http://www.wired.com/threatlevel/2009/08/gonzalez-evidence/
In Gonzalez Hacking Case, a High-Stakes Fight Over a Ukrainian’s Laptop
By Kim Zetter Email Author August 20, 2009 4:21 pm
When Turkish police arrested Maksym “Maksik” Yastremskiy — a Ukrainian wholesaler of stolen identity data — in July 2007, they didn’t just collar one of the most-wanted cybercriminals in the world. They also got a trove of evidence about Yastremskiy’s buyers and suppliers, all locked in an encrypted vault on his laptop computer.
Now federal prosecutors are hoping to introduce a copy of Yastremskiy’s files in its case against accused hacker Albert “Segvec” Gonzalez. Chat logs and other information on the disk allegedly show that Gonzalez was Yastremskiy’s major supplier of credit and debit card numbers.
But Gonzalez’s attorney is fighting to keep the data, and similar information seized from a server in Latvia, far away from the New York court room where Gonzalez is scheduled to stand trial next month on the first of three federal indictments. The argument unfolding over the disks illustrates the challenges and controversies of using electronic evidence gathered in foreign jurisdictions, and sheds more light on the unusual methods used to investigate what authorities have called the largest identity theft case in U.S. history.
… One notable revelation in the government’s own filings (.pdf) is that Yastremskiy’s arrest did not mark the first time the Secret Service gained access to his computer files. On June 14, 2006 the Secret Service worked with local authorities to conduct a “sneak-and-peek” search of Yastremskiy’s laptop while he was traveling through Dubai, in the United Arab Emirates. The agency secretly obtained a copy of the man’s hard drive in the search.
The government says that stealth operation is irrelevant now, because it doesn’t plan on introducing the data from the sneak-and-peek at trial — only the data taken in Turkey at Yastremskiy’s arrest. But defense attorney Rene Palomino, Jr., says the earlier search may have been unlawful, and could have legally tainted the case: The disk image may have been used by U.S. authorities to obtain a provisional arrest warrant for Yastremskiy in California, and it was that warrant that led Turkish authorities to arrest him and seize his laptop.
In a court filing this month, the lawyer is asking (.pdf) for an evidentiary hearing to, among other things, “determine the extent to which the arrests and seizures were causally motivated by the prior sneak-and-peek conducted by the USSS in Dubai.”
Also at issue is the procedure used by Turkish authorities to recover data from the laptop. While U.S. forensics examiners routinely make a bit-for-bit copy of a seized hard drive and leave the original undisturbed, there’s evidence that Turkish police tried to install software on the laptop in order to change the Windows password on the machine. Additionally, access times on some 3,000 files were disturbed. The hard drive broke while in Turkish custody, and was later deemed irreparable by the Secret Service.
… Cronos employee Ivars Tenters imaged the server and gave it to the LVS, who gave it to the Secret Service. About two weeks later, on June 6, U.S. authorities submitted a mutual legal assistance treaty request for the physical server itself, and Tenters disassembled it and passed it to Latvian prosecutors who gave it to U.S. authorities in September.
Palomino points out that the hash value of the Latvian server provided by prosecutors in the New York case is different from the hash value for the same server provided by authorities in the Massachusetts case against Gonzalez. [In other words, something was changed... Bob] He argues that Gonzalez has a right to cross-examine Tenters and the LVS officers about the chain-of-custody of the data and the server.
Palomino says the foreign police were acting as agents of the Secret Service, and thus there should be some Fourth Amendment protection for the searches in Latvia and Turkey, and that foreign authorities should be required to show that they adhered to local legal requirements for searches and seizures as well.
The feds counter (.pdf) that Gonzalez has no Fourth Amendment protection on the server in Latvia, because he’s never acknowledged it belongs to him, [Can the Fed assert it does and still claim he gets no protection? Bob] and the informant gave them the password and permission to search it. Gonzalez also doesn’t have protection for the laptop in Turkey, because it belongs to Yastremskiy, a non-U.S. person.
Just a point for management to consider. The main justification for laptop computers (which are more expensive than desktops of similar capacity) is that they allow employees to take work home. Obviously these computers weren't taken home, so why did you spend the extra (taxpayer) money on laptops?
http://www.databreaches.net/?p=6783
Computers stolen from Cal State L.A.
August 20, 2009 by admin Filed under Breach Incidents, Education Sector, Theft, U.S.
More than a dozen computers have been stolen from California State University, Los Angeles, sparking concerns over possible identity theft.
Officials say on Aug. 1 someone broke a window in the office of the university’s Minority Opportunities in Research program and stole 14 computers, two desktops and 12 laptops.
The computers contain the names, social security numbers and addresses of more than 600 students and faculty members.
Read more on KABC
I don't think they're tapping my phone, I think they're tapping the Judges phone. And remember, I worked with these guys for a few years...
http://www.pogowasright.org/?p=2988
Judge rejects challenge to overseas wiretap law
August 21, 2009 by Dissent Filed under Court, Featured Headlines, Legislation, Surveillance, U.S.
