Tag: Cybercrime

Categories
Casserly Consulting Blog

Tech Term: Computer Forensics, Defined

tech_term_forensic_computer_400.jpg

Pop culture gives us an impression of what cyber investigations look like. Official-looking people, in impeccable suits, typing away at terminals and analyzing the data scrolling past them on their heads-up displays. In reality, computer forensics (as they are actually called) are a little less dramatic, and much more serious. For today’s tech term, we’ll dig into the field of computer forensics.

What are Computer Forensics, and What Are They Used For?
Computer forensics can be defined as the application of certain specialized techniques to locate and analyze the information on a computer or computer system, protecting it for use as evidence in a trial. Once the requisite warrants have been acquired, a forensic technician is tasked with isolating the device from outside influence by disconnecting it from the Internet before copying every file and poring over their contents for evidence.

The investigator must make a copy of these files so as to preserve the original evidence. Accessing a file can be enough to change it slightly, potentially rendering their evidence inadmissible.

Computer forensics can be leveraged in a wide variety of cases, as any given device may contain evidence of a crime to be, or that was, perpetrated, as well as effectively be the scene of the crime itself. An investigation dives deep, not only focusing on the presence of files, emails, or other documents pertinent to the case on the device, but also on an analysis of these items’ metadata, as it reveals when data appeared on a computer, when it was edited and saved last, and who the user was that carried out these actions.

These methods have been used to crack cases involving a dirty laundry list of crimes, as this sample of their uses suggests:

  • Intellectual Property Theft and Industrial Espionage
  • Employment Disputes
  • Bankruptcy Investigations
  • Inappropriate Email and Internet Usage in the Workplace
  • Regulatory Compliance
  • Forgeries and Fraud Investigations

Alternative Sources of Analysts
Of course, law enforcement are not the only bodies that maintain and utilize computer forensics labs. Six major companies, including Walmart, American Express, and Target, have accredited laboratories, and there are countless other independent labs that have not been accredited. These in-house labs can often outperform traditional law enforcement groups, as they are better able to keep their solutions on the cutting edge.

In fact, these labs are often recruited by law enforcement to assist in solving crimes. Target’s labs have announced in the past that they have assisted with “felony, homicide, and special-circumstances cases” on a volunteer basis for years, a spokesperson claiming in 2008 that a full quarter of cases worked by Target’s laboratory had nothing to do with the company.

How Does Your Technology Compare?
If you want a team on your side that will take as much care to protect your solutions as a computer forensics team does to track down cybercrime, give COMPANYNAME a call at PHONENUMBER.

Categories
Casserly Consulting Blog

Perpetrators of Three Major Cyber Crimes Have Pled Guilty

keyboard_gavel_400.jpg

Every so often, it’s nice to hear about when the good guys win and cybercriminals get their comeuppance. Three such cybercriminals have entered guilty pleas to charges related to major cybersecurity events.

Mirai
Mirai was a malware strain that creates a botnet out of enslaved Internet of Things devices. By leveraging the resources of these IoT devices, Mirai took down networks and websites. 20 and 21-year-olds Josiah White and Paras Jha have pled guilty for developing and leveraging Mirai.

The duo were co-founders of Protraf Solutions LLC, a company that would mitigate DDoS attacks. Their business model was to sell their solutions to their DDoS victims, or use the DDoS attack the old-fashioned way: as a means of collecting ill-gotten monies from those desperate enough to pay them to stop the attack. Along with 21-year-old Dalton Norman, White and Jha also used Mirai to power a click fraud scheme that net them about 200 Bitcoin, Norman alone netting 30.

Mirai ultimately went on to power one of the biggest attacks the world has ever seen, using IoT devices to take down Dyn, causing many major websites to go down.

Ultimately, the three young malware developers were each charged with click fraud conspiracy, earning each a $250,000 fine and a stay of up to five years in prison. Jha and White plead guilty to conspiracy charges for writing and using Mirai and were each sentenced to an additional 5 years in prison and $250,000 fine, as well as three years of supervised release.

NSA Data
An employee of the National Security Agency, Nghia Hoang Pho, pled guilty on December 17, 2017, to a charge of “willful retention of national defense information.” According to the United States Justice Department, Pho was hired in 2006 as a developer for the Tailored Access Operations unit. The Tailored Access Operations unit, or TAO unit, creates specialized hacking tools that are used to collect data from the information systems used by overseas targets.

