Trends in Cybercrime 2010Kai Axford MBA, CPP, CISSP, ACEManager, IT Security ServicesAccretive Solutionskaxford@accretivesolutions.com

SESSION CODE: SIA339

Allyn LyndSpecial Agent, Cybercrime DivisionFederal Bureau of Investigationalynd@fbi.gov

Our Agenda

IntroductionsThe Case of Little HackerThe Case of Ghost ExodusWhat else is out there?Questions

“Swatting”It’s not what you think…

In my former job, this was “swatting”….

“Swatting”It’s not what you think…

In my former job, this was “swatting”….….but now we add a new weapon.

“Swatting”It’s not what you think…

In my former job, this was “swatting”….….but now we add a new weapon.

Wiki defines it as “an attempt to trick an emergency service (such as a 911 operator) to dispatch an emergency response team.”

“Swatting”In Summary…

START: The Case of Little Hacker

CASE STUDY

Case Study: BackgroundTook place: 2002 – PresentStates involved:

Colorado, Florida, Louisiana, Maryland, New York, Nevada, Ohio, Texas, and Washington

Case StudyThe Telephone Party Line

Case Study: The PlayersMatthew Weigman (“Little Hacker” & “Silence”)

Was a MinorTechnical Support ReconnaissanceHacks/Phreaks/Social EngineersMakes Swatting Calls & Wire TapsTurns Phone Service On And Off

Group LeaderDirects & Conducts Swatting Technical Support & TrainingExtorts VictimsWiretaps Turns Phone Service Off & On

Case Study: The Players Stuart Rosoff (“Michael Knight”)

Conducts SwattingExtorts Victims

Case Study: The Players Guadalupe Martinez (“Wicked Wizard” & “Mexican Warrior”)

Commits I.D. TheftMakes Swatting CallsThreatens Victims

Case Study: The Players Jason Trowbridge (“JohnfromCA” & “JasonfromCA” & “MrStoner”)

Threatens VictimsPurchases Spoof CardsRuns Party Line Web SiteOperates A Party Line

Case Study: The Players Chad Ward (“Dark Angel”)

Makes Swatting Calls

Case Study: The Players Charles Nalley (“Madison”)

Targets VictimsObtains Target I.D. Information

Case Study: The Players Angela Roberson (“Amber” & “Lil Miss Angela”)

Case Study: The “Jackie Donut”

Case Study: Let’s Make It RealLet’s listen to some of the actual calls made by these guys…Here’s some of the party line discussions….

AudioHere is an actual call made to a 911 dispatcher….

AudioThe Address

TexasJohnson County SheriffFort Worth PoliceHouston Police

ColoradoEl Paso County Sherriff Security Police

LouisianaNew Orleans Police

FloridaPort Richie Police

New YorkSyracuse Sheriff

MarylandBaltimore Police

OhioCleveland Police

WashingtonKent Police Snohomish County Sheriff

NevadaLas Vegas Police

Case Study: The VictimsFirst Responders (100+)

…and many more!

VerizonAT&TQwestComcastSprintFrontierOnetelcoAmeritechSouthwestern Bell

MCITime WarnerRoadrunnerEmbarqRippleBeVocalSkypeVonageSBC Global

Case Study: The VictimsTelecommunication Providers

…and many more!

Case Study: The PlayersMatthew Weigman (“Little Hacker” & “Silence”)

Obstruction of Justice11 years

Guilty Plea 5 year sentence

Case Study: The Players Stuart Rosoff (“Michael Knight”)

Pled Guilty2.5 year sentence

Case Study: The Players Guadalupe Martinez (“Wicked Wizard” & “Mexican Warrior”)

Guilty Plea 5 year sentence

Case Study: The Players Jason Trowbridge (“JohnfromCA” & “JasonfromCA” & “MrStoner”)

Guilty Plea 5 year sentence

Case Study: The Players Chad Ward (“Dark Angel”)

Obstruction of Justice9 years

Case Study: The Players Charles Nalley (“Madison”)

Guilty Plea 2.5 year sentence

Case Study: The Players Angela Roberson (“Amber” & “Lil Miss Angela”)

Case Study: Why Prosecute in North Texas?Texas residents are charged for 911 services on their monthly phone bill. 911 calls made by spoofed CallerID is a violation of 18 U.S.C. 1029(a)(9).

6/12/2006: Martinez made 911 swatting call to Cleburn, TX 911 emergency services.