A judge rejected a challenge to a law letting the United States eavesdrop on overseas conversations Thursday, saying fears by Americans that their conversations will be monitored and their rights violated were ”purely subjective.”
U.S. District Judge John Koeltl ruled that the latest version of the Foreign Intelligence Surveillance Act could not be challenged by attorneys, journalists and human rights organizations unless they could show their own communications had been affected. [Which they can't because the evidence (if any) is classified. Bob]
[...]
The law was challenged by Amnesty International, Human Rights Watch, a group of international criminal defense lawyers and an organization of women, among others.
Read more from the Associated Press in The New York Times.
Looks like it's shaping up to be a good year for the guys who sell trojans to the bad-but-not-as-smart guys.
http://www.bespacific.com/mt/archives/022115.html
August 20, 2009
New Release Identifies Proliferation of ID Theft Malware
"PandaLabs issued a release on the proliferation of identity theft malware during times of economic crisis. Our research found that the number of users affected by malware designed for identity theft has increased 600 percent this year compared to the same time in 2008. PandaLabs receives nearly 37,000 samples of new viruses, worms, Trojans and other types of Internet threats each day. Of these, 71 percent are Trojans, mostly aimed at stealing bank details or credit card numbers, as well as passwords for other commercial services. Between January and July 2009, PandaLabs received 11 million new threats, approximately 8 million of which were Trojans. This is in clear contrast, for example, to the average of 51 percent of new Trojans that PandaLabs received in 2007."
(Related) Here's an example of a bad-but-not-as-smart Identity Thief. I think the instruction manual that comes with the “I want to be a Millionaire Identity Thief” kit must tell them to keep moving so they don't get caught.
Police discover suspected $1 million credit card fraud
By: Staff Writer 18/08/2009 12:58 PM
WINNIPEG - Police say they uncovered a credit card fraud worth as much as $1 million early Friday morning while investigating a vehicle break-in downtown.
Police said the rented vehicle, which was parked at Notre Dame Avenue and Albert Street, contained items associated with illegal credit card trafficking.
Police found the man who had rented the vehicle nearby. He attempted unsuccessfully to flee police in a taxi. [Like I said, not so bright Bob]
Police obtained a search warrant to search the vehicle and a hotel room, discovering hundreds of fraudulently obtained credit cards, a skimming device, laptop computers and thousands of dollars worth of legitimate gift cards.
Does this suggest we need a US version of the study?
http://www.pogowasright.org/?p=2994
A new study on privacy online in Israel
August 21, 2009 by Dissent Filed under Internet, Non-U.S.
Calls to better safeguard users’ privacy online and improve protection of personal data on the Internet are commonplace. The concerns about privacy issues are sometimes coupled with demanding higher legal standards of protection pertaining to access and use of personal data obtained over the Internet by third parties, may they be the government and its agencies or private entities that collect and use personal data for commercial purposes. Professors Michael Birnhack (Tel Aviv University) and Niva Elkin-Koren (University of Haifa) have just posted a new and highly interesting study that addresses questions of compliance with privacy regulation in Israel.
Read more on Stanford CIS
Related: “Does Law Matter? Informational Privacy and Online Compliance in Israeli Web Sites” (full-text article available on SSRN)
Now this is amusing. Why would anyone ignore a resource like Mitnick? I can see the competition's ads now: “We're so secure, we can even protect Kevin Mitnick. Can your provider say that?”
http://www.theregister.co.uk/2009/08/19/att_dumps_kevin_mitnick/
Besieged by attacks, AT&T dumps celebrity hacker
The perils of being Kevin Mitnick
By Dan Goodin in San Francisco Posted in Security, 19th August 2009 22:22 GMT
Updated Over the years, Kevin Mitnick has gotten used to the attacks on his website and cell phone account that routinely result from being a convicted hacker turned security expert. he finds much harder to stomach is the treatment he's getting from his providers.
Over the past month, both HostedHere.net, his longtime webhost, and AT&T, his cellular provider since he was released from prison more than nine years ago, have told him they no longer want him as a customer. The reason: his status as a celebrity hacker makes his accounts too hard to defend against the legions of script kiddies who regularly attack them.
The move by AT&T came this week after Mitnick hired a lawyer to complain that his privacy was being invaded by people posting Mitnick's account information in public hacking forums. It included the eight-digit password Mitnick used to authenticate himself online, the numbers for his cell phone and land lines, his billing address, and the last four digits of his social security number.
"They can't seem to secure my account," Mitnick told The Register. "And then instead of doing something about it, they try to kill the messenger and want to boot me off their network when all I want them to do is to secure my account so no one gets access to my phone records."
