From: InfoSec News (isnc4i.org)
Date: Thu Sep 25 2003 - 04:02:06 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: William Knowles <wkc4i.org>

http://www.centredaily.com/mld/centredaily/news/6839620.htm

BY GINA BARTON
Milwaukee Journal Sentinel
Sept. 23, 2003

MILWAUKEE, Wis. - (KRT) - Barry J. Fibiger of Sheboygan, Wis., came
face to face with police on the waterfront in Virginia Beach, Va.

According to a court document quoting law enforcement officials,
Fibiger was "soft-spoken, cooperative and polite" when they confronted
him beside the ocean in October 2002. He was "very calm and spoke very
softly" and didn't struggle when they took him into custody.

Fibiger, 35, told police he'd come to Virginia to kill himself. In a
suicide note left behind in Wisconsin, Fibiger had willed his computer
to his father. He'd used the Dell 8200 in ways that had gotten him
indicted on federal charges of wire fraud, mail fraud and
counterfeiting.

The charges against Fibiger were the result of a recent national
crackdown on Internet fraud known as "Operation E-Con," initiated by
Attorney General John Ashcroft.

Over the past three years, consumer fraud cases involving the Internet
have increased steadily, according to the Federal Trade Commission. In
2002, nearly half of the 218,000 fraud complaints received by the FTC
were Internet-related.

In Wisconsin, four FBI agents in Milwaukee and six others throughout
the state make up a cybercrime squad whose sole purpose is battling
online bad guys.

They recently received a grant from the national FBI headquarters to
form a cyber task force here, which will consist of members from
federal, state and local law enforcement agencies. The task force will
allow computer criminals to be investigated and prosecuted more
efficiently and is expected to be up and running by the end of the
year, said FBI Special Agent Matt Petersen.

"This thing is growing by leaps and bounds. We're constantly
recruiting people with computer skills," said FBI Special Agent
Michael Johnson, who is in charge of the specialized squad.

Fibiger has pleaded guilty to four federal felonies and is scheduled
to be sentenced next month. He faces a maximum possible penalty of 20
years in prison and fines of $1 million.

Federal officials first zeroed in on Fibiger due to a referral from
the Internet Fraud Complaint Center, a national Department of Justice
clearinghouse that tracks complaints and refers them to the
appropriate authorities.

Prosecutors say he set up several online stores. There, he advertised
Palm Pilots, hand-held computers and other electronic equipment.
Consumers placed orders and sent payment through the online services
PayPal and PayByCheck, but they never received the merchandise,
according to court documents.

---

Cases such as Fibiger's are just the tip of the iceberg, Johnson said.

"There's now crime over the Internet that didn't exist 10 years ago,"
he said.

One of the most common types is computer intrusion. Some people guilty
of this offense have legitimate reasons to be working within a system
but overstep their bounds. Some - such as Chad Davis - aren't entitled
to access but create it for themselves, anyway.

Davis, a follower of convicted computer felon Joseph Konopka, dubbed
"Dr. Chaos," hacked into the U.S. Army's computer system, Petersen
said. There, he defaced the Web site to let people know it had been
cracked by "Mindfazer," his nickname. He also went to other servers to
look at personnel and other records, Petersen said.

The investigation into Davis' crimes began with log files, computer
records of who comes into the system and when. Most hackers know how
to hide their presence by modifying these files. But the Army had a
second set in place, which was operated by a different server. Davis
didn't know about the backup log files, so he didn't erase himself
from them, Petersen said.

The log files led authorities back to a Green Bay, Wis., Internet
service provider. Davis, who lived in the area, became a suspect
because he already was under investigation for prior computer crimes,
Petersen said. His name wasn't attached to an account at the Green Bay
company, so authorities placed him under surveillance. They spotted
him "Dumpster diving" in the alley behind the business and later
learned he had retrieved e-mail addresses, passwords and other client
information from the trash.

A review of phone records revealed Davis' telephone number attached to
the account of a bowling alley called Mr. Ten Pin. He had accessed the
Internet at the exact same time the Army Web site had been
compromised, Petersen said.

FBI agents served a search warrant, then arrested Davis, now 23. He
confessed a few days later, Petersen said. He later pleaded guilty to
one count of computer fraud and was sentenced to six months in prison
and three years of supervised release.

Davis' main motivations were mischief and bragging rights, Petersen
said. But other computer criminals have more nefarious motives. Some
seek out personal identification, then use it to get credit cards in
the names of unwitting consumers.

Some make their way into computer-based corporate telephone systems
and make thousands of dollars in long-distance calls. Some trade in
child pornography.

"We get a lot of complaints from ex-girlfriends," Johnson said. "Or we
seize the computer for some other reason and find this stuff."

Petersen, who analyzes the hard drives of every computer seized in a
Milwaukee FBI case, said he spends 40 percent to 60 percent of his
time on child pornography investigations. The state Division of
Criminal Investigation also focuses substantial energy on them,
Johnson said.

Computer crimes of every type pose numerous challenges for law
enforcement, Petersen said. Some businesses turn off log files, not
knowing they can be among an investigator's best resources. Those that
are activated re-write themselves every 30 days to save space on the
hard drive, so authorities always are working against the clock. Some
people take over numerous systems before they cause trouble, and it's
hard to trace where the hacker began. Cybercrime investigations also
tend to be solitary pursuits, leaving an agent alone with a hard
drive, a list of phone records or a file of computer code.

The cybercrime problem isn't going away anytime soon.

"The trend is that it's increasing. It's gaining in notoriety,"
Petersen said.

---

Protection

To protect yourself against computer crime:

DO Change factory preset passwords Shred documents containing personal
information before throwing them away Obtain copies of your credit
report periodically to check for unauthorized charges

DON'T Give out personal information in response to a pop-up ad Give
out personal information over wireless services or cordless phones
Give out bank account numbers or send money to someone you "meet" in a
chat room or via e-mail

 
*==============================================================*
"Communications without intelligence is noise; Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]