[Clips] To Catch Crooks In Cyberspace, FBI Goes Global
Tyler Durden
camera_lumina at hotmail.com
Tue Nov 21 07:15:42 PST 2006
Damn. I still think its pretty f*cked up that the FBI can grab somebody
overeseas because Microsoft made a shitty product.
-TD
>From: "R.A. Hettinga" <rah at shipwright.com>
>To: cypherpunks at jfet.org
>Subject: [Clips] To Catch Crooks In Cyberspace, FBI Goes Global
>Date: Tue, 21 Nov 2006 07:17:23 -0500
>
>Pick a horseman, any horseman...
>
>Cheers,
>RAH
>
>--- begin forwarded text
>
>
> Delivered-To: rah at shipwright.com
> Delivered-To: clips at philodox.com
> Date: Tue, 21 Nov 2006 07:03:30 -0500
> To: Philodox Clips List <clips at philodox.com>
> From: "R.A. Hettinga" <rah at shipwright.com>
> Subject: [Clips] To Catch Crooks In Cyberspace, FBI Goes Global
> Reply-To: clips-chat at philodox.com
> Sender: clips-bounces at philodox.com
>
> <http://online.wsj.com/article_print/SB116406726611228873.html>
>
> The Wall Street Journal
>
>
> PAGE ONE
>
>
> Criminal Network
> To Catch Crooks
> In Cyberspace,
> FBI Goes Global
> Agency Works With Police
> In Foreign Countries
> To Track Down Hackers
> Zeroing In on the Zotob Worm
>
> By CASSELL BRYAN-LOW
>
> November 21, 2006; Page A1
>
> ANKARA, Turkey -- On Aug. 16, 2005, a CNN television news bulletin
>alerted
> viewers that computers at the network's New York and Atlanta offices
>were
> infected with a new virus called Zotob. Soon, U.S. companies from coast
>to
> coast were hit.
>
> Halfway around the world, two young computer hackers in Turkey and
>Morocco
> got spooked by the ensuing media coverage, but mocked the ability of
> authorities to track them down. "They can't find me," wrote Atilla
>Ekici, a
> 23-year-old Turk, in an email to his accomplice, a 19-year-old Moroccan
> called Farid Essebar. "Ha, ha, ha," replied Mr. Essebar.
>
> The U.S. Federal Bureau of Investigation, however, was already hot on
>their
> trail. The 98-year-old FBI, which has traditionally focused on domestic
> crime, is extending its reach beyond U.S. borders and boosting
>cooperation
> with other law-enforcement agencies in pursuit of cybercriminals, much
>as
> the agency has done in tracking down terrorists overseas.
>
> The shift reflects the global nature of computer crimes, which include
> unleashing viruses, worms and other rogue programs onto victims'
>computers
> to disrupt them or steal information. As electronic borders between
> countries blur, hackers in one nation can easily commit crimes against
> individuals, corporations and governments on the other side of the
>world.
>
> The FBI now ranks cybercrime as its third priority behind terrorism and
> espionage. Computer-based crimes caused $14.2 billion in damages to
> businesses around the globe in 2005, including the cost of repairing
> systems and lost business, estimates Irvine, Calif., research firm
>Computer
> Economics.
>
> Building relationships with police in other countries is "the only way
>we
> are going to effectively get a handle on the problem," says Christopher
> Painter, deputy chief of the Justice Department's Computer Crime
>Section.
>
> The FBI is running into limits fighting international computer crime.
> Cybercrooks remain difficult to pinpoint in part because hackers can
>hide
> their tracks by commandeering computers from afar and routing their
> activities through machines dotted around the world.
>
> Even when the agency does find suspects overseas, local authorities
> sometimes lack the resources or laws to prosecute. In its pursuit of
> LoveBug, one of the first big international computer viruses, which
>spread
> around the world in 2000, the FBI located its creator in the
>Philippines.
> But he was never charged because local laws didn't specify the virus
> writer's activities as illegal at the time.
>
> "The criminal community is winning," says Nicholas Ianelli, a security
> analyst at the CERT Coordination Center at Carnegie Mellon University, a
> federally funded group that coordinates responses to computer-security
> incidents.
>
> But the agency is making some headway, thanks partly to a diplomatic
> offensive to enlist help from foreign agencies. It now has about 150
>agents
> deployed in some 56 offices around the world, including in Iraq and
>China,
> which deal with computer intrusions, as well as terrorism and other
>crimes.
> That has grown from about a dozen offices in the early 1990s.
>
>
> During the past two years or so, the FBI has also built up Cyber Action
> Teams, or CATs -- a group of about 25 people that includes agents,
>computer
> forensic experts and specialists in computer code, according to David
> Thomas, the deputy assistant director of the FBI's science and
>technology
> branch. Establishing the team has taken longer than expected, in part
> because of the challenges of hiring people with the right skills, Mr.
