clear

Subscribe

Archives

2018
Jan Apr May Jul Aug

2017
Jan Feb Mar Apr May Jul Aug Sep Oct Nov Dec

2016
Sep Oct Nov Dec

2014
Apr

2013
Feb Jun Jul

2012
Jan Feb Aug Oct

2011
Jan Feb Mar Jun Jul Sep Oct Dec

2009
Mar Apr

clear
Friday, 4 August 2017
Anatomy of a Security Breach
Share
clear

In recent Information Security news, The Wall Street Journal reported on the upcoming trial of an alleged botnet master.  The trial is in progress now. 

It is not often that we get a look at the details of a computer security breach, but in this case at least some details are in the docket of the Eastern District of NY. I have downloaded the original complaint of US v. Gasperini here.  The accusations include violations of the Computer Fraud and Abuse Act, Wire Fraud, Conspiracy to Commit Wire Fraud, and Conspiracy to Commit Money Laundering. All of these acts were allegedly undertaken in a click-fraud scheme. If you want to understand the details of these accusations, I uploaded the judge’s jury directions here.

The defendant allegedly hacked into QNAP NAS devices using the Shellshock vulnerability and downloaded click-fraud software. This is a network device that many people will not patch regularly. Unfortunately, the court transcripts don’t describe how he got past firewall security. 

How did the government find out about this? Apparently from an informant, “CS-1”. The fraud scheme was carried out using a “target” website which ran ads from victim companies. Payments based on clicks were then made to the defendant, according to the government.

The defendant’s prospective expert testimony gives some ideas on how he will challenge the government’s case.  Given the complexity of the Internet advertising business and the tracking and verification techniques, is it reasonable that this fraud could be carried out? They are also going to testify as to the details of the scripts used and forensic examination of servers.

It will be interesting to see the outcome of this jury case; maybe next week. In the meantime, patch your servers!

clear
Posted on 08/04/2017 12:24 PM by Fred Scholl
Comments
No comments yet.