Endpoint
6/24/2011
01:22 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Former College Kid's Guilty Plea To Hacking Highlights Low-Tech DB Theft

Defendants targeted university's databases of faculty, staff, alumni, and student information, and financial accounts with a social engineering scheme that used poisoned USBs, phishing emails

A former University of Central Missouri (UCM) student this week copped a guilty plea to computer hacking and fraud charges in a case that security experts believe stands as a testament to how low the barrier to entry has fallen for stealing database information and committing financial fraud.

Daniel Fowler admitted to a U.S. magistrate judge to a scheme in which he and alleged co-conspirator Joseph Camp used the SpectorPro and Poison Ivy keylogger malware kits to help infect machines across the UCM campus in 2009. Under federal statutes, Fowler is subject to a sentence of up to 15 years in federal prison without parole, plus a fine of up to $500,000 and an order of restitution. Camp is still awaiting trial.

"The defendants obtained, or attempted to obtain, access to portions of the computer network which would allow them to change grades, view and download large databases of faculty, staff, alumni and student information, and transfer money to their student accounts," read the indictment against Fowler and Camp. "The defendants additionally sought to profit from these computer intrusions."

Investigators reported that Fowler used a number of different methods to get his hands on sensitive data and accounts capable of adding cash to his student account. In some cases, he and Camp would offer to show vacation photos to fellow students using a USB drive laden with malware. They also manually installed malware on public computers in the library and computer labs. Additionally, the suspects sent email messages promising vacation photos with the malware embedded in attachments. The malware would then give them access to files on victims' computers and keystroke information to gather credentials to more sensitive systems within the university's network.

"This is a very straightforward hacking process -- there is nothing horrendously sophisticated about it," says Rob Rachwald, director of security strategy at Imperva. "It follows the standard procedure of spreading some malware, getting the credentials, and then stealing the goods. It's what happens on the black market every day. It is just a new innovation because it is a way of taking the cookie-cutter template to a different target."

While the scheme does involve the infiltration of expensive university systems, security expert Mike Murray, managing partner at MAD Security, says that Fowler hardly deserves any props as a master hacker. He says this is where common crime is trending these days as the prevalence of hacking software floods the black market.

"It's funny that this is a 'hacking' story because really it is just an opportunity story. It's not like the kid had any skills from what I can tell," Murray says. "He used an off-the-shelf rootkit and walked around with a USB key."

According to Murray, there are no endpoint protections that can ultimately solve the social engineering problems posed by criminals like Fowler. As a society, we just have to get used to this new era of computer-based crime by getting street smart about these issues.

There is hope, though: Even within this case, there are signs that some people's thinking is starting to evolve. At one point, Fowler tried to get the university president's secretary to plug in a USB device into the president's computer with the pretext that Fowler's lawyer needed the president to look at some documents on the USB stick. She was spooked and refused to do so.

"Long-term, it's not a technology issue. The technology just enables the criminal in the same way that a crowbar enables a criminal breaking into your car," Murray says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1421
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

CVE-2013-2105
Published: 2014-04-22
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

CVE-2013-2187
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVE-2013-4116
Published: 2014-04-22
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

CVE-2013-4472
Published: 2014-04-22
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Best of the Web