Guest User


a guest
Nov 17th, 2011
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.94 KB | None | 0 0
  1. I'll just leave this here.
  3. #fuckfrifriday
  5. --
  7. Subject: [iacis-l] contact
  8. Date: Thu, 10 Nov 2011 10:08:30 -0600
  9. From: Brian mize <>
  10. Reply-To:
  11. To:
  12. All,
  14. Does anyone have a contact with A hacker recently posted info on this site. It appears they use Domains by Proxy to register the domain.
  18. Thanks
  20. Brian Mize
  21. RCCEEG Forensic Examiner
  22. FBI Cyber Crime Task Force
  23. 314-889-4289
  25. --
  27. Subject: [iacis-l] Re: Sony PSN Contact & Info Request
  28. Date: Wed, 16 Nov 2011 15:07:52 -0800
  29. From: Mark Posler <>
  30. Reply-To:
  31. To:
  32. Hi Shane-
  33. This contact info was posted to the list last year for the Sony Playstation Network, don't know if it is still valid.
  34. Andy Lamoureux
  35. Security Supervisor
  36. 919 East Hillsdale Blvd.
  37. Foster City, California 94404
  38. Phone: (650) 655-5988
  39. Fax: (650) 655-8088
  40. E-mail:
  41. Good Luck! Mark
  42. --
  43. Special Agent Mark Posler [CFCE, EnCE]
  44. Oregon Department of Justice
  45. Internet Crimes Against Children Task Force
  46. Salem, Oregon USA
  48. On Wed, Nov 16, 2011 at 2:51 PM, Shane Derekson <> wrote:
  49. Good afternoon,
  51. I am seeking a LE contact person/number for the Sony Playstation Network. I am also curious as to what account information they retain, and what I need to be asking for. Feel free to contact me off-list.
  53. Thank you,
  56. Special Deputy Shane Derekson
  57. Marion County Sheriff's Office
  58. Salem, OR
  59. 503.566.6998
  62. --
  64. Subject: Re: [IACIS-L] Rebutting the wireless hacker defense
  65. Date: Fri, 17 Aug 2007 12:19:42 -0400
  66. From: Greg Norman <>
  67. Reply-To:
  68. To:
  69. Jimmy,
  70. Okay, let's say that all is true. The SW needed to be executed on
  71. that house if for no other reason than to obtain the wireless router.
  72. Logging may have been turned on, and if it was it would tell us what
  73. computer IPs the router was assigning and what corresponding MACs are
  74. listed. Since we are there and because of exigent circumstances we
  75. need to seize all computers on the property to exclude them as being
  76. the culprit machine.
  77. This is just an idea off the top of my head.
  78. Later,
  79. Greg
  80. Gregory N. Norman, CFCE
  81. Digital Evidence Examiner
  82. U.S. Army Criminal Investigation Laboratory
  83. 4930 North 31st St
  84. Forest Park, GA 30297-5205
  85. (404) 469-3490; DSN 797-3490
  87. On 8/16/07, Weg, Jimmy <> wrote:
  88. >
  89. >
  90. > I've been asked to help in a case where an agent obtained a search warrant
  91. > based upon a P2P investigation in which a semi-static IP (cable) was traced
  92. > to the suspect's account. Prior to the search, no one swept the area for a
  93. > wireless signal, but that's not unusual. The defense points out that the
  94. > suspect could have had a wireless network linking any number of machines to
  95. > a router and ultmately the cable modem. True. More importantly, they claim
  96. > that anyone could have accessed the modem through a hijacked signal, used
  97. > the suspect's IP, employed LimeWire to offer c-p, and have led the agents to
  98. > the right account, but wrong location. In sum, the defense states that the
  99. > SW application was misleading for not pointing out those possibilities, and
  100. > that there really wasn't PC to search the home.
  101. >
  102. > This seems kind of straightforward, but maybe I'm naive. Regardless,
  103. > suggestions are always helpful. It seems to me that the bottom line is that
  104. > you can't prove a negative. Martians could have hijacked the IP. I'd argue
  105. > that we knew that the homeowner had the account. We also knew that the
  106. > cable access is physically connected to the house. So, I think there's PC
  107. > to search the house, as it's very likely that a computer inside the house
  108. > accessed the Net through the modem (IP). Still, we've all heard of cases in
  109. > which a signal was in fact stolen leading to a search of the wrong computer.
  110. > There's also the argument that an unencrypted access point is asking for
  111. > trouble. If the defense argument flies, should it be a practice to sweep
  112. > for signals (not capturing content) before applying for any SW based on
  113. > traced an IP? Even that isn't fail safe. Thanks.
  114. >
  115. > Jimmy Weg, CFCE
  116. > Agent in Charge, Computer Crime Unit
  117. > Montana Division of Criminal Investigation
  118. > 2225 11th Ave.
  119. > Helena, MT 59601
  120. > 406.444.6681
  121. > 406.439.6185 (cell)
  122. >
  123. >
  124. --
  127. On 1/11/11 9:54 PM, wrote:
  128. > I use Digital DNA and other HB Gary products on a daily basis. Digital DNA is a product made by HB Gary. You can purchase it as a bundle with Responder Pro and Fast Dump Pro (its not cheap). It basically looks at a live memory image and assesses the behavior traits of objects found running in memory. It gives a score based on the severity of the behavior. It is not always correct and produces more fa
  129. lse hits than positive. It will rank some objects it finds as severe simply because it is often used in certain malicious code. However much of what it ranks high is also used in legitimate processes. Its the new "Push Button" memory examiner tool. You still need to thoroughly research what was ranked high and see if it is actually legitimate or malicious.
  130. >
  131. > In general signature analysis of malware is dead. Scanning a box with Norton, McAfee or other basic virus detection software can miss up to 80% of the malware used by experienced hackers (aka. The Advanced Persistent Threat). Mandiant published a paper about the APT last year. Its a good read for those new to memory analysis and how hackers are stealing data. HB Gary's website is also good and contain
  132. s several papers about memory analysis and their tools. If a hacker is good he can design code that changes, sleeps or hooks legitimate code and the basic virus detection applications will never find it. On the other hand -- simply because an expensive software says a specific object exhibits malware behavior does not mean its malicious. It still takes a detailed examination to assess the totality of th
  133. e circumstance.
  134. >
  135. > Get use to it -- live memory analysis will be a key aspect of future examinations. If you are not imaging live memory before you shut down a computer you are missing a great deal of potential evidence (P2P Search Criteria, Private Browsing Internet History, Passwords, Gmail Artifacts. etc).
  136. >
  137. > Rich Peacock
  138. > EnCE, CFCE, CEECS
  139. > Baltimore County Police Department
  140. > Detective - Vice / Narcotics Section (Retired)
  141. > Digital Analyst
  142. > DHS - Focused Operations Unit
Add Comment
Please, Sign In to add comment