> Thomas says.
>
> Earlier this month, the FBI announced the arrest of at least 16
>individuals
> involved in a credit-card theft scam as part of an investigation
>spanning
> the U.S., Poland and Romania. As part of the probe, the FBI temporarily
> posted several agents with Polish and Romanian police to assist with
> surveillance and information sharing.
>
> Some overseas police agencies have noticed the change. The FBI is "much
> more open to interaction" than it was even a few years ago, says Kevin
> Zuccato, director of the Australian federal police's high-tech crime
> center. One FBI agent is even embedded full-time with Australia's
>high-tech
> crime center. Usually, FBI agents are posted within U.S. embassies and
> consulates abroad.
>
> Police in other countries can also get touchy about defending their turf
> from outsiders, just as a local beat cop in the U.S. might resent
> interference from the FBI on a murder case. In 2002, Russian police
>accused
> an FBI agent with computer hacking after the agent seized evidence
>against
> two Russian hackers by downloading data from their computers in Russia
> without approval from local authorities. Russia hasn't pursued the
>charges,
> however, and the agent is still at the FBI. The two countries since then
> have worked on several cybercrime cases.
>
> The FBI's overseas push is still a long way from winning the borderless
> battle against cybercrime. But as the tale of the Zotob virus shows, the
> agency is scoring some victories.
>
> By Sunday Aug. 14, 2005, the FBI and antivirus software companies
>noticed
> that a virus called Zotob had started to spread. The virus infected
> computers by taking advantage of a weakness in some versions of
>Microsoft
> Corp.'s popular Windows operating system, causing them to slow or reboot
> repeatedly.
>
> But that wasn't all: Zotob opened a door for other malicious software to
>be
> installed, such as "key-logging" programs that record what a PC user
>types
> into a keyboard -- a way to snatch credit-card numbers and other
> information that is sold to criminal gangs. Zotob hit some 100,000
> companies or more, some analysts estimate, including Time Warner Inc.'s
>CNN
> division and New York Times Co.
>
>
> Even before the virus became famous by attacking CNN's computers, FBI
>Agent
> Erkan Chase and his colleagues were tracking the code. They discovered
>that
> the Zotob computer program had a signature line "by Diabl0". Mr. Chase,
>a
> 41-year-old former New York cop, recalled the nickname from another
>virus
> that he had started monitoring earlier in the year, called Mytob. That
> suggested the same person created both viruses.
>
> Mr. Chase, who was overseeing the FBI's Cyber Action Teams at the time,
> checked in with the FBI's U.S. field offices and found that agents in
> Seattle had opened an investigation into Diabl0 after Mytob hit, linking
> him to an email account at Microsoft in nearby Redmond, Wash. With
>search
> warrants served on the software giant, Mr. Chase and his colleagues
> obtained emails between Diabl0 and another suspect using the nickname
> "Coder." They also received subscriber information and other evidence
> indicating the two were using computers in Morocco and Turkey,
>respectively.
>
> In their email traffic, the tone of the hackers became cautious after
>media
> coverage of the virus, especially a local report in Turkey that
>authorities
> believed one of the hackers might be living there. The two suspects
> discussed whether to take precautions by getting rid of the evidence, by
> wiping or ditching their computer hard drives.
>
> That raised the pressure on Mr. Chase to act quickly and try to arrest
>the
> two young men before it was too late. "We had to respond pretty quickly
> because we didn't want to get out there and find there was no evidence,"
>he
> said.
>
> Late afternoon on Aug. 18, 2005, just days after the virus hit, the head
>of
> the Turkish national police's cybercrime unit, Omer Tekeli, received a
>call
> from the U.S. Embassy in Ankara asking for help. The FBI teams only
>travel
> overseas at the behest of local authorities and don't have special
>powers
> to make arrests, but can offer technical and investigative assistance.
>
> Mr. Tekeli agreed, and later that same day, an FBI agent from the
>Seattle
> office called to brief Turkish police on the details, including
>information
> they had gathered on Coder, Mr. Tekeli says. Mr. Tekeli's team soon
> identified Coder as Mr. Ekici, a farmer's son who had taught himself
>about
> computers at Internet cafes. Turkish authorities already knew of Mr.
>Ekici
> from an earlier investigation into a gang of credit-card thieves. Among
> other details, the FBI provided an email address for Coder that included
> part of Mr. Ekici's name as well as the equivalent of digital
>fingerprints
> that linked Coder's computer with Mr. Ekici's home address.
>
> On Aug. 21, a week after noticing the virus, Mr. Chase left with a team
>of
> about a dozen people for Morocco and Turkey, flying in an FBI Learjet.
>The
> fact that Mr. Chase, whose mother is Turkish, spoke some of the local
> language helped smooth the process. After dropping half the group in the
> Moroccan capital of Rabat, Mr. Chase landed in Ankara, Turkey.
