This week’s Digital Forensic Case Leads takes us around the world. From a possible Anonymous waring in Latin America, to the report that the Chinese Government may be building in backdoors to networks across the globe. In the last few weeks there have been many announcements about the use of Near Field Communications (NFC) in the next generation of smartphones and tablets from all the major platform makers. Most of the press has been on digital wallets. But, many believe we will see use of NFC for multi-factor authentication, physical access control, and more. If that happens, look for NFC to be a factor in DFIR. Since NFC an RFID-based technology, be sure to read the paper co-authored by Dr. Hal Berghel on RFID security in this week’s Good Reads.
- Registry Decoder 1.3 has been released. Registry Decoder, an open source tool that automates the acquisition, analysis, and reporting of Microsoft Windows registry contents.
- Version 1.4 of the Simple File Parser (SFP) has been released. SFP is extremely light-weight (it is less than 300KB) easy to use Windows-based GUI tool for parsing multiple Windows forensic artefacts.
- Introducing RedBorder IPS, a new Ruby on Rails based Open Source project around Snort, built as a big extension to Snorby.
- The well-known digital forensic tool Autopsy announces 3.0 beta 4 release
- The OISF development team is proud to announce Suricata 1.3. Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation. Download the new release here.
- We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency by Parmy Olson
- Is the Chinese Government Backdooring Networks Globally? Interview on CyberJungle Radio by the author of this week’s posting. Large implications for DFIR.
- Malware Analysis: Unpacking SimplePack
- There have been a large number of announcements around Near Field Communications (NFC) in smartphones, tablets and other devices. NFC is a subset of RFID. Dr. Hal Berghel co-authored a paper on RFID Security that is an excellent resource as we enter into the age of NFC
From the SJMercury News: “More than 400,000 Yahoo [cleartext] usernames and passwords were stolen and published on the Web, putting other websites at risk as well, after hackers exploited a [SQL] vulnerability in Yahoo’s computer systems. Some logins for Google (GOOG), AOL and Microsoft services were among those compromised. The three companies said they required affected users to reset passwords for sites including Gmail, AOL, Hotmail, MSN and Live.com “
From The Bankinfosecurity.com: “A federal appeals court has reversed a lower court’s ruling in the ACH/wire fraud dispute between PATCO Construction Inc. and the former Ocean Bank, now People’s United. In a decision issued July 3, the First Circuit Court of Appeals in Boston ruled in favor of PATCO, reversing a district court’s 2011 judgment that favored the bank, and further recommended that the two parties pursue an out-of-court settlement of the case. The 43-page ruling describes the bank’s security procedures as “commercially unreasonable,” saying the institution should have detected and stopped the fraudulent transactions that drained more than $500,000 from PATCO’s commercial account in 2009.”
From The Wall Street Journal: “With cybercriminals a greater threat to small businesses than ever before, more entrepreneurs like Lloyd Keilson are left asking themselves who is to blame for hacking attacks that drain their business accounts. In May, Lifestyle Forms & Displays Inc., a mannequin maker and importer led by the 65-year-old Mr. Keilson, had $1.2 million wiped out of its bank accounts in just hours through online transactions. The theft from the Brooklyn, N.Y., company, which has about 100 employees, wasn’t an isolated incident.”
From FBI : Cybercriminals Faces Up To 50 Years For Role In $1.5 Million Scam; Convicted of defrauding customers of Chase, Bank of America, and payroll provider ADP. Attackers are accused of using “evil twin” web sites to trick victims into putting passwords and user names into sites controlled by the cybercriminals.
Levity, or For the LULZ?
Seen recently on a wall across the street from the Argentine Central Bank, in Buenos Aires was the wall art below. Is this a warning from Anonymous, or just someone using their symbols for other purposes?
- BLackhat USA – Las Vegas, NV – July 21 – 26, 2012
- DEF CON 20 – Las Vegas, NV – July 26 – 29, 2012
- Sans San Francisco 2012 – San Francisco, CA – July 30 – Aug 06, 2012
- DFRWS 2012 Conference – Washington, DC – Aug 05 – 08, 2012
- SANS Boston 2012 – Boston, MA – Aug 06 – 11, 2012
- USENIX Security ’12 – Bellevue, WA – Aug 06 – 10, 2012
- 7th USENIX Workshop on Hot Topics in Security (HOTSEC ’12) – Bellevue, WA – Aug 07, 2012
- 2012 Malware Technical Exchange Meeting (Security Clearance Required) – El Segundo, CA – Aug 14 – 16, 2012
- 7th ARES conference (ARES 2012) – Prague, Czech Republic – Aug 20 – 24, 2012
- First International Workshop on Security Ontologies and Taxonomies (SecOnT 2012) – University of Economics, Prague, Czech Republic – Aug 20 – 24, 2012
- SANS Virginia Beach – Virginia Beach, VA – Aug 20 – 31, 2012
- SANS Crystal City – Arlington, VA – Sep 06 – 11, 2012
- European Symposium on Research in Computer Security – Pisa, Italy – Sep 10 – 12, 2012
- 15th International Symposium on Research in Attacks, Intrusions and Defenses – Vrije Universiteit, Amsterdam, The Netherlands – Sep 12 – 14, 2012
- HTCIA International Conference & Training Expo – Hershey, PA – Sep 16 – 19, 2012
- SANS Network Security 2012 – Las Vegas, NV – Sep 16 – 24, 2012
- VirusBulletin 2012 – Dallas, TX – Sep 26 – 28, 2012
- GrrCon – Grand Rapids, MI – Sep 27 – 28, 2012
Call For Papers:
- DoD Cybercrime Conference 2013 – Due July 20, 2012
- 7th International Conference on Legal, Security and Privacy Issues in IT Law – Due Aug 25 , 2012
- 2012 secau Security Congress – Due Sep 30, 2012
by Ira Victor, G2700, GCFA, GPCI, GSEC, ISACA CGEIT CRISC. Ira Victor is a forensic analyst with Data Clone Labs, He is also Co-Host of CyberJungle Radio, the news and talk on security, privacy and the law. Ira is President of Sierra-Nevada InfraGard, and a member of The High Tech Crime Investigator’s Association (HTCIA). Follow Ira’s security and forensics tweets: @ira_victor.