How the FBI and Secret Service Know Your Network Has Been Breached Before You Do 72
coondoggie writes "By all accounts, many of the massive data breaches in the news these days are first revealed to the victims by law enforcement: the Secret Service and Federal Bureau of Investigation. But how do the agencies figure it out before the companies know they have been breached, especially given the millions companies spend on security and their intense focus on compliance? The agencies do the one thing companies don't do. They attack the problem from the other end by looking for evidence that a crime has been committed. Agents go undercover in criminal forums where stolen payment cards, customer data and propriety information are sold. They monitor suspects and sometimes get court permission to break into password-protected enclaves where cyber-criminals lurk."
NSA (Score:5, Funny)
And here I thought the answer was the NSA tells them and they know because they have root access to these systems.
The fact that it's actually through real police efforts actually makes me feel a tiny bit better.
HOW DO THE FBI KNOW FIRST? (Score:4, Insightful)
They set it all up...
Re: (Score:1)
'S what I was thinking. In at least some cases, it's because they took part in the crime.
Re: (Score:1)
But now we pay them more. It's for the children.
Re: (Score:1)
But now we pay them more. It's from the children.
FTFY
Re: (Score:1)
Re: (Score:2)
Viola? [wikipedia.org] I think you meant "voila" [wiktionary.org]
Re:NSA (Score:5, Funny)
And here I thought the answer was the NSA tells them and they know because they have root access to these systems.
The fact that it's actually through real police efforts actually makes me feel a tiny bit better.
The NSA is watching you. The FBI is watching the NSA. The Secret service is watching the FBI. The CIA is watching the Secret Service. And of course the NSA is also watching the CIA.
What we have here, is a Conga Line of people in trench coats and fedoras, wearing Ray Ban sunglasses and using headphones, HUD displays or binoculars.
I'd pay to see that, but if I did they'd have to kill me.
Re: (Score:2)
You don't have to pay anything, you can watch it, and you won't even have to die. Mostly to your specifications.
For your viewing pleasure: Feds Deconfliction [youtube.com]
Re: (Score:2)
I would pay my life for that. ;)
Shouldn't Congress be watching? (Score:1)
Shouldn't Congress be doing some watching of its own?
Re: (Score:3)
Shouldn't Congress be doing some watching of its own?
The only things members of Congress monitor are polls, donations and any move by their opposition they think they can leverage. To expect congress to do anything other than score personal points seems naïve.
Re: (Score:1)
Re: (Score:3)
If I'm not mistaken, this is basically how the British police have managed to keep corruption levels so low - one district polices another.
Spy Vs. Spy (Score:1)
Re: (Score:1)
They aren't watching each other.
They are giving each other a reach-around.
Re: (Score:2)
Seems like that would be an easier route.
Re:NSA (Score:4, Informative)
Perhaps you are not familiar with "Parallel Construction": http://en.wikipedia.org/wiki/P... [wikipedia.org]
I would expect that if that were the answer, that it would never be the answer.
Re: (Score:3)
And here I thought the answer was the NSA tells them and they know because they have root access to these systems.
The fact that it's actually through real police efforts actually makes me feel a tiny bit better.
Probably just parallel construction
Re: (Score:1)
I don't care who it is, government agency wise. If my network gets breached, and I get some type of warning, I will be VERY grateful.
This is what we Americans pay taxes for, so it is (IMHO) money well spent.
Re: (Score:2)
But what do you think gave them "the hunch" that so-and-so was the badguy and just so happened to have exactly the incriminating evidence they needed to bust him in folder XYZ in his "My Documents" folder?
"Police Work" is often just another term for collecting the evidence and creating the link from A to Z, after the fact, to justify the police's actions.
Sometimes... (Score:3, Funny)
"...and sometimes get court permission to break into..."
Hehe... lawl
Trolling the Internet (Score:5, Insightful)
Law enforcement is very actively trolling the Internet to discover things, he says.
Funny, I'd be happier if they were trawling the internet for info instead of trolling.
Re: (Score:2)
I've seen two news stories this week that made that mistake. It's going to be lose/loose all over again. *shudder*
Re: (Score:1)
"Trawling is a method of fishing that involves pulling a fishing net through the water behind one or more boats. The net that is used for trawling is called a trawl."
From Wikipedia.
The processor... (Score:1)
They have real time access to credit card processors and to all major credit cards, they had this long before so they can effectively track an individual under warrant by their spending, they can tell by time and usage if a number has been compromised. There was never a reason to penetrate the store front credit card processing environment so Dell, apology accepted for the "inconvenience" -jerks. These numbers they come across in their hacking endeavors should be flagged by the major credit cards and cred
Re: (Score:1)
Are you drunk? That read like it was written by a drunk person.