>
> At the sparsely furnished offices of Turkey's cybercrime police, the FBI
> team handed over evidence they had obtained about the suspects from
> Microsoft and about 25 pages of analysis of the malicious code. FBI
> engineers gave a roughly hour-long presentation on how the code worked,
> complete with slides. In Rabat, meanwhile, emails provided by the FBI
> enabled Moroccan authorities to locate Diabl0 -- Mr. Essebar -- as well
>as
> an accomplice. Emails typically carry a unique set of numbers, known as
>an
> Internet protocol address, which identifies each computer connected to
>the
> Internet. Moroccan police were able to obtain the name and contact
>details
> associated with the Internet protocol addresses received from the FBI
>from
> a local Internet service provider.
>
> The FBI's documents also helped local authorities swiftly secure arrest
>and
> search warrants. Concerned that the arrest of one suspect would tip off
>the
> others, Mr. Chase helped the two countries coordinate the raids. In the
> early hours of Aug. 25, Turkish police officers surrounded Mr. Ekici's
>home
> and took him into custody. About 2,000 miles away in Rabat, police moved
>in
> on Mr. Essebar and his accomplice. The FBI wasn't invited to be present
>at
> either of the arrests. Turkish and Moroccan authorities say that is
>because
> only local police are allowed to charge suspects under the respective
> national laws.
>
> Mr. Ekici in Turkey had disposed of his computer hard drive so Turkish
> investigators weren't able to gather much evidence from his machine. But
> Mr. Essebar in Morocco only reformatted his hard drive, which wipes out
> files but let the Moroccan police's computer specialists recover most of
> them because copies often still exist.
>
> Among the finds were copies of the code itself and other information
> identifying Mr. Essebar as Zotob's author. Police also found emails
>between
> Diabl0 and Coder discussing Zotob as well as the numbers of about 1,600
> stolen credit cards.
>
> In parallel, FBI specialists worked off a copy of the hard drive,
>searching
> for relevant emails and writing a piece of computer code on the fly to
>help
> them analyze the program. "We were able to use that information from
> Morocco and give it to Turkish authorities to further [their]
> investigation," says Mr. Chase.
>
> In September of this year, a Rabat court sentenced Mr. Essebar, a
> Russian-born Moroccan national, to two years in prison for
>virus-writing,
> illegal access to computers and conspiracy to commit credit-card fraud.
>The
> court also sentenced his 21-year-old accomplice to one year in prison
>for
> conspiracy to commit fraud. A lawyer for Mr. Essebar couldn't be
>reached.
> At the time of the sentencing, news service Agence France Presse cited a
> lawyer for the defendants saying they planned to appeal.
>
> Authorities allege Mr. Ekici, whom they believe met Mr. Essebar at a Web
> site for credit-card fraudsters, was responsible for disseminating the
> Zotob worm and intended to use it to steal financial information. But
>they
> say it is unclear whether he had time to swipe any information or profit
> from it given the speed with which they were able to arrest him, less
>than
> two weeks after the worm first spread.
>
> The trial of Mr. Ekici, whom Turkish authorities have charged with
> unauthorized access to computers and disseminating a virus, continues in
> Turkey. He couldn't be reached for comment.
>
> The Zotob case marked the first time foreign law enforcement has come to
> Turkey to assist in a cybercrime investigation, says Mr. Tekeli, the
> cybercrime unit chief in Turkey. Without the FBI's help, the
>investigation
> "would have been more difficult and more time consuming," he says. Hakim
> Aarab, an engineer in the Moroccan police's computer division, says
>because
> of the borderless nature of cybercrime, "international collaboration is
>an
> obligation, it's not an option."
>
> --
> -----------------
> R. A. Hettinga <mailto: rah at ibuc.com>
> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
> 44 Farquhar Street, Boston, MA 02131 USA
> "... however it may deserve respect for its usefulness and antiquity,
> [predicting the end of the world] has not been found agreeable to
> experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
> _______________________________________________
> Clips mailing list
> Clips at philodox.com
> http://www.philodox.com/mailman/listinfo/clips
>
>--- end forwarded text
>
>
>--
>-----------------
>R. A. Hettinga <mailto: rah at ibuc.com>
>The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
>44 Farquhar Street, Boston, MA 02131 USA
>"... however it may deserve respect for its usefulness and antiquity,
>[predicting the end of the world] has not been found agreeable to
>experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
_________________________________________________________________
All-in-one security and maintenance for your PC. Get a free 90-day trial!
http://clk.atdmt.com/MSN/go/msnnkwlo0050000002msn/direct/01/?href=http://clk.atdmt.com/MSN/go/msnnkwlo0050000001msn/direct/01/?href=http://www.windowsonecare.com/?sc_cid=msn_hotmail
More information about the cypherpunks-legacy
mailing list