Slashdot Mirror

← Back to Stories (view on slashdot.org)

How the FBI and Secret Service Know Your Network Has Been Breached Before You Do

Posted by Soulskill on from the they-care-before-it-impacts-your-bottom-line dept.

coondoggie writes "By all accounts, many of the massive data breaches in the news these days are first revealed to the victims by law enforcement: the Secret Service and Federal Bureau of Investigation. But how do the agencies figure it out before the companies know they have been breached, especially given the millions companies spend on security and their intense focus on compliance? The agencies do the one thing companies don't do. They attack the problem from the other end by looking for evidence that a crime has been committed. Agents go undercover in criminal forums where stolen payment cards, customer data and propriety information are sold. They monitor suspects and sometimes get court permission to break into password-protected enclaves where cyber-criminals lurk."

8 of 72 comments (clear)

  1. NSA by just_another_sean · · Score: 5, Funny

    And here I thought the answer was the NSA tells them and they know because they have root access to these systems.

    The fact that it's actually through real police efforts actually makes me feel a tiny bit better.

    --
    Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
    1. Re:NSA by ackthpt · · Score: 5, Funny

      And here I thought the answer was the NSA tells them and they know because they have root access to these systems.

      The fact that it's actually through real police efforts actually makes me feel a tiny bit better.

      The NSA is watching you. The FBI is watching the NSA. The Secret service is watching the FBI. The CIA is watching the Secret Service. And of course the NSA is also watching the CIA.

      What we have here, is a Conga Line of people in trench coats and fedoras, wearing Ray Ban sunglasses and using headphones, HUD displays or binoculars.

      I'd pay to see that, but if I did they'd have to kill me.

      --

      A feeling of having made the same mistake before: Deja Foobar
    2. Re:NSA by TheCarp · · Score: 3, Informative

      Perhaps you are not familiar with "Parallel Construction": http://en.wikipedia.org/wiki/P...

      I would expect that if that were the answer, that it would never be the answer.

      --
      "I opened my eyes, and everything went dark again"
  2. HOW DO THE FBI KNOW FIRST? by Jeremiah+Cornelius · · Score: 3, Insightful

    They set it all up...

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  3. Sometimes... by Anonymous Coward · · Score: 3, Funny

    "...and sometimes get court permission to break into..."

    Hehe... lawl

  4. Trolling the Internet by hermitdev · · Score: 5, Insightful

    Law enforcement is very actively trolling the Internet to discover things, he says.

    Funny, I'd be happier if they were trawling the internet for info instead of trolling.

  5. I'm sure the NSA Will delete this soon...... by Anonymous Coward · · Score: 5, Funny


       

  6. Here's how I found out.... by SethJohnson · · Score: 4, Interesting

    Back in 2005, I had a personal blog site defaced. I didn't even know it had happened.

    The way I spotted the issue was through an open terminal window that was tailing the apache access log. I'd glance at it every once in a while as traffic trickled over the blog. I saw a request come in from the PENTAGON domain. I thought it was odd because my blog was about skateboarding and didn't think it would be of interest to anyone working at the Pentagon. I looked at the referrer and it was a site I was unfamiliar with: http://www.zone-h.org/.

    So I browsed over to that server and saw that the page linking to my site was a list of defaced sites. Then I checked my own homepage and sure enough, Wordpress had been compromised by an exploit and someone had posted an article on the front page.

    So, it seems like someone at the pentagon had a script scraping the defacement indexing sites and was then visiting each affected server and scraping that. Never got an email or phone call or anything.

    --
    $5 / month hosted VPS on linux = awesome!