Archive for the criminal forensics Category

June 12, 2014, Episode 340, Show Notes

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Podcast, Show Notes, The CyberJungle with tags , , , , , , on June 12, 2014 by datasecurityblog

Episode 340 of The CyberJungle is about 35 minutes long. Eric Springer, Bitcoin Vigil Founder starts at about 20min, Chinese Industrial Espionage in Tales from the Dark Web, Dropbox Ransomeware, and the 11th Circuit rules 4th Amendment applies to cellphone location data in The News. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 340 via the flash player:

Interview

Eric Springer, Bitcoin Vigil Founder

Our Take on This Week’s News

Dropbox+Ransomeware=Perfect Business User Storm?

11th Circuit rules 4th Amendment applies to cellphone location data

Tales from The Dark Web

Chinese Industrial Espionage,

PUTTER PANDA RELEASE WAS CALCULATED DECISION, see 5th story down on this Politico page

NIST Supply Chain Risk Management

Wrap

No time for the Wrap this week.

Please support our sponsors, as they support The CyberJungle:

Basis Technology is helping investigators perform faster, more efficient, cost-effective, and complete investigations in cybersecurity and incident response.

BASIS TECHNOLOGY……PLEASE VISIT THEIR SITE BASISTECH.COM

logo-BasisTech_green_150

Basis Technology

 

 

 

 

 

June 3 2014, Episode 339, Show Notes

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , on June 3, 2014 by datasecurityblog

Episode 339 of The CyberJungle is about 30 minutes long. Kelly Hazelton on industrial controls security starts at about 24min, attacks on PHI surge in our Tales from The Dark Web segment, and one the scariest cyber attacks we have ever seen in The News. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 339 via the flash player:

Interview

Kelly Hazelton on industrial controls security

Our Take on This Week’s News

Registry hack updates XP

ChildPorn+CryptoLocker=LegalNightmare

Cybercrime laws used to target legit infosec research?

Tales from The Dark Web

Cybercriminals target PHI

Wrap

Snowden on metadata

Please support our sponsors, as they support The CyberJungle:

Basis Technology is helping investigators perform faster, more efficient, cost-effective, and complete investigations in cybersecurity and incident response.

BASIS TECHNOLOGY……PLEASE VISIT THEIR SITE BASISTECH.COM

logo-BasisTech_green_150

Basis Technology

 

 

 

 

 

Cyberattack Puts Child Porn On Your Computer – How Do You Respond?

Posted in criminal forensics, darkweb, Vulnerabilities with tags , , , , , on May 25, 2014 by datasecurityblog

We’re seeing a horrifying variants of the Cryptolocker attack. Recall the “ransomware” that generated big cybercrime profit last year by holding data hostage and demanding money from the rightful owners after locking them out of their own files.

The new attack may target hiring managers who post online job openings. A resume comes in with a malware payload. Managers circulate the news about a promising candidate. The resume gets forwarded among the bosses, and the attack spreads.

The most frightening variant of this family of malware, called Kovter has been seen by adding child porn to the mix. Malware detection company Damballa reports that once this variant attacks a computer system, the sets out to find adult websites that may be sitting in the browser history. If there are none, it implants child porn into the computer, and then freezes a screenshot on the browser as an extortion tool.

While relatively few people have been affected so far, the number of systems impacted by this family of malware has more than doubled over the last month from 7,000 to 15,000, the impact of this attack could be devastating. It’s critical to understand that anyone accused of “storing” child pornography will be faced with a crushing round of legal problems.

Child porn is radioactive, and the law surrounding it is so unforgiving, that no matter what you do, you’re probably in trouble. We are even aware of a forensic expert who was prosecuted because he had images on his computer that were related to a case he was working on.

If child pornography were to suddenly appear on your screen (assuming you didn’t put it there), do not try to delete the files, do not forward them, and do not look to see what else is going on in the computer.

The best course of action is to immediately shut down the computer and take it to your attorney’s office, explain what happened, and request that he or she lock it up. If you’re at work, shut down your computer and go immediately to the HR manager or to your boss, and report the occurrence. Explain that the attack has the potential to spread throughout the organization unless it’s immediately isolated.

The next step will be locating people who understand the both the law, and the range of cyberattacks that may have taken place, then deciding how to approach law enforcement. Assuming you didn’t alter any data on your hard drive, a proper forensic examination of the machine should confirm when the files appeared, and that you do not have a history of browsing for child pornography.

In the workplace scenario, be very alarmed if your employer seems unconcerned, or directs you to turn on your computer and get back to work. If the company has in-house legal counsel, ask to speak with one of the attorneys.

If there’s no in-house lawyer, or if you have a contentious relationship with your employer, you may want to ask your own attorney to contact your employer and request the computer be put in quarantine pending further investigation.

In the worst possible case, a court order might be necessary. The employer might misunderstand the event, or use it as a reason to fire you.

One more problem – your attorney may not have encountered child porn, or may have limited knowledge about how to examine the evidence without getting you into trouble. He or she may need to research the subject first, and that could mean an uncomfortable couple of days for you at work.

Please take this seriously. Cryptolocker also started small, and became a significant danger in a short time. We hope the Kovter attack doesn’t achieve similar reach, but we also hope those who get hit will respond in a way that doesn’t compound their troubles.