Between 2010 and March of 2015, Pho removed classified data and stored it on his home computer, which utilized antivirus software from Kaspersky Lab. Kaspersky Lab is suspected of having been exploited by Russian hackers to steal documents, perhaps including the ones Pho removed and saved at home.

The United States Department of Homeland Security has since issued a directive that bans the use of Kaspersky software in federal agencies. Pho could face up to 10 years in prison and is scheduled for sentencing on April 6.

Yahoo
One of four men who faced indictment in March of 2017 has pled guilty to hacking into Yahoo and exposing the usernames, passwords, and account information for essentially every Yahoo user, with the number of victims counting to about one billion.

22-year-old Karim Baratov, a Canadian, has been charged with working for two members of the Federal Security Service of the Russian Federation. In his work for the FSB, Baratov hacked into 80 accounts, as well as a total of over 11,000 webmail accounts since 2010. Baratov also provided hacking services that enabled access to accounts with Google, Yahoo, and Yandex, via the use of spear-phishing through custom content and a malicious link.

For his activities, Baratov has pled guilty to a total of nine counts. One count, for aggravated identity theft, has a mandatory sentence of two years, while each of the other eight counts could net him 10 years in jail and a fine of $250,000. However, the federal sentencing guidelines established in the United States could reduce the final sentence considerably.

While it is nice to see those responsible for cybercrime paying their dues, it is even better for certain cybercrimes to be prevented in the first place. COMPANYNAME can help your business with that. Call us at PHONENUMBER.

Categories
Casserly Consulting Blog

Cybercriminals Who Use This Malware Will Get A Nasty Surprise

ponzi_pyradmid_money400.jpg

Do you know what a botnet is and how it works? It’s basically a network of infected computers that can be used to perform Distributed Denial of Service attacks, overloading target networks and forcing them to endure downtime. They can also be used to distribute malware and other threats. What’s worse than this, you ask? Hackers can purchase botnets on the black market to use against their targets, but a new type of botnet strain is changing the way this works.

The black market is no stranger to sketchy sales. Users can pay with Bitcoin for the development of malware and other threats without knowing the first thing about hacking or technology. However, this convenience comes at a price, as any users of the new Cobian botnet now know. The malware involved–njRAT–surfaced in 2015 and includes a lot of terrifying features. Hackers can use a keylogger, webcam control, remote code execution, and even screensharing, just by shelling out some Bitcoins to a fellow hacker.

What these would-be hackers don’t know is that the developers include encrypted code which allows them access to the master control switch of the botnet. In other words, while users are purchasing their own botnets to use for whatever they want, full control of any botnets purchased is held solely by the developer of Cobian.

NakedSecurity describes the way that the botnet masks its presence, as well as how the threat activates when it’s time for its master to take over: “Cobian’s executable payload disguises itself as a Microsoft Excel file. Cobian’s secondary payload then checks to see if the second-level operator is online. If so, then the code that enables the author to acquire master control operates to evade detection. If the second-level operator is offline, the secondary payload acquires the address of the author’s command and control servers from Pastebin.”

It just goes to show that you can never trust a hacker–but you probably already knew that. This story should be a lesson for businesses that don’t suspect they are at threat of a hacking attack. If anyone can access threats like a botnet, you’ll need to step up your defenses to keep your business safe. COMPANYNAME can help with this task–to learn more, reach out to us at PHONENUMBER.

Categories
Casserly Consulting Blog

Essential Cybersecurity Tips From The FBI

fbi_cybersecurity_400.jpg

In 2016 former President of the United States Barack Obama passed the Cybersecurity National Action Plan that implemented near-term action and developed a longer-term strategy of bringing awareness and protections to public computing systems connected to the Internet. The strategy is to make an immediate effort to empower citizens to protect their own privacy, while also maintaining public safety and national and economic security, as many of the most critical systems this nation utilizes are networked on the web.

For the average small business, it is more crucial than ever to avoid the pitfalls that lay on the internet. Victims of cybercrime deal with an endless number of issues, including drops in revenue, data loss, downtime, and fines/restitution if they are unable to keep their networks secure. Below are a number of line-items that the Federal Bureau of Investigation recommends to keep your data secure, and to avoid becoming a victim of the most pressing malware on the Internet today: ransomware.

  • Raise Awareness: Ensure that you make a point to make your staff cognizant of the threat of a ransomware infection.
  • Updates and Patches: Make sure to patch your operating systems, software, and firmware on all of your digital assets.
  • Auto Update Security Software: Lean on enterprise-level antivirus and anti-malware software to conduct regular scans and catch potential malware.
  • Limit Super Users: Ensure that you don’t just hand out administrator access to your mission-critical systems. Managing access is one of the best ways to keep untrustworthy entities out of your network.
  • Access Control: As stated above, access control is essential to ensure that you know who can and should be in parts of your network. If your users only need read-specific information, they don’t need write-access to files or directories, mitigating risk.
  • Filters and Application Control: Deploy software restrictions to keep programs from executing from location where ransomware may be found. This includes temporary folders found to support Internet browsers and compression/decompression programs.
  • Data Backup & Disaster Recovery Plan: Create data redundancy by having a comprehensive backup and recovery plan in place.
  • Multiple Storages: Ensure that each storage unit is stand-alone to avoid major problems with backups and other forms of storage.

Governments absolutely have to have a strategic plan on how to deal with cybercrime, and as a solid practice, businesses should follow suit. If you want to make sure your strategies are top-level, visit https://www.fbi.gov/investigate/cyber/news to see what the FBI is doing to protect their computing infrastructure. For more great security information, subscribe to our blog.

Categories
Miscellaneous

Hack a Hospital and Get Blacklisted By Other Hackers

b2ap3_thumbnail_ethics_of_hackers_400.jpg Hackers are notorious for committing cybercrimes and exploiting what seems like everybody and anybody. Yet, just as there exists honor among thieves, there’s an unwritten rule within the hacking community: leave hospitals alone.

Of course, if you’re familiar with the activity of hackers, then you’ve perhaps heard of stories of hospitals and healthcare institutions getting hacked. To be sure, any organization handling healthcare records makes for a tempting target to a hacker. These records contain very personal and sensitive information that can be sold for big bucks on the black market (this is one reason why protection laws such as HIPAA are put into place). However, if a hacker chooses to act on this impulse, they do so at the risk of being shunned by their own.

While it’s one thing to stealthily steal files from a hospital server unit, it’s even more of a dastardly deed for a hacker to unleash a ransomware attack on a hospital network. This is due to the fact that attacks like ransomware will disable a computer until a ransom is paid to the hackers. As you can imagine, if a hospital were to have any of its equipment taken offline, then patients in critical condition would be unable to receive the care they need until the system is back online. Potentially, a move like this could result in death.

What could motivate a hacker to attempt a hack where human life is on the line? For the hacker attempting such a hack, it’s perhaps because the crisis it creates makes for a higher chance of a payout. Compared to hacking a business that’s prepared for a ransomware attack and can afford to brush it off and lose a few hours or a few days-worth of data (depending on when the last backup was made), hospitals must act as quickly as possible to get their system back online, which very well could mean paying the hacker.

What’s worse, even if a hospital pays a hacker’s ransom, there’s still no guarantee that they will regain control of their system, which could translate to a significant loss of life. Given the possibility of such a sad situation, it’s easy to see why hackers will blacklist any of their peers known for going after hospitals. After all, where do the hackers go when they get sick? That’s right, the hospital.

To give you a hacker’s perspective on the matter, ZDNet references a forum where hackers discuss, get this, the ethics of hacking. “Yes, this is pretty sad and a new low. These ransom attacks are bad enough, but if someone were to die or be injured because of this it is just plain wrong.”

While these words may be somewhat comforting for a hospital administrator to hear, keep in mind that there are some hackers who disregard any form of ethics altogether, so the risk is still there. Also, for the average SMB not associated with healthcare, there’s likely no “hacker’s code” protecting your organization from being targeted. In fact, regarding the typical SMB, hackers can build a pretty solid case on why they should pull the trigger on a hack attack.

Therefore, whether your business is in the crosshairs of hackers or not, every organization needs to be prepared and have a security solution in place that can withstand such attacks. This defense plan must include a way to defend against even ransomware, which means backing up your data with BDR and having a means to restore your backed up copy as quickly as possible so that downtime is at a minimum.

To make sure that your business is prepared for anything that a hacker throws at you, call COMPANYNAME today at PHONENUMBER.