CS Undergrad Hacks the Gibson Uses Command Prompt
Reading the search warrant affidavit was painful and illustrates what I see as a trend in law enforcement circles – and not a good one. The rules governing what constitutes expertise seems an afterthought in situations where a computer is involved.
Background:
A computer science undergrad at Boston College had most of his electronics seized (computers, cellphones, etc) during the execution of a search warrant. Riccardo Calixte, the undergrad, had what was described as a “domestic dispute” with his roommate. The individuals lived in campus housing, and the dispute was being handled by residential life; the police came out to investigate and then things started tumbling down hill into what I can only describe as a witch hunt.
Cyber Attacks on Power Grid? Maybe, Maybe Not
I was debating posting something about this since I thought it was very chicken little, but it made it to slashdot again so my hopes of it dying quietly in the night are broken.
The Wall Street Journal had a hysterical article about our power infrastructure being vulnerable to attack by the Chinese and the Russians; it further declared a multitude of attacks have already occurred resulting in backdoors and dormant malware being planted ready for some massive cyber war in the future. As Bruce Shneier briefly blogged about the whole article is devoid of specifics and most of the detection claims comes from intelligence agencies who are not likely to share the specifics. China has, of course, denied the allegations. Continue reading
DC3 – Digital Forensics Challenge 2009
Team NSSAL met Tuesday to digest the DC3 challenge packet for 2009. The 2008 challenge was a more structured series of well defined tasks split up into categories and difficulty levels; the 2009 challenge is set up to mimic a real investigation. We were provided with some documentation regarding seized evidence, and an affidavit submitted to obtain the warrant. The scenario centers around an individual purporting to be highly skilled at hiding his data so we are preparing to encounter all the techniques from last year’s challenge in the current one, but in a realistic application scenario. Thankfully we have a tool belt of tools we used (and some we built) from last year to meet the challenge head on.
I will not be blogging about any specifics of our findings while the challenge is going on, but do expect a full write up at the end. I did want to mention I will be using the early alpha builds of Black Friar in the course of the challenge. I have indexed the drive image we were provided with using Black Friar, and from some initial triage it looks to be working quite well. Expect specific details on how it performed in the challenge when the time comes.
FBI Raid part 3 – Warrant Application Summary
I finally tracked down a copy of the search warrant application / affidavit for the data center raid in Dallas, TX. Hat tip to http://crimeblog.dallasnews.com/archives/fbi/ for linking to the information.
The search warrant is 39 pages. The first 10 pages contain a list of what they want to seize (effectively everything not nailed down), background on the investigating agent, and a reposting of the crimes they believe are involved. The last 4 pages is some generic fluff on what digital evidence might exist. In the remaining 25 pages of information pertinent to the raid is summarized, and it is quite an interesting read. Continue reading
The plot thickens (FBI Server Raid)
It looks like the FBI server raid I mentioned yesterday is now shaping up to be about defrauding AT&T and Verizon out of hosting fees. I’m not sure of the specifics yet. CBS 11 news has more information on the developments. Something is still odd about the situation. The description from CBS is a cross between unpaid bills and stealing cable, but it is fairly light on the details.They have some court documents about the situation; I’m going to see if I can get a hold of those and get some better information. It still does not make any sense why they would take all the servers down.