10/1/2006: Martinez made 911 swatting call to Fort Worth, TX 911 emergency services.

10/6/2006: Weigman made unauthorized access to Verizon NOC in Irving, TX

10/8/2006: Weigman made unauthorized access to CTS Telecom in Grand Prairie, TX to facilitate swatting 911 call in violation of 18 U.S.C. 1030(a)(5)(A)(ii)

Case Study: How Did They Do It?Use of TechnologyExtensive knowledge of telephone systemsSocial Engineering

Internal employees trying to be helpfulHackingCollaborating

Sharing pass wordsDiscussing law enforcement avoidance

END: The Case of Little Hacker

CASE STUDY

Conspiracy 18 U.S.C. 371 to commit:Fraud in connection w/ access devices 18 U.S.C. 1029(a)(9)Fraud in connection w/ computers 18 U.S.C. 1030(a)(5)(A)(ii)Conspiracy maximum sentence is 5 yearsUnderlying offense maximum penalty is 20 years

NEW 1030 CONSPIRACY CAN NOW BE USED

“Swatting”So what can I be charged with if I “swat”?

START: The Case of Ghost Exodus

CASE STUDY

Case Study: BackgroundTook place in 2009States involved:

TexasThe fallout is still ongoing. Apparently his crew isn’t real happy with his incarceration.

Conducted breach of healthcare facilityUploaded video to YouTubePled Guilty to two counts of “transmitting malicious code”

He installed a “bot” onto the machine.

Sentencing in September 2010

Case Study: The Players Jesse McGraw (“Ghost Exodus” & “PhantomExoDizzmo)

Case Study: Let’s Make It RealLet’s watch some of Ghost Exodus’ fine work…

Renamed to Evolution of ETA (EoETA) after McGraw’s arrest.<yawn> “Free Ghost Exodus…blah blah”

Here’s their website…

Case Study: The Players Elektronic Tribulation Army (“ETA” and “EoETA”)

END: The Case of Ghost Exodus

CASE STUDY

Case Study: How Did He Do It?Use of TechnologyExtensive knowledge of employer’s computer systemsPhysical Access

Lessons Learned“Old Skool” still works.

It’s not all about “cutting edge technology”Phreaking is alive and well.Social engineering is a major threat. Are you training your employees?

Are you monitoring?The threats? What is put on the Internet about your business?This includes background and credit checks on key roles.Do your homework! The bad guys are certainly doing theirs.

It’s time to get physical!If you lose physical control, then the battle may be already lost.Who has access? When? Why? For how long?Shameless Plug:

SIA 340: Gates, Guards, and Gadgets - Physical Security for ITTuesday, 8:00AM – 9:15AM(Yes, I realize that’s early and your 15 blocks from Bourbon Street.)

So what else is on the radar?Identity Theft

PersonalBusiness (aka “Brandjacking”)

Theft of Trade SecretsCyber terrorism…and so much more!

Questions?Kai Axford MBA, CPP, CISSP, ACEManager, IT Security ServicesAccretive Solutionskaxford@accretivesolutions.com

SESSION CODE: SIA339

Allyn LyndSpecial Agent, Cybercrime DivisionFederal Bureau of Investigationalynd@fbi.gov

Track Resources

Poulson, Kevin. Blind Hacker Sentenced to 11 Years in Prison. June 2009. http://www.wired.com/threatlevel/2009/06/blind_hacker/McGrew, Wesley. Mcgrew Security Blog. May 2010. http://www.mcgrewsecurity.com/YouTube

“Response to Cashis Clay”“Post July 4th Infiltration”“Hospital Hacker CBS News”

Related Content

SIA 340 – Gate, Guards, and Gadgets” Physical Security for ITTuesday, 8:00AM – 9:15AMSessions (session codes and titles)Where else can you touch razor wire or bulletproof glass? Ever seen an IP surveillance system in action? Join us tomorrow!

Resources

www.microsoft.com/teched

Sessions On-Demand & Community Microsoft Certification & Training Resources

Resources for IT Professionals Resources for Developers

www.microsoft.com/learning

http://microsoft.com/technet http://microsoft.com/msdn

Learning

Complete an evaluation on CommNet and enter to win!

Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st

http://northamerica.msteched.com/registration

You can also register at the

North America 2011 kiosk located at registrationJoin us in Atlanta next year

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to

be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

JUNE 7-10, 2010 | NEW ORLEANS, LA