the school’s server between May 21st and May 24th, and while the two incidences haven’t been officially linked, investigators said that the close proximity of the two crimes time-wise most likely isn’t a coincidence. Many people criticized the length of time it took for the college to notify the potential victims whose information had been stolen, but it was determined the college was well within the 45-day time limit for informing victims as determined by Florida law.

According to the report, the hackers had access to the personal information of every single Florida student who was eligible for the Florida Bright Futures scholarship during the 2005-2006 and 2006-2007 school years, the records of over 3,000 employees including their financial data, and the records of over 76,000 current and former students.

While it could be many years before the true extent of the damage this particular security breach has caused is known-as is the case with most identity thefts-it is already known that the hackers have been able to take out loans in the names of some of the victims from shady online lenders and obtain a credit card from The Home Depot. The President of the college was a victim himself and expressed empathy to other victims, saying that he had spent countless hours on the phone with his banks and others to restore his identity and credit, and to protect himself and his family from future theft attempts.

For more information:

http://www.theblaze.com/stories/hack-of-florida-college-system-with-ssns-thought-to-be-a-professional-coordinated-attack/

http://miami.cbslocal.com/2012/10/10/200k-students-information-stolen-in-massive-computer-hacking-at-fl-college/

 

In an effort to make the site a more secure place to socially network, Pinterest recently implemented several changes to its privacy and security policies. These changes will seem very familiar to account holders because they are very similar to Facebook’s current privacy and security policies.

First off, both of the major changes are initiated by clicking on a red flag that is present on every user’s account. One change that has been made is how users, or “pinners” report site abusers. Prior to this change, then only way a pinner could do this was to comment on a certain pin in the “comments” section below it. With the new policy, pinners have a choice of report a single pin, or reporting an entire account, and can choose the reason why they’re reporting the abuse by clicking on categories such as: spam, pornography, hate speech, or self-harm. Once a pin or account has been reported, it is sent to Pinterest’s community team who reviews the pin or account and determines if it violates the site’s terms; if it does, the pin or the account will be taken down.

Pinners can also block users from their accounts, and they don’t have to give a reason why. Once this occurs, all communication between the two accounts stops, and while the blocked account holder isn’t given any notification that they’ve been blocked, it will become obvious the next time they attempt to “follow” the user who blocked them or pin any of their pins. Any pin boards that were being followed by the blocked user are taken down, as well as any comments that were made. The blocked user will still be able to see the boards of the person who blocked them, but they won’t be able to comment on or re-pin any of them to their own board(s). The good news is that blocking someone doesn’t have to be permanent; to unblock someone, the account holder simply has to go to the blocked user’s profile and click on the “Unblock” button in the center of the profile.

While these changes aim to make Pinterest a slightly more private and safer site for users, it won’t take away every one of the account holders who try to spoil the fun of browsing the site.

View Pinterest privacy policies at http://pinterest.com/about/privacy/.

 

A plethora of information can be gathered from a computer that has been implicated in the commission of a crime, but it takes people who are specifically educated and trained to extract this data and make sense of it, and computer forensics investigators are those people. There are specific steps that have to be taken in a certain order to be able to extract this data and protect it from damage or harm, analyze and interpret it, look for links (if there are any) to a suspected crime, and then make sure the evidence gathered is strong enough to hold up in a court of law.

Even if a person has deleted emails, files, programs, photos, or other information, that information is almost never truly deleted and can therefore be located and extracted from the computer’s hard drive. For instance, computer forensics investigators can go back into a computer’s memory and see what a person has searched for on websites such as Google, or what key words they’ve typed in to begin a search. For example: the computer owned by a person who is suspected of poisoning a family member to death with arsenic can be searched with specific interest focused on the suspect’s recent internet searches. If investigators look back into the search history and find key words or phrases such as, “arsenic”, “arsenic poisoning”, etc., and find that the suspect researched those topics around the time the crime was committed, then that suspect will have some serious questions to answer from law enforcement investigators as to why those searches were made in the first place.

This is just one hypothetical example of information that can be found with the right person who knows the right places to look.

