FBI steps up pursuit of cybercrime

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.centredaily.com/mld/centredaily/news/6839620.htm

BY GINA BARTON
Milwaukee Journal Sentinel
Sept. 23, 2003   

MILWAUKEE, Wis. - (KRT) - Barry J. Fibiger of Sheboygan, Wis., came 
face to face with police on the waterfront in Virginia Beach, Va.

According to a court document quoting law enforcement officials, 
Fibiger was "soft-spoken, cooperative and polite" when they confronted 
him beside the ocean in October 2002. He was "very calm and spoke very 
softly" and didn't struggle when they took him into custody.

Fibiger, 35, told police he'd come to Virginia to kill himself. In a 
suicide note left behind in Wisconsin, Fibiger had willed his computer 
to his father. He'd used the Dell 8200 in ways that had gotten him 
indicted on federal charges of wire fraud, mail fraud and 
counterfeiting.

The charges against Fibiger were the result of a recent national 
crackdown on Internet fraud known as "Operation E-Con," initiated by 
Attorney General John Ashcroft.

Over the past three years, consumer fraud cases involving the Internet 
have increased steadily, according to the Federal Trade Commission. In 
2002, nearly half of the 218,000 fraud complaints received by the FTC 
were Internet-related.

In Wisconsin, four FBI agents in Milwaukee and six others throughout 
the state make up a cybercrime squad whose sole purpose is battling 
online bad guys.

They recently received a grant from the national FBI headquarters to 
form a cyber task force here, which will consist of members from 
federal, state and local law enforcement agencies. The task force will 
allow computer criminals to be investigated and prosecuted more 
efficiently and is expected to be up and running by the end of the 
year, said FBI Special Agent Matt Petersen.

"This thing is growing by leaps and bounds. We're constantly 
recruiting people with computer skills," said FBI Special Agent 
Michael Johnson, who is in charge of the specialized squad.

Fibiger has pleaded guilty to four federal felonies and is scheduled 
to be sentenced next month. He faces a maximum possible penalty of 20 
years in prison and fines of $1 million.

Federal officials first zeroed in on Fibiger due to a referral from 
the Internet Fraud Complaint Center, a national Department of Justice 
clearinghouse that tracks complaints and refers them to the 
appropriate authorities.

Prosecutors say he set up several online stores. There, he advertised 
Palm Pilots, hand-held computers and other electronic equipment. 
Consumers placed orders and sent payment through the online services 
PayPal and PayByCheck, but they never received the merchandise, 
according to court documents.

---

Cases such as Fibiger's are just the tip of the iceberg, Johnson said.

"There's now crime over the Internet that didn't exist 10 years ago," 
he said.

One of the most common types is computer intrusion. Some people guilty 
of this offense have legitimate reasons to be working within a system 
but overstep their bounds. Some - such as Chad Davis - aren't entitled 
to access but create it for themselves, anyway.

Davis, a follower of convicted computer felon Joseph Konopka, dubbed 
"Dr. Chaos," hacked into the U.S. Army's computer system, Petersen 
said. There, he defaced the Web site to let people know it had been 
cracked by "Mindfazer," his nickname. He also went to other servers to 
look at personnel and other records, Petersen said.

The investigation into Davis' crimes began with log files, computer 
records of who comes into the system and when. Most hackers know how 
to hide their presence by modifying these files. But the Army had a 
second set in place, which was operated by a different server. Davis 
didn't know about the backup log files, so he didn't erase himself 
from them, Petersen said.

The log files led authorities back to a Green Bay, Wis., Internet 
service provider. Davis, who lived in the area, became a suspect 
because he already was under investigation for prior computer crimes, 
Petersen said. His name wasn't attached to an account at the Green Bay 
company, so authorities placed him under surveillance. They spotted 
him "Dumpster diving" in the alley behind the business and later 
learned he had retrieved e-mail addresses, passwords and other client 
information from the trash.

A review of phone records revealed Davis' telephone number attached to 
the account of a bowling alley called Mr. Ten Pin. He had accessed the 
Internet at the exact same time the Army Web site had been 
compromised, Petersen said.

FBI agents served a search warrant, then arrested Davis, now 23. He 
confessed a few days later, Petersen said. He later pleaded guilty to 
one count of computer fraud and was sentenced to six months in prison 
and three years of supervised release.

Davis' main motivations were mischief and bragging rights, Petersen 
said. But other computer criminals have more nefarious motives. Some 
seek out personal identification, then use it to get credit cards in 
the names of unwitting consumers.

Some make their way into computer-based corporate telephone systems 
and make thousands of dollars in long-distance calls. Some trade in 
child pornography.

"We get a lot of complaints from ex-girlfriends," Johnson said. "Or we 
seize the computer for some other reason and find this stuff."

Petersen, who analyzes the hard drives of every computer seized in a 
Milwaukee FBI case, said he spends 40 percent to 60 percent of his 
time on child pornography investigations. The state Division of 
Criminal Investigation also focuses substantial energy on them, 
Johnson said.

Computer crimes of every type pose numerous challenges for law 
enforcement, Petersen said. Some businesses turn off log files, not 
knowing they can be among an investigator's best resources. Those that 
are activated re-write themselves every 30 days to save space on the 
hard drive, so authorities always are working against the clock. Some 
people take over numerous systems before they cause trouble, and it's 
hard to trace where the hacker began. Cybercrime investigations also 
tend to be solitary pursuits, leaving an agent alone with a hard 
drive, a list of phone records or a file of computer code.

The cybercrime problem isn't going away anytime soon.

"The trend is that it's increasing. It's gaining in notoriety," 
Petersen said.

---

Protection

To protect yourself against computer crime:

DO Change factory preset passwords Shred documents containing personal 
information before throwing them away Obtain copies of your credit 
report periodically to check for unauthorized charges

DON'T Give out personal information in response to a pop-up ad Give 
out personal information over wireless services or cordless phones 
Give out bank account numbers or send money to someone you "meet" in a 
chat room or via e-mail


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.