Smoke 'em Out! presented at BlackHatDC 2007

by Rohyt Belani, Keith J. Jones,


Summary : Tracing a malicious insider is hard; proving their guilt even harder. In this talk, we will discuss the challenges faced by digital investigators in solving electronic crime committed by knowledgeable insiders. These challenges will be presented in light of three real world investigations conducted by the presenters. The focus of this talk will on the technicalities of the attacks, the motivation of the attackers, and the response techniques used by the investigators to solve the respective crimes.
The first case is the high-profile U.S. v Duronio trial, in which Keith Jones testified as the DoJ's computer forensics expert. Mr. Jones testified for over five days about how Mr. Duronio, a disgruntled employee, planted a logic bomb within UBS's network to render critical trading servers unusable. His testimony was key in the prosecution of the accused on charges of securities fraud and electronic crime. Mr. Jones will present the information as he did to the jury during this trial.
The second incident involved a recently fired employee at a large retail organization. The irked employee made his way from a store wireless network into the company's core credit card processing systems. The purpose of the attack was to malign the company's image by releasing the stolen data on the Internet. We will discuss the anatomy of the "hack", the vulnerabilities exploited along the way, and our sleepless nights in Miami honing in on the attacker.
The final case presented will focus on the technicalities of web browser forensics and how it facilitated the uncovering of critical electronic evidence that incriminated a wrong-doer, and more importantly freed an innocent systems administrator at a law firm from being terminated and facing legal music.
The common thread in all these casesa malicious insider!