Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Government

How the FBI and Secret Service Know Your Network Has Been Breached Before You Do 72

coondoggie writes "By all accounts, many of the massive data breaches in the news these days are first revealed to the victims by law enforcement: the Secret Service and Federal Bureau of Investigation. But how do the agencies figure it out before the companies know they have been breached, especially given the millions companies spend on security and their intense focus on compliance? The agencies do the one thing companies don't do. They attack the problem from the other end by looking for evidence that a crime has been committed. Agents go undercover in criminal forums where stolen payment cards, customer data and propriety information are sold. They monitor suspects and sometimes get court permission to break into password-protected enclaves where cyber-criminals lurk."
This discussion has been archived. No new comments can be posted.

How the FBI and Secret Service Know Your Network Has Been Breached Before You Do

Comments Filter:
  • NSA (Score:5, Funny)

    by just_another_sean ( 919159 ) on Friday March 28, 2014 @12:13PM (#46604273) Journal

    And here I thought the answer was the NSA tells them and they know because they have root access to these systems.

    The fact that it's actually through real police efforts actually makes me feel a tiny bit better.

    • by Jeremiah Cornelius ( 137 ) on Friday March 28, 2014 @12:22PM (#46604387) Homepage Journal

      They set it all up...

    • Re:NSA (Score:5, Funny)

      by ackthpt ( 218170 ) on Friday March 28, 2014 @12:30PM (#46604505) Homepage Journal

      And here I thought the answer was the NSA tells them and they know because they have root access to these systems.

      The fact that it's actually through real police efforts actually makes me feel a tiny bit better.

      The NSA is watching you. The FBI is watching the NSA. The Secret service is watching the FBI. The CIA is watching the Secret Service. And of course the NSA is also watching the CIA.

      What we have here, is a Conga Line of people in trench coats and fedoras, wearing Ray Ban sunglasses and using headphones, HUD displays or binoculars.

      I'd pay to see that, but if I did they'd have to kill me.

    • Seems like that would be an easier route.

    • Re:NSA (Score:4, Informative)

      by TheCarp ( 96830 ) <sjc@@@carpanet...net> on Friday March 28, 2014 @12:36PM (#46604567) Homepage

      Perhaps you are not familiar with "Parallel Construction": http://en.wikipedia.org/wiki/P... [wikipedia.org]

      I would expect that if that were the answer, that it would never be the answer.

    • by DarkOx ( 621550 )

      And here I thought the answer was the NSA tells them and they know because they have root access to these systems.

      The fact that it's actually through real police efforts actually makes me feel a tiny bit better.

      Probably just parallel construction

    • by Anonymous Coward

      I don't care who it is, government agency wise. If my network gets breached, and I get some type of warning, I will be VERY grateful.

      This is what we Americans pay taxes for, so it is (IMHO) money well spent.

    • by Marful ( 861873 )
      Of course "on paper" they actually did police work.

      But what do you think gave them "the hunch" that so-and-so was the badguy and just so happened to have exactly the incriminating evidence they needed to bust him in folder XYZ in his "My Documents" folder?

      "Police Work" is often just another term for collecting the evidence and creating the link from A to Z, after the fact, to justify the police's actions.
  • by Anonymous Coward on Friday March 28, 2014 @12:22PM (#46604403)

    "...and sometimes get court permission to break into..."

    Hehe... lawl

  • by hermitdev ( 2792385 ) on Friday March 28, 2014 @12:26PM (#46604461)

    Law enforcement is very actively trolling the Internet to discover things, he says.

    Funny, I'd be happier if they were trawling the internet for info instead of trolling.

    • by lgw ( 121541 )

      I've seen two news stories this week that made that mistake. It's going to be lose/loose all over again. *shudder*

  • They have real time access to credit card processors and to all major credit cards, they had this long before so they can effectively track an individual under warrant by their spending, they can tell by time and usage if a number has been compromised. There was never a reason to penetrate the store front credit card processing environment so Dell, apology accepted for the "inconvenience" -jerks. These numbers they come across in their hacking endeavors should be flagged by the major credit cards and cred

    • by Anonymous Coward

      Are you drunk? That read like it was written by a drunk person.