 

Malware, viruses and spam are all but household words in this age of technology, but one type of cyber-crime may be one that not many people have heard of: Trojan horses. Experts say that Trojan horses are the most commonly used form of cyber-crime today, and the most malicious of the Trojan horses are called banking Trojans, a type of malware used specifically to break into online bank accounts and transfer money to other accounts that are owned and controlled by criminals. What’s scary about this type of malware is that cyber-criminals can configure programs to make it appear that a victim’s bank account is completely normal online, can even make the log-out page look authentic so the account holder believes they logged out of their accounts properly, and can make it appear that an account holder incorrectly entered their username and/or password so they’ll be forced to enter it again, at which time the information is intercepted by the hackers and filed away to be used to gain access to the account at a later date. Because of this, account holders generally don’t realize their account has been hacked into until they receive their monthly bank statements, and by then their money is long gone. Generally, the stolen money is shuttled into overseas accounts. Banking Trojans can be installed onto a computer in several ways: they can install themselves, or a user can install them by unknowingly opening an email or attachment that appears to be from someone they know.

At this point, one of the easiest ways to avoid becoming a victim to Trojan horses is to not check bank account information on a Windows PC. As of now, cyber-criminals haven’t been able to install banking Trojans onto any Macintosh computers, although experts say that it’s only a matter of time before it will happen. But, since the majority of computer owners have Windows, another way to avoid banking Trojans is to avoid opening any suspicious emails, or suspicious files, even if they appear to have been sent by a friend.

For more info:

http://www.webopedia.com/DidYouKnow/Internet/2004/virus.asp

 

Several weeks ago, on October 10th, the South Carolina Department of Revenue became the victim of a widespread cyber-attack that resulted in the theft of over 3.6 million social security numbers and the personal information and details for over 387,000 credit and debit cards. The FBI has said that the attacks definitely took place from outside the United States, and they are continuing the investigation in hopes of being able to at least narrow down the hackers’ location to a specific country, and hopefully naming actual suspects in time. They do know that there were attempts to breach the system’s security back in August and September of this year, possibly by the same party or parties who successfully breached the system most recently.

The South Carolina Department of Revenue has requested that anyone who has filed a tax return in the state from 1998 to the present take the necessary precautions to protect their personal information by monitoring their bank accounts, credit card accounts, and any other place where someone might be able to use a stolen social security number or personal bank information. They also warned that these citizens should continuously monitor their credit accounts from all three major credit agencies for at least the next several years, and perhaps longer since it can take many years for an identity thief to use stolen personal information and for extensive damage to a person’s credit score and identity to be done. The South Carolina Department of Revenue has also stated that they will provide assistance to anyone who becomes a victim to this security breach because it is their responsibility to take care of their taxpayers.

For more information, see the following sites:

http://www.carolinalive.com/news/story.aspx?id=818339#.UNCnRHdYSvg

You may visit http://www.protectmyid.com/default.aspx?PageTypeID=HomePage111&SiteVersionID=940&SiteID=100330&sc=676980&bcd= and enter SCDOR123 in the activation box to check your information.

 

The FBI has been using their own cell phone towers as an aid in solving crimes for more than fifteen years. These data collection devices, called Stingrays, allow them to collect data from cell phone towers without having to rely on the cell phone companies to provide it for them, which can also save valuable time in the investigation process as well. Local law enforcement agencies use this technology also but the device’s cost (around $240,000) keeps it from being a mainstream investigation tool by every law enforcement agency. Questions have been raised regarding whether this practice is an invasion of the public’s privacy, and a threat to our security as a whole, but Stingray only collects call locations, not call information or text messages, so it is not considered wiretapping.

Here’s how the Stingray works: it collects data in a very similar fashion to a “cell tower dump”. This is the term used when law enforcement officials ask for all of the phone numbers and the names of people associated with those numbers who used signal from a particular cell tower in a specified amount of time. This investigation tool is one that was used recently in the case of Jessica Ridgeway, and can be used to narrow down a list of possible suspects in a case and separates them from people with no possible connection to a case. All data is collected, whether it’s from smartphones, laptops, desktops, and tablets, and sorted through until all data is either deemed not relevant to the investigation or a possible suspect or two can be placed in the area of the crime scene at the specified time. To get an idea of how widespread this investigation tool is, data from well over one million wireless service customers was given to law enforcement at their request in the year 2011.

For more info:

http://online.wsj.com/article/SB10001424053111904194604576583112723197574.html

http://epic.org/foia/fbi/stingray/

http://www.laweekly.com/2012-09-13/news/LAPD-stingray-spying-cellphone/

© 2013 Computer Forensics Recruiter