The Case of the Hacked South Pole

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.fbi.gov/page2/southpole.htm

[I don't recall this one, thought you all might enjoy it.  - WK]


Two Romanian citizens accused of hacking into the National Science
Foundation’s Amundsen-Scott South Pole Station science research
facility were arrested in a joint FBI/Romanian police operation last
month.

On May 3, 2003, an anonymous email was simultaneously received by the
Foundation’s U.S. Antarctic Program network operations center and by
technical staff at the South Pole. "I've hacked into the server of
your South Pole Research Station," it read. "Pay me off, or I will
sell the station's data to another country." The email contained data
found only on South Pole computer systems, demonstrating that it was
not a hoax. The threat hinted that the South Pole network had been
widely penetrated, potentially with harmful software that would cause
harm if triggered by the hacker.

NSF and its contractor, Raytheon Polar Services Company, immediately
isolated the entire station's computer network to prevent future moves
by the hacker. For part of each day the station is naturally isolated
from the Internet because of limited satellite coverage, and by the
time satellite access returned the next day the NSF team had locked
down the station while beginning to restore essential services such as
email and telemedicine and to isolate the known hacked computers from
the local network.

A case of unusual circumstances 

In May, South Pole Station is closed to the outside world -
temperatures approach 70 degrees below zero; aircraft cannot land for
another six months except in extreme cases for medical emergencies;  
and the computer network is the main connection for the 58 wintering
scientists and support contractors to maintain a lifeline to the
outside world for scientific data transmission, station operations,
medical support and emotional contact with family and friends.

The South Pole Station is a unique laboratory for scientific research 
where scientists deploy powerful radio telescopes that look out to the 
fringes of the universe to study its birth, sensitive seismometers 
that probe for earthquakes around the globe, detectors buried in the 
ice that measure neutrinos from cataclysmic events in outer space, and 
make long-term observations to document the changing composition of 
the pristine atmosphere. 

The chase is on

While the network was being secured and service restored to the 
personnel isolated at the bottom of the world, the NSF contacted the 
FBI, and the agencies worked together to find those behind the scheme. 
The Washington Field Office helped the NSF preserve evidence and use 
cyber-investigative techniques to track the path of the extortionist’s 
emails. The FBI Information Technology Division and the Cyber Division 
collaborated to determine that the hackers were accessing their emails 
from a cyber café in Romania. A call to the FBI Legal Attaché in 
Bucharest revealed that the Romania suspects were the target of other 
investigations out of the Mobile and Los Angeles Field Offices. The 
investigation was so far along in Mobile that the agents working with 
the Romania police had already made controlled payments to the 
suspects in an effort to flush them out further.

In executing a search warrant of the suspects' residence, the Romanian 
authorities seized documents, a credit card used in the extortion 
scheme, and a computer that contained the very email account that was 
used to make the demands of NSF. The Romanian police had all they 
needed and arrested two individuals and charged them with the crimes. 
The two are scheduled to stand trial.

International partners close the net

What did it take to track down these extortionists willing to endanger 
the well being of the South Pole researchers and threaten the public 
investment in scientific research that benefits all mankind? It took 
the concerted efforts on a global scale of a diverse group of 
individuals: the National Science Foundation's Computer Incident 
Response Team (CIRT), which includes NSF's Security Officer, and 
representatives from the Office of Inspector General, the Office of 
Polar Programs and the Division of Information Services, all located 
in Arlington, Virginia; NSF's Raytheon contractor support personnel in 
Colorado, Maryland, and Antarctica; NSF's scientific researchers in 
Antarctica and across the U.S.; FBI Agents in Washington, Mobile, 
Alabama, and Los Angeles; the FBI Legal Attaché in Romania, and the 
Romanian police. This case exemplifies how the FBI works in 
conjunction with its fellow government agencies as well as the 
international law enforcement community to bring cyber criminals to 
justice.
 
 
 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.