Re: (Score:1)
Well sure, only as much as you are truly anonymous... ;)
I'm sure the NSA Will delete this soon...... (Score:5, Funny)
Re: (Score:2)
Yep, that happened sometime around RSA generating not so random numbers. And all the money spent by store fronts on encryption for POS systems was fraud because we the people cannot have encryption unless it is broken. Looking back on some of the people in my life I do not doubt subtlety, resources or intellect of a criminal.
You're seriously asking that? (Score:2)
Really? Millions spent on 'compliance' ... are you new to the business world in general?
I can't think of a single business other than credit card processors and banks that ACTUALLY put EFFORT into security.
For pretty much everyone else, the standard is 'fix the breech after the fact that it happened'
The police know your car is stolen before you do if you're out of town and someone steals it to rob a bank.
When investigating crime, you generally follow the leads back to the source to find the perpetrator. T
Re: (Score:2)
Bingo, I saw, "...especially given the millions companies spend on security and their intense focus on compliance?" and laughed.
Re: (Score:2)
The word "millions" is misleading here. For a large company, and especially when you make it the plural "companies", this is the equivalent of saying "...especially given the pennies companies spend on security and their intense focus on compliance."
Individual users spend a larger portion of their income on a virus scanner than companies typically spend on security, even if that amount adds up to millions for the companies. Half the time this is true even of the computer security providers themselves.
Re: (Score:2)
Really? An average security employee probably costs $200k or more per year. If Target has 5 people working on network security they spend "millions" per year.
I would wager there are at least probably 1,000 developers actively working on corporate security every year. $200,000 * 1,000 people = $200m per year on security.
Re: (Score:3)
I've talked to security guys from two big name companies, they both work in large departments. I have absolutely no question that a department of > 5 people costs more than a million dollars per year.
Re: (Score:2)
If you infiltrate, say, Target's internal network and POS systems, you aren't going to use them for a botnet and tip your hand.
Really? (Score:2)
"get court permission"
Please... Like they ask for permission before doing stuff like that.
Here's how I found out.... (Score:5, Interesting)
The way I spotted the issue was through an open terminal window that was tailing the apache access log. I'd glance at it every once in a while as traffic trickled over the blog. I saw a request come in from the PENTAGON domain. I thought it was odd because my blog was about skateboarding and didn't think it would be of interest to anyone working at the Pentagon. I looked at the referrer and it was a site I was unfamiliar with: http://www.zone-h.org/.
So I browsed over to that server and saw that the page linking to my site was a list of defaced sites. Then I checked my own homepage and sure enough, Wordpress had been compromised by an exploit and someone had posted an article on the front page.
So, it seems like someone at the pentagon had a script scraping the defacement indexing sites and was then visiting each affected server and scraping that. Never got an email or phone call or anything.
Re: (Score:2)
Indeed, I've received notification from the FBI at $dayjob based on information they scraped from Shodan.
Specifically, it looked like they were looking for "siemens" anywhere in the results, and then sending out notifications, most likely intended for SCADA/Industrial Automation kind of gear. We just happen to have a handful of Siemens CPEs... because apparently they make DSL modems too?
Before I know on my network? Doubtful. (Score:2)
Some random guy who is 'a windows admin' (meaning he clicked next until Server was installed) ... yes, the FBI knows first because that douche doesn't have a clue.
99.9% of the admins on the planet are absolutely clueless. Being an 'admin' no longer means you know what you're doing, it now its just means anyone who can click next calls themselves an admin ... and as such, their networks are generally piles of crap.
Not a big deal (Score:2)
I'd much rather have the FBI/CIA/NSA hang around with all the miscreants than spying on individuals at large. Sure, there's an issue of what probable cause they have to participate in such forums. But its the same thing that they do when undercover cops hang around a bar and wait for some moron to come in and look for a hit man.
It would be nice if they'd give the owners of compromised networks a call once in a while to get them started making repairs.
Funniest line ever!!! (Score:1)
oh yeah (Score:1)
plus they have automated surveillance systems that:
1. track all IP connections for them, so they know who connects and to where.
2. all IP, SMTP, and HTTP, FTP and other protocols that aren't encrypted are being watched, so they know what is accessed and what information is sent to the server (GET/PUT/PUSH) requests.
3. All this is monitored because they have splits in the fiber and telecommunication system to passively monitor and record all traffic, 24/7.
On top of this, satellites and radar systems automate