Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security Government

How the FBI and Secret Service Know Your Network Has Been Breached Before You Do 72

Posted by Soulskill
from the they-care-before-it-impacts-your-bottom-line dept.
coondoggie writes "By all accounts, many of the massive data breaches in the news these days are first revealed to the victims by law enforcement: the Secret Service and Federal Bureau of Investigation. But how do the agencies figure it out before the companies know they have been breached, especially given the millions companies spend on security and their intense focus on compliance? The agencies do the one thing companies don't do. They attack the problem from the other end by looking for evidence that a crime has been committed. Agents go undercover in criminal forums where stolen payment cards, customer data and propriety information are sold. They monitor suspects and sometimes get court permission to break into password-protected enclaves where cyber-criminals lurk."
This discussion has been archived. No new comments can be posted.

How the FBI and Secret Service Know Your Network Has Been Breached Before You Do

Comments Filter:
  • by SethJohnson (112166) on Friday March 28, 2014 @03:03PM (#46605295) Homepage Journal
    Back in 2005, I had a personal blog site defaced. I didn't even know it had happened.

    The way I spotted the issue was through an open terminal window that was tailing the apache access log. I'd glance at it every once in a while as traffic trickled over the blog. I saw a request come in from the PENTAGON domain. I thought it was odd because my blog was about skateboarding and didn't think it would be of interest to anyone working at the Pentagon. I looked at the referrer and it was a site I was unfamiliar with: http://www.zone-h.org/.

    So I browsed over to that server and saw that the page linking to my site was a list of defaced sites. Then I checked my own homepage and sure enough, Wordpress had been compromised by an exploit and someone had posted an article on the front page.

    So, it seems like someone at the pentagon had a script scraping the defacement indexing sites and was then visiting each affected server and scraping that. Never got an email or phone call or anything.

"Most of us, when all is said and done, like what we like and make up reasons for it afterwards." -- Soren F. Petersen

Working...