Informants & Alberto Gonzalez: She Swallowed the Spider to Catch the Fly

Posted on September 17, 2009 by Aaron Wright

In August, Albert Gonzalez was indicted for the theft of credit and debit card information from Hartland Payment Systems, the largest known breach of its kind, while awaiting trial for a similar attack against TJX, the second largest known breach of its kind.  Last week, Gonzalez pleaded guilty to nineteen charges relating to his role in the TJX breach (see Gonzalez's 2008 indictment (.pdf) for list of the various charges).

One of the most interesting facts that has come out about Mr. Gonzalez in the wake of news that he was responsible for the Heartland incident is that he was employed by the Secret Service as an informant in the TJX matter. It appears that Mr. Gonzalez first became an informant when he was arrested in 2003 as the leader of an identity theft ring, and he apparently continued to work as an informant for the government even while he was allegedly committing these thefts. 

Interestingly, there are some indications that Mr. Gonzalez may have been aided by another government informant in committing the Heartland attack. The indictment for the Heartland attack lists an unindicted coconspirator by initials only, which means, in the words of Mark Rasch, a former Justice Department cyber crime prosecutor, “[I]t's quite likely that the government is using an informant against Gonzalez, their previous informant.” So, of the four people the government believes to have been involved in the Heartland attack, fully half of the alleged hackers (and the only Americans believed to have been involved in the attack) were apparently employed by the Federal Government to help prevent attacks of just this sort.

Links:

Tags: , , , , , ,

Incident of the Week: Seattle Man Sentenced To Three Years In Prison For Using Peer-To-Peer Software To Steal Financial Records, Commit Identity Theft

Posted on August 13, 2009 by Gabriel M. Helmer

Yesterday, Frederick Eugene Wood of Seattle was sentenced to 39 months in prison for using LimeWire peer-to-peer (P2P) software to obtain Social Security numbers, bank and financial records and tax returns, which he then used to commit identity theft.  The complaint (.pdf) filed in federal court for the Western District of Washington in March alleged that Wood took advantage of the fact that users sometime install LimeWire or other peer-to-peer software on computers without limiting the directories and files made available to the peer-to-peer network. 

Especially when a household computer is shared between parents and children, the installation of peer-to-peer software may make tax returns, bank statements and other personal information saved on that computer available to everyone else on the peer-to-peer network.  During questioning by state and federal investigators, Wood explained that "kids put Limewire on the computer and the parents don't know."  As a result, Wood was able to obtain personal information from approximately 120 different individuals from Massachusetts, New York, Georgia, Florida, Ohio, Iowa, Louisiana, Oregon and California.  He then used this information to create counterfeit checks and driver's licenses and to open credit accounts in the victim's names.

Note that failing to limit the files shared by peer-to-peer software is not just a problem for household computers. In an earlier post, we discussed the problems caused when an employee installed LimeWire at work.  Also note that LimeWire's user guide and FAQ provide directions on how to make sure you are not sharing personal or sensitive information with the world.

Wood's scheme was discovered after he posted an ad on Craigslist.com purporting to sell a "brand new" Apple MacBook Pro for $1,500 and instead shipped a box containing a book and a glass vase instead of a computer.  Working with Seattle Police, the victim set up a meeting with Wood and he was arrested.  Upon investigation, Seattle Police discovered that Wood possessed a number of counterfeit driver's licenses and sought the assistance of the Social Security Administration's Office of Inspector General.  The Kings County Sherriff's Office, FBI, U.S. Postal Inspection Service and U.S. Secret Service's Electronic Crimes Unit also assisted in the investigation. 

Wood pled guilty to violations of federal laws governing identity theft (18 U.S.C. sec. 1038(A)), wire fraud (18 U.S.C. sec. 1343) and the Computer Fraud and Abuse Act (18 U.S.C. sec. 1030(a)(4)).  He is also required to pay over $25,000 in restitution to a number of parties, including Bank of America, American Express and other financial institutions (for the complete list, see the judgment filed in court earlier this week (.pdf)).

Tags: , , , , , , , , , , , ,

Secret Service and Europe Plan a Cybercrime Task Force

Posted on July 20, 2009 by Jeff Bone

According to recent reports from the Wall Street Journal and Computerworld, on June 30 the United States Secret Service, the Italian police and Italian postal service reached an agreement for the establishment of an international task force to fight cybercrime, including identity theft and computer hacking.   Mark Sullivan, the director of the Secret Service, stated that cybercrime "is not a borderless crime and we believe there needs to be a reaction at an international level."  While it may seem odd at first for the Secret Service, whose most obvious mission is to protect members of the U.S. government and visiting heads of state, to be involved in a fight against cybercrime, the agency actually has a dual mission: both to protect heads of state and "to safeguard the nation's financial infrastructure and payment systems to preserve the integrity of the economy.  Moreover, Congress has given the agency authority to investigate offenses under the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. sec. 1030(d)

The task force will be named the European Electronic Crime Task Force, will be based in Rome and, according to Italian police, will be open to other European countries. Its main focus will be to combine the resources and efforts of the United States and European Union nations in order to fortify cyber-defenses for government sites hosting sensitive data. The Italian Postal Service (and, presumably, other entities that decide to contribute) will exchange alerts with the Secret Service, monitor computer networks across Europe using Italian Postal Service software for threats, and coordinate to quickly respond to attacks. According to the articles, the Italian Postal Service now makes more money from banking and insurance services than from traditional sending of letters and packages. Given this shift in focus, it has developed a software that can review electronic monetary transfers for suspcious signs.

Ironically, and as discussed in more detail elsewhere, the announcement of this new task force came just a few days before the Secret Service's website, along with the websites of the Treasury Department and Federal Trade Commission, were paralyzed due to cyberattacks, which government officials speculate originated from North Korea.  Perhaps the Secret Service should have first established a task force with Asia?

Links:

 

Tags: , , , , ,

U.S. and South Korea Targeted in Ongoing Denial of Service Attacks

Posted on July 8, 2009 by Aaron Wright

On the 4th of July an organized series of Denial of Service (DOS) attacks were launched against a number of U.S. government websites (including the White House, Treasury Department and the Federal Trade Commission websites), as well as several websites associated with the South Korean government and a handful of corporate targets (the Washington Post and Nasdaq stock exchange). [If you are wondering what a DOS/DDOS attack is, brief explanations are available from U.S. Computer Emergency Response Team (CERT) and CNET.]

The U.S. government routinely faces threats like these (note coverage of prior events in 2001 and 2000), but the recent attacks have been especially long lasting, apparently very well coordinated and sophisticated, and “remarkably successful”. In fact, a number of government websites were brought down over the weekend and some are still experiencing service problems as a result of this attack. [As of this posting, the FTC website is still showing signs of overload.] Of particular note is that the website of at least one agency charged with investigating cybercrime violations in the United States, the Secret Service website, was successfully brought down by this attack.

At the moment, the source of the attack is unknown, but some are reporting that North Korea is behind the attack. In particular, there is some suggestion that North Korea may be running a “cyber warfare unit” which is tasked with hacking into military websites and disrupting traffic to those sites.  If such reports are accurate, then we have seen a demonstration that a hostile government has the capability to disrupt traffic to government websites, even the websites of government agencies involved in cyber security. Of course, the apparent impact of these attacks has been minimal, they have effectively disrupted the use of public websites, but there appears to be little lasting impact.

U.S. officials have not issued any public comment on the attacks. 

Links:

 

Tags: , , , , , , , ,