Mitnick said the cellular account has been repeatedly breached over the years, despite a wide range of countermeasures he's followed to prevent the attacks. In recent years, he's committed the password to memory and has deliberately not shared it with anyone or kept it stored on a computer. For a while, his former girlfriend, who was also repeatedly attacked, disabled her online account altogether, but even then she regularly found it would later be restored. The people carrying out the attacks would then post the phone records online in an attempt to embarrass them.
"There are so many ways into these networks," he said. "They have to take some responsibility, not just silence the people that are filing complaints."
About 18 hours after this article was first published, an AT&T spokeswoman issued the following statement:
"We investigated Mr. Mitnick’s claims and determined they were without any foundation. We refused Mr. Mitnick’s demands for money, but did offer to let him out of his contractual obligations so that he could find a carrier that he would be comfortable with. In response to your question regarding customer password security: we require that any systems containing sensitive information regarding passwords encrypt the data."
Mitnick said that per AT&T policy, his password could only be digits and no more than eight characters long.
It was three weeks ago that Mitnick was forced to find a new webhost after HostedHere told him they no longer wanted to provide service for MitnickSecurity.com, his longtime website. The decision came after years of relentless attacks that the company was powerless to stop.
In the past three months, Mitnick's site was taken out twice, and one of those attacks also caused a sustained outage for the South Carolina-based service provider. After years of trying to fend off the assaults, the company decided it was time to part ways with Mitnick.
"Kevin is a high-profile target," said David Wykofka, IT director at HostedHere. "When vulnerabilities come out in third-party vendor software, he is one of the first targets on their list. This is just one of the perils of being Kevin Mitnick. If you're Barack Obama, you don't get webhosting at GoDaddy."
No doubt, the companies are free to choose who they count as customers. But in asking Mitnick to take his business elsewhere, they seem to be making the tacit admission that they are unable to secure the accounts of users whose only fault is being a high-profile target.
What's most irritating to Mitnick, he says, was the haste AT&T showed in asking him to find another provider. And that despite the unusually large roaming charges he incurs that often push his monthly bill above $2,000 per month.
"You'd think they'd like to talk to me and say 'how do you think these guys are getting in?', maybe even offer to set up an account not in my name," he said. "Rather than do that, for a customer that spends up to $20K a year, it's 'goodbye.'"
Good news, bad news. My forensic analyst side appreciates the new tool but my “every now an then I like to speak anonymously” side sees one more hurdle to leap.
http://www.pogowasright.org/?p=2971
Microsoft working to eliminate Internet anonymity
August 20, 2009 by Dissent Filed under Internet
Microsoft researchers have unveiled an anti-hacking concept that can help track hackers or malicious content to origin servers.
The Host Tracker program’s goal is to “de-anonymize the Internet” through the ability to host servers with 99 percent accuracy.
Host Tracker is designed to unmask would-be hackers who take advantage of anonymizing techniques by cross-referencing Internet protocol traffic data to identify the true origin. Microsoft’s representatives said the Host Tracker system relies on application-level events — in this case, Internet Explorer browser sessions — to automatically infer host-IP bindings.
Read more on GCN. Thanks to Brian Honan for this link.
[From the article:
Researchers Yinglian Xie, Fang Yu and Martin Abadi ran some initial tests by analyzing a month's worth of data from an e-mail server, roughly 330 GB, to ascertain from the samples who may have been responsible for sending out certain types of spam. They studied some 550 million user IDs and 220 million IP addresses, and matched time stamps for message transmission or e-mail log-ons.
"The fact that we are able to trace malicious traffic to the proxy itself is an improvement because we are able to pinpoint the exact origin," Xie said (a PDF of the study can be found here).
Is this wise on any level? Shouldn't their strategy be to attract as many riders as possible, by whatever means possible?
New York MTA Asserts Copyright Over Schedule
Posted by timothy on Thursday August 20, @04:52PM from the might-be-a-bargain-if-they-always-kept-the-schedule dept.
Presto Vivace writes
"Greater Greater Washington reports that 'The New York Metropolitan Transit Authority's lawyers are going after a local blogger, and attempting to block an iPhone application showing Metro-North railroad schedules. The blog StationStops writes about Metro-North Commuter Railroad service north of New York City, and often criticizes its operations. Its creator, Chris Schoenfeld, also created an iPhone application to give Metro-North riders schedule information. Now the MTA is insisting he pay them to license the data, and at one point even accused the site of pretending to be an official MTA site.' I can't believe that this the MTA's actions are going to go over well with the public."
Tools & Techniques It's faster from the command line, but this may be better for non-geeks (and students?)
http://www.makeuseof.com/tag/run-windows-commands-easily-with-commands-in-demand/
Run Windows Commands Easily With Commands In Demand
Aug. 20th, 2009 By Varun Kashyap
Talk about doing repetitive tasks and you would think of the command line to be the best place to do them. However it is not always easy for everyone to remember how to run Windows commands. Commands in Demand provides you with an interface to perform a number of such tasks at the click of a button.
Sadly there is no portable version of the application.
No comments:
Post a Comment