Monday, 16 July 2012

Pacific North West cybercrime trio sentenced for $3m hacking spree via WiFi and malware


The Seattle Times has reported on the final nail in the coffin of a Pacific North West hacking trio, with the third and final member of the group being sentenced by the court.
The three men, Joshuah Allen Witt, 35, John Earl Griffin, 36, and Brad Eugene Lowe, 39, have all now been given stiff prison terms. Lowe picked up the lightest sentence, with six-and-a-half years, whilst Witt and Griffin were sent down for nearly eight years each.
They attacked companies both externally - bywardriving and looking for poorly-protected corporate WiFi connections - and internally - by breaking in and installing keyloggers on company computers. (It's much easier to infect a PC if you do it deliberately!)
There are two lessons to be learned here.

The first lesson is to make sure you get your WiFi security right - at work and at home. We've written up some simple guidelines before to help you do the right thing.
To summarise, here are three things which do not provide WiFi security. Two of them provide a touch of safety against inadvertent connections, but none of these protect you against wardrivers:
WEP encryption. The security system in WEP (Wired Equivalent Privacy) is flawed and can easily and automatically be cracked. A wardriver will bypass WEP in 60 seconds - and that includes the time taken to park outside your office and boot up his laptop. Use WPA instead.
MAC address filtering. MAC (Media Access Control) addresses aren't secret. WiFi networks broadcast the MAC addresses of all currently-connected devices, so a wardriver already has a list of addresses he can use.
SSID hiding. The SSID (Service Set identifier) is your network name. Hiding it merely means your network doesn't openly advertise itself for use. But it isn't a secret - the SSID appears in other network traffic anyway, so the wardriver knows what it is.
The second lesson is to be doubly vigilant after a physical break-in. Don't just look for what's missing, but what might have been left behind.
(That's the same sort of lesson we should all learn from the recent DNS Changer excitement.)
Cybercrooks who have physical access to your network can install malware on your computers, connect hardware keylogging devices to your keyboards, and even stash rogue wireless access points behind the furniture.
Just what the crooks were after in this case is clear: money.
They're said to have netted $3 million, raiding company bank accounts and even, it seems, modifying database records to steal directly from the payroll.
The crooks will now have years to regret their actions. Sadly, so too will the companies whose finances were plundered.
by Paul Ducklin on July 16, 2012 |
The images of imprisoned hands, the little red "X for Noooo!", and the stylised WiFi antenna on the main page are courtesy of Shutterstock.

No comments:

Post a Comment