By: Ira Victor, GIAC G17799 GCFA GPCI GSEC ISACA CGEIT CRISC

Digital Forensic Analyst, and Host, CyberJungle Radio

———————————————————————————-

Please support our sponsors, as they support The CyberJungle:

Basis Technology is helping investigators perform faster, more efficient, cost-effective, and complete investigations in cybersecurity and incident response.

BASIS TECHNOLOGY……PLEASE VISIT THEIR SITE BASISTECH.COM

logo-BasisTech_green_150

 

 

 

 

May 13 2014, Episode 337, Show Notes

Posted in Business Continuity, Conference Coverage, Court Cases, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , on May 11, 2014 by datasecurityblog

Episode 337 of The CyberJungle is about 25 minutes long. Steve Ross on cybersecurity and process, IT workers targeted, and “Heartbroken.” You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 337 via the flash player:

Interview

Risk Masters’ Steve Ross on cybersecurity and process

Our Take on This Week’s News

Foreign intelligence agencies are targeting IT workers

Surveillance camera clears woman hit by police car 

Tales from The Dark Web

Silly sysadmins ADDING Heartbleed to servers

Wrap

DEA to release man mistaken for drug dealer that stole his ID

Please support our sponsors, as they support The CyberJungle:

Basis Technology is helping investigators perform faster, more efficient, cost-effective, and complete investigations in cybersecurity and incident response.

BASIS TECHNOLOGY……PLEASE VISIT THEIR SITE BASISTECH.COM

logo-BasisTech_green_150

Basis Technology

 

 

 

 

 

Apr 30 2014, Episode 336, Show Notes

Posted in Breach, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , on April 30, 2014 by datasecurityblog

Episode 336 of The CyberJungle is about 30 minutes long You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 336 via the flash player:

Interview

SecureAuth’s Garret Grajeck on Enterprise 2FA . Garret’s blog postings.

Our Take on This Week’s NewsHeartbleed flaw hits Chrome and Android users

Heartbleed flaw hits Chrome and Android users

NSA weaponizing 0days

Blackphone gets good initial response

Welcome aboard ISACA members

 

Tales from The Dark Web

MISE 0Day mitigated by firewall rule? Read background on the flaw here.

Wrap

The Wrap is on a break this week

Please support our sponsors, as they support The CyberJungle:

Basis Technology is helping investigators perform faster, more efficient, cost-effective, and complete investigations in cybersecurity and incident response.

BASIS TECHNOLOGY……PLEASE VISIT THEIR SITE BASISTECH.COM

logo-BasisTech_green_150

Basis Technology

 

 

 

 

——————————————————————————-

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level.

ATOLOA TECHNOLOGIES….PLEASE VISIT THEIR SITE ATOLA.COM

 

Apr 20 2014, Episode 335, Show Notes

Posted in Breach, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , on April 21, 2014 by datasecurityblog

Episode 335 of The CyberJungle is about 28 minutes long, and the interview starts at about 15:30min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 335 via the flash player:

Interview

Nimmy Reichenberg on the AlgoSec Report- The State of Network Security 2014: Attitudes and Opinions

Our Take on This Week’s News

Healthcare.gov users exposed to Heartbleed

Netcraft releases Heartbleed indicator for Chrome, Firefox, and Opera

Tales from The Dark Web

Attackers Exploit the Heartbleed OpenSSL Vulnerability to Circumvent Multi-factor Authentication on VPNs

Wrap

OpenSSL bug hunt: Find NEXT Heartbleed, earn $$$

Please support our sponsors, as they support The CyberJungle:

Basis Technology is helping investigators perform faster, more efficient, cost-effective, and complete investigations in cybersecurity and incident response.

BASIS TECHNOLOGY……PLEASE VISIT THEIR SITE BASISTECH.COM

logo-BasisTech_green_150

Basis Technology

 

 

 

 

——————————————————————————-

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level.

ATOLOA TECHNOLOGIES….PLEASE VISIT THEIR SITE ATOLA.COM

 

Apr 1 2014, Episode 333, Show Notes

Posted in Breach, Court Cases, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , , on March 31, 2014 by datasecurityblog

Episode 333 of The CyberJungle is about 37 minutes long. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 333 via the flash player:

Tales from The Dark Web

Did Russians frame Ukrainian hacktivists for alleged leak of 7 million credit, debit cards?

Hey, Glasshole: That cool app? It has turned you into a SPY DRONE

Our Take on This Week’s News

Fandango, Credit Karma Settle FTC Charges that They Deceived Consumers By Failing to Securely Transmit Sensitive Personal Information

Capital Hill hearing: Online Data Security Breaches, take special notice at 20, and 40min into the video

N.S.A. Breached Huawei Servers

How a Chinese Tech Firm Became the NSA’s Surveillance Nightmare

 

Please support our sponsors, as they support The CyberJungle

OUR SPONSOR, ATOLOA TECHNOLOGIES….PLEASE VISIT THEIR SITE ATOLA.COM

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level. Atola Insight has several key features for data capture in forensic and e-discovery cases. Find out more at Atola.com

 

Follow

Get every new post delivered to your Inbox.

Join 1,126 other followers