SANS Digital Forensics and Incident Response Blog

Digital Forensic Case Leads: Is the Chinese Government Backdooring Networks Globally? Large Breach at Yahoo Impacts Gmail, MSN and More. Anonymous Sends Warning To Central Bank?

This week's Digital Forensic Case Leads takes us around the world. From a possible Anonymous waring in Latin America, to the report that the Chinese Government may be building in backdoors to networks across the globe. In the last few weeks there have been many announcements about the use of Near Field Communications (NFC) in the next generation of smartphones and tablets from all the major platform makers. Most of the press has been on digital wallets. But, many believe we will see use of NFC for multi-factor authentication, physical access control, and more. If that happens, look for NFC to be a factor in DFIR. Since NFC an RFID-based technology, be sure to read the paper co-authored by Dr. Hal Berghel on RFID security in this week's Good Reads.



Good Reads/Listens:

  • We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency by Parmy Olson
  • Is the Chinese Government Backdooring Networks Globally? Interview on CyberJungle Radio by the author of this week's posting. Large implications for DFIR.
  • Malware Analysis: Unpacking SimplePack
  • There have been a large number of announcements around Near Field Communications (NFC) in smartphones, tablets and other devices. NFC is a subset of RFID. Dr. Hal Berghel co-authored a paper on RFID Security that is an excellent resource as we enter into the age of NFC



From the SJMercury News: "More than 400,000 Yahoo [cleartext] usernames and passwords were stolen and published on the Web, putting other websites at risk as well, after hackers exploited a [SQL] vulnerability in Yahoo's computer systems. Some logins for Google (GOOG), AOL and Microsoft services were among those compromised. The three companies said they required affected users to reset passwords for sites including Gmail, AOL, Hotmail, MSN and "

From The "A federal appeals court has reversed a lower court's ruling in the ACH/wire fraud dispute between PATCO Construction Inc. and the former Ocean Bank, now People's United. In a decision issued July 3, the First Circuit Court of Appeals in Boston ruled in favor of PATCO, reversing a district court's 2011 judgment that favored the bank, and further recommended that the two parties pursue an out-of-court settlement of the case. The 43-page ruling describes the bank's security procedures as "commercially unreasonable," saying the institution should have detected and stopped the fraudulent transactions that drained more than $500,000 from PATCO's commercial account in 2009."

From The Wall Street Journal: "With cybercriminals a greater threat to small businesses than ever before, more entrepreneurs like Lloyd Keilson are left asking themselves who is to blame for hacking attacks that drain their business accounts. In May, Lifestyle Forms & Displays Inc., a mannequin maker and importer led by the 65-year-old Mr. Keilson, had $1.2 million wiped out of its bank accounts in just hours through online transactions. The theft from the Brooklyn, N.Y., company, which has about 100 employees, wasn't an isolated incident."

From FBI : Cybercriminals Faces Up To 50 Years For Role In $1.5 Million Scam; Convicted of defrauding customers of Chase, Bank of America, and payroll provider ADP. Attackers are accused of using "evil twin" web sites to trick victims into putting passwords and user names into sites controlled by the cybercriminals.

Levity, or For the LULZ?

Seen recently on a wall across the street from the Argentine Central Bank, in Buenos Aires was the wall art below. Is this a warning from Anonymous, or just someone using their symbols for other purposes?

Argie Anon?

Coming Events:

Call For Papers:


by Ira Victor, G2700, GCFA, GPCI, GSEC, ISACA CGEIT CRISC. Ira Victor is a forensic analyst with Data Clone Labs, He is also Co-Host of CyberJungle Radio, the news and talk on security, privacy and the law. Ira is President of Sierra-Nevada InfraGard, and a member of The High Tech Crime Investigator's Association (HTCIA). Follow Ira's security and forensics tweets: @ira_victor.