Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- I'll just leave this here.
- #fuckfrifriday
- --
- Subject: [iacis-l] pastebin.com contact
- Date: Thu, 10 Nov 2011 10:08:30 -0600
- From: Brian mize <brian.mize@gmail.com>
- Reply-To: iacis-l@cops.org
- To: iacis-l@cops.org
- All,
- Does anyone have a contact with pastebin.com? A hacker recently posted info on this site. It appears they use Domains by Proxy to register the domain.
- http://www.reuters.com/article/2011/11/10/us-protests-hacking-stlouis-idUSTRE7A90C420111110
- Thanks
- Brian Mize
- RCCEEG Forensic Examiner
- FBI Cyber Crime Task Force
- 314-889-4289
- --
- Subject: [iacis-l] Re: Sony PSN Contact & Info Request
- Date: Wed, 16 Nov 2011 15:07:52 -0800
- From: Mark Posler <cpd835@gmail.com>
- Reply-To: iacis-l@cops.org
- To: iacis-l@cops.org
- Hi Shane-
- This contact info was posted to the list last year for the Sony Playstation Network, don't know if it is still valid.
- Andy Lamoureux
- Security Supervisor
- 919 East Hillsdale Blvd.
- Foster City, California 94404
- Phone: (650) 655-5988
- Fax: (650) 655-8088
- E-mail: Andy_Lamoureux@Playstation.Sony.com
- Good Luck! Mark
- --
- Special Agent Mark Posler [CFCE, EnCE]
- Oregon Department of Justice
- Internet Crimes Against Children Task Force
- Salem, Oregon USA
- posler@cops.org
- On Wed, Nov 16, 2011 at 2:51 PM, Shane Derekson <Sderekson@co.marion.or.us> wrote:
- Good afternoon,
- I am seeking a LE contact person/number for the Sony Playstation Network. I am also curious as to what account information they retain, and what I need to be asking for. Feel free to contact me off-list.
- Thank you,
- Special Deputy Shane Derekson
- Marion County Sheriff's Office
- Salem, OR
- 503.566.6998
- sderekson@co.marion.or.us
- --
- Subject: Re: [IACIS-L] Rebutting the wireless hacker defense
- Date: Fri, 17 Aug 2007 12:19:42 -0400
- From: Greg Norman <photodiver7@gmail.com>
- Reply-To: iacis-l@cops.org
- To: iacis-l@cops.org
- Jimmy,
- Okay, let's say that all is true. The SW needed to be executed on
- that house if for no other reason than to obtain the wireless router.
- Logging may have been turned on, and if it was it would tell us what
- computer IPs the router was assigning and what corresponding MACs are
- listed. Since we are there and because of exigent circumstances we
- need to seize all computers on the property to exclude them as being
- the culprit machine.
- This is just an idea off the top of my head.
- Later,
- Greg
- Gregory N. Norman, CFCE
- Digital Evidence Examiner
- U.S. Army Criminal Investigation Laboratory
- 4930 North 31st St
- Forest Park, GA 30297-5205
- (404) 469-3490; DSN 797-3490
- gregory.n.norman@us.army.mil
- On 8/16/07, Weg, Jimmy <jweg@mt.gov> wrote:
- >
- >
- > I've been asked to help in a case where an agent obtained a search warrant
- > based upon a P2P investigation in which a semi-static IP (cable) was traced
- > to the suspect's account. Prior to the search, no one swept the area for a
- > wireless signal, but that's not unusual. The defense points out that the
- > suspect could have had a wireless network linking any number of machines to
- > a router and ultmately the cable modem. True. More importantly, they claim
- > that anyone could have accessed the modem through a hijacked signal, used
- > the suspect's IP, employed LimeWire to offer c-p, and have led the agents to
- > the right account, but wrong location. In sum, the defense states that the
- > SW application was misleading for not pointing out those possibilities, and
- > that there really wasn't PC to search the home.
- >
- > This seems kind of straightforward, but maybe I'm naive. Regardless,
- > suggestions are always helpful. It seems to me that the bottom line is that
- > you can't prove a negative. Martians could have hijacked the IP. I'd argue
- > that we knew that the homeowner had the account. We also knew that the
- > cable access is physically connected to the house. So, I think there's PC
- > to search the house, as it's very likely that a computer inside the house
- > accessed the Net through the modem (IP). Still, we've all heard of cases in
- > which a signal was in fact stolen leading to a search of the wrong computer.
- > There's also the argument that an unencrypted access point is asking for
- > trouble. If the defense argument flies, should it be a practice to sweep
- > for signals (not capturing content) before applying for any SW based on
- > traced an IP? Even that isn't fail safe. Thanks.
- >
- > Jimmy Weg, CFCE
- > Agent in Charge, Computer Crime Unit
- > Montana Division of Criminal Investigation
- > 2225 11th Ave.
- > Helena, MT 59601
- > 406.444.6681
- > 406.439.6185 (cell)
- > jweg@mt.gov
- >
- --
- On 1/11/11 9:54 PM, R1PEACOCK@aol.com wrote:
- > I use Digital DNA and other HB Gary products on a daily basis. Digital DNA is a product made by HB Gary. You can purchase it as a bundle with Responder Pro and Fast Dump Pro (its not cheap). It basically looks at a live memory image and assesses the behavior traits of objects found running in memory. It gives a score based on the severity of the behavior. It is not always correct and produces more fa
- lse hits than positive. It will rank some objects it finds as severe simply because it is often used in certain malicious code. However much of what it ranks high is also used in legitimate processes. Its the new "Push Button" memory examiner tool. You still need to thoroughly research what was ranked high and see if it is actually legitimate or malicious.
- >
- > In general signature analysis of malware is dead. Scanning a box with Norton, McAfee or other basic virus detection software can miss up to 80% of the malware used by experienced hackers (aka. The Advanced Persistent Threat). Mandiant published a paper about the APT last year. Its a good read for those new to memory analysis and how hackers are stealing data. HB Gary's website is also good and contain
- s several papers about memory analysis and their tools. If a hacker is good he can design code that changes, sleeps or hooks legitimate code and the basic virus detection applications will never find it. On the other hand -- simply because an expensive software says a specific object exhibits malware behavior does not mean its malicious. It still takes a detailed examination to assess the totality of th
- e circumstance.
- >
- > Get use to it -- live memory analysis will be a key aspect of future examinations. If you are not imaging live memory before you shut down a computer you are missing a great deal of potential evidence (P2P Search Criteria, Private Browsing Internet History, Passwords, Gmail Artifacts. etc).
- >
- > Rich Peacock
- > EnCE, CFCE, CEECS
- > Baltimore County Police Department
- > Detective - Vice / Narcotics Section (Retired)
- > Digital Analyst
- > DHS - Focused Operations Unit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement