kai axford mba, cpp, cissp, ace manager, it security services accretive solutions...
TRANSCRIPT
Trends in Cybercrime 2010Kai Axford MBA, CPP, CISSP, ACEManager, IT Security ServicesAccretive [email protected]
SESSION CODE: SIA339
Allyn LyndSpecial Agent, Cybercrime DivisionFederal Bureau of [email protected]
Our Agenda
IntroductionsThe Case of Little HackerThe Case of Ghost ExodusWhat else is out there?Questions
“Swatting”It’s not what you think…
In my former job, this was “swatting”….
“Swatting”It’s not what you think…
In my former job, this was “swatting”….….but now we add a new weapon.
“Swatting”It’s not what you think…
In my former job, this was “swatting”….….but now we add a new weapon.
Wiki defines it as “an attempt to trick an emergency service (such as a 911 operator) to dispatch an emergency response team.”
“Swatting”In Summary…
START: The Case of Little Hacker
CASE STUDY
Case Study: BackgroundTook place: 2002 – PresentStates involved:
Colorado, Florida, Louisiana, Maryland, New York, Nevada, Ohio, Texas, and Washington
Case StudyThe Telephone Party Line
Case Study: The PlayersMatthew Weigman (“Little Hacker” & “Silence”)
Was a MinorTechnical Support ReconnaissanceHacks/Phreaks/Social EngineersMakes Swatting Calls & Wire TapsTurns Phone Service On And Off
Group LeaderDirects & Conducts Swatting Technical Support & TrainingExtorts VictimsWiretaps Turns Phone Service Off & On
Case Study: The Players Stuart Rosoff (“Michael Knight”)
Conducts SwattingExtorts Victims
Case Study: The Players Guadalupe Martinez (“Wicked Wizard” & “Mexican Warrior”)
Commits I.D. TheftMakes Swatting CallsThreatens Victims
Case Study: The Players Jason Trowbridge (“JohnfromCA” & “JasonfromCA” & “MrStoner”)
Threatens VictimsPurchases Spoof CardsRuns Party Line Web SiteOperates A Party Line
Case Study: The Players Chad Ward (“Dark Angel”)
Makes Swatting Calls
Case Study: The Players Charles Nalley (“Madison”)
Targets VictimsObtains Target I.D. Information
Case Study: The Players Angela Roberson (“Amber” & “Lil Miss Angela”)
Case Study: The “Jackie Donut”
Case Study: Let’s Make It RealLet’s listen to some of the actual calls made by these guys…Here’s some of the party line discussions….
AudioHere is an actual call made to a 911 dispatcher….
AudioThe Address
TexasJohnson County SheriffFort Worth PoliceHouston Police
ColoradoEl Paso County Sherriff Security Police
LouisianaNew Orleans Police
FloridaPort Richie Police
New YorkSyracuse Sheriff
MarylandBaltimore Police
OhioCleveland Police
WashingtonKent Police Snohomish County Sheriff
NevadaLas Vegas Police
Case Study: The VictimsFirst Responders (100+)
…and many more!
VerizonAT&TQwestComcastSprintFrontierOnetelcoAmeritechSouthwestern Bell
MCITime WarnerRoadrunnerEmbarqRippleBeVocalSkypeVonageSBC Global
Case Study: The VictimsTelecommunication Providers
…and many more!
Case Study: The PlayersMatthew Weigman (“Little Hacker” & “Silence”)
Obstruction of Justice11 years
Guilty Plea 5 year sentence
Case Study: The Players Stuart Rosoff (“Michael Knight”)
Pled Guilty2.5 year sentence
Case Study: The Players Guadalupe Martinez (“Wicked Wizard” & “Mexican Warrior”)
Guilty Plea 5 year sentence
Case Study: The Players Jason Trowbridge (“JohnfromCA” & “JasonfromCA” & “MrStoner”)
Guilty Plea 5 year sentence
Case Study: The Players Chad Ward (“Dark Angel”)
Obstruction of Justice9 years
Case Study: The Players Charles Nalley (“Madison”)
Guilty Plea 2.5 year sentence
Case Study: The Players Angela Roberson (“Amber” & “Lil Miss Angela”)
Case Study: Why Prosecute in North Texas?Texas residents are charged for 911 services on their monthly phone bill. 911 calls made by spoofed CallerID is a violation of 18 U.S.C. 1029(a)(9).
6/12/2006: Martinez made 911 swatting call to Cleburn, TX 911 emergency services.
10/1/2006: Martinez made 911 swatting call to Fort Worth, TX 911 emergency services.
10/6/2006: Weigman made unauthorized access to Verizon NOC in Irving, TX
10/8/2006: Weigman made unauthorized access to CTS Telecom in Grand Prairie, TX to facilitate swatting 911 call in violation of 18 U.S.C. 1030(a)(5)(A)(ii)
Case Study: How Did They Do It?Use of TechnologyExtensive knowledge of telephone systemsSocial Engineering
Internal employees trying to be helpfulHackingCollaborating
Sharing pass wordsDiscussing law enforcement avoidance
END: The Case of Little Hacker
CASE STUDY
Conspiracy 18 U.S.C. 371 to commit:Fraud in connection w/ access devices 18 U.S.C. 1029(a)(9)Fraud in connection w/ computers 18 U.S.C. 1030(a)(5)(A)(ii)Conspiracy maximum sentence is 5 yearsUnderlying offense maximum penalty is 20 years
NEW 1030 CONSPIRACY CAN NOW BE USED
“Swatting”So what can I be charged with if I “swat”?
START: The Case of Ghost Exodus
CASE STUDY
Case Study: BackgroundTook place in 2009States involved:
TexasThe fallout is still ongoing. Apparently his crew isn’t real happy with his incarceration.
Conducted breach of healthcare facilityUploaded video to YouTubePled Guilty to two counts of “transmitting malicious code”
He installed a “bot” onto the machine.
Sentencing in September 2010
Case Study: The Players Jesse McGraw (“Ghost Exodus” & “PhantomExoDizzmo)
Case Study: Let’s Make It RealLet’s watch some of Ghost Exodus’ fine work…
Renamed to Evolution of ETA (EoETA) after McGraw’s arrest.<yawn> “Free Ghost Exodus…blah blah”
Here’s their website…
Case Study: The Players Elektronic Tribulation Army (“ETA” and “EoETA”)
END: The Case of Ghost Exodus
CASE STUDY
Case Study: How Did He Do It?Use of TechnologyExtensive knowledge of employer’s computer systemsPhysical Access
Lessons Learned“Old Skool” still works.
It’s not all about “cutting edge technology”Phreaking is alive and well.Social engineering is a major threat. Are you training your employees?
Are you monitoring?The threats? What is put on the Internet about your business?This includes background and credit checks on key roles.Do your homework! The bad guys are certainly doing theirs.
It’s time to get physical!If you lose physical control, then the battle may be already lost.Who has access? When? Why? For how long?Shameless Plug:
SIA 340: Gates, Guards, and Gadgets - Physical Security for ITTuesday, 8:00AM – 9:15AM(Yes, I realize that’s early and your 15 blocks from Bourbon Street.)
So what else is on the radar?Identity Theft
PersonalBusiness (aka “Brandjacking”)
Theft of Trade SecretsCyber terrorism…and so much more!
Questions?Kai Axford MBA, CPP, CISSP, ACEManager, IT Security ServicesAccretive [email protected]
SESSION CODE: SIA339
Allyn LyndSpecial Agent, Cybercrime DivisionFederal Bureau of [email protected]
Track Resources
Poulson, Kevin. Blind Hacker Sentenced to 11 Years in Prison. June 2009. http://www.wired.com/threatlevel/2009/06/blind_hacker/McGrew, Wesley. Mcgrew Security Blog. May 2010. http://www.mcgrewsecurity.com/YouTube
“Response to Cashis Clay”“Post July 4th Infiltration”“Hospital Hacker CBS News”
Related Content
SIA 340 – Gate, Guards, and Gadgets” Physical Security for ITTuesday, 8:00AM – 9:15AMSessions (session codes and titles)Where else can you touch razor wire or bulletproof glass? Ever seen an IP surveillance system in action? Join us tomorrow!
Resources
www.microsoft.com/teched
Sessions On-Demand & Community Microsoft Certification & Training Resources
Resources for IT Professionals Resources for Developers
www.microsoft.com/learning
http://microsoft.com/technet http://microsoft.com/msdn
Learning
Complete an evaluation on CommNet and enter to win!
Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st
http://northamerica.msteched.com/registration
You can also register at the
North America 2011 kiosk located at registrationJoin us in Atlanta next year
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
JUNE 7-10, 2010 | NEW ORLEANS, LA