  • by Anonymous Coward on Friday March 28, 2014 @12:40PM (#46604617)


       

  • Really? Millions spent on 'compliance' ... are you new to the business world in general?

    I can't think of a single business other than credit card processors and banks that ACTUALLY put EFFORT into security.

    For pretty much everyone else, the standard is 'fix the breech after the fact that it happened'

    The police know your car is stolen before you do if you're out of town and someone steals it to rob a bank.

    When investigating crime, you generally follow the leads back to the source to find the perpetrator. T

    • by nexex ( 256614 )

      Bingo, I saw, "...especially given the millions companies spend on security and their intense focus on compliance?" and laughed.

      • The word "millions" is misleading here. For a large company, and especially when you make it the plural "companies", this is the equivalent of saying "...especially given the pennies companies spend on security and their intense focus on compliance."

        Individual users spend a larger portion of their income on a virus scanner than companies typically spend on security, even if that amount adds up to millions for the companies. Half the time this is true even of the computer security providers themselves.

      • Really? An average security employee probably costs $200k or more per year. If Target has 5 people working on network security they spend "millions" per year.

        I would wager there are at least probably 1,000 developers actively working on corporate security every year. $200,000 * 1,000 people = $200m per year on security.

    • I've talked to security guys from two big name companies, they both work in large departments. I have absolutely no question that a department of > 5 people costs more than a million dollars per year.

  • "get court permission"

    Please... Like they ask for permission before doing stuff like that.

  • by SethJohnson ( 112166 ) on Friday March 28, 2014 @02:03PM (#46605295) Homepage Journal
    Back in 2005, I had a personal blog site defaced. I didn't even know it had happened.

    The way I spotted the issue was through an open terminal window that was tailing the apache access log. I'd glance at it every once in a while as traffic trickled over the blog. I saw a request come in from the PENTAGON domain. I thought it was odd because my blog was about skateboarding and didn't think it would be of interest to anyone working at the Pentagon. I looked at the referrer and it was a site I was unfamiliar with: http://www.zone-h.org/.

    So I browsed over to that server and saw that the page linking to my site was a list of defaced sites. Then I checked my own homepage and sure enough, Wordpress had been compromised by an exploit and someone had posted an article on the front page.

    So, it seems like someone at the pentagon had a script scraping the defacement indexing sites and was then visiting each affected server and scraping that. Never got an email or phone call or anything.
    • Indeed, I've received notification from the FBI at $dayjob based on information they scraped from Shodan.
      Specifically, it looked like they were looking for "siemens" anywhere in the results, and then sending out notifications, most likely intended for SCADA/Industrial Automation kind of gear. We just happen to have a handful of Siemens CPEs... because apparently they make DSL modems too?

  • Some random guy who is 'a windows admin' (meaning he clicked next until Server was installed) ... yes, the FBI knows first because that douche doesn't have a clue.

    99.9% of the admins on the planet are absolutely clueless. Being an 'admin' no longer means you know what you're doing, it now its just means anyone who can click next calls themselves an admin ... and as such, their networks are generally piles of crap.

  • I'd much rather have the FBI/CIA/NSA hang around with all the miscreants than spying on individuals at large. Sure, there's an issue of what probable cause they have to participate in such forums. But its the same thing that they do when undercover cops hang around a bar and wait for some moron to come in and look for a hit man.

    It would be nice if they'd give the owners of compromised networks a call once in a while to get them started making repairs.

  • "especially given the millions companies spend on security and their intense focus on compliance" You wish! For 99% of company, network/computer security is on last tier priority list, even farther when you talk about investment... From a Network Security Specialist.
  • plus they have automated surveillance systems that:

    1. track all IP connections for them, so they know who connects and to where.
    2. all IP, SMTP, and HTTP, FTP and other protocols that aren't encrypted are being watched, so they know what is accessed and what information is sent to the server (GET/PUT/PUSH) requests.
    3. All this is monitored because they have splits in the fiber and telecommunication system to passively monitor and record all traffic, 24/7.

    On top of this, satellites and radar systems automate

Statistics are no substitute for judgement. -- Henry Clay

Working...