Slashdot Mirror
How the FBI and Secret Service Know Your Network Has Been Breached Before You Do
coondoggie writes "By all accounts, many of the massive data breaches in the news these days are first revealed to the victims by law enforcement: the Secret Service and Federal Bureau of Investigation. But how do the agencies figure it out before the companies know they have been breached, especially given the millions companies spend on security and their intense focus on compliance? The agencies do the one thing companies don't do. They attack the problem from the other end by looking for evidence that a crime has been committed. Agents go undercover in criminal forums where stolen payment cards, customer data and propriety information are sold. They monitor suspects and sometimes get court permission to break into password-protected enclaves where cyber-criminals lurk."
And here I thought the answer was the NSA tells them and they know because they have root access to these systems.
The fact that it's actually through real police efforts actually makes me feel a tiny bit better.
Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
They set it all up...
"Flyin' in just a sweet place,
Never been known to fail..."
"...and sometimes get court permission to break into..."
Hehe... lawl
Law enforcement is very actively trolling the Internet to discover things, he says.
Funny, I'd be happier if they were trawling the internet for info instead of trolling.
Yep, that happened sometime around RSA generating not so random numbers. And all the money spent by store fronts on encryption for POS systems was fraud because we the people cannot have encryption unless it is broken. Looking back on some of the people in my life I do not doubt subtlety, resources or intellect of a criminal.
Back in 2005, I had a personal blog site defaced. I didn't even know it had happened.
The way I spotted the issue was through an open terminal window that was tailing the apache access log. I'd glance at it every once in a while as traffic trickled over the blog. I saw a request come in from the PENTAGON domain. I thought it was odd because my blog was about skateboarding and didn't think it would be of interest to anyone working at the Pentagon. I looked at the referrer and it was a site I was unfamiliar with: http://www.zone-h.org/.
So I browsed over to that server and saw that the page linking to my site was a list of defaced sites. Then I checked my own homepage and sure enough, Wordpress had been compromised by an exploit and someone had posted an article on the front page.
So, it seems like someone at the pentagon had a script scraping the defacement indexing sites and was then visiting each affected server and scraping that. Never got an email or phone call or anything.
$5 / month hosted VPS on linux = awesome!
If you infiltrate, say, Target's internal network and POS systems, you aren't going to use them for a botnet and tip your hand.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
I've talked to security guys from two big name companies, they both work in large departments. I have absolutely no question that a department of > 5 people costs more than a million dollars per year.
Shouldn't Congress be doing some watching of its own?
The only things members of Congress monitor are polls, donations and any move by their opposition they think they can leverage. To expect congress to do anything other than score personal points seems naïve.
A feeling of having made the same mistake before: Deja Foobar