I remember reading in an issue of 2600 The Hacker Quarterly magazine several years back about how easy it is to commit crime, without being noticed, by hacking poorly secured web sites.
Hacking is often viewed to be a safe, almost anonymous, type of crime that is often very hard to pin upon one individual.
Well, think again. Electronic actions leave electronic trails in many, many different areas that computer forensics experts, such as my friend Dr. Peter Stephenson, has taught about and written about in many different books and articles, such as in his great book, “Investigating Computer-Related Crime.” These trails can lead to the hackers.
Three cybercriminals learned this lesson very vividly this past week.
The U.S. Securities and Exchange Commission (SEC) reported in a May 31, 2007 statement that Oliver Peek must pay restitution of $13 million plus a $1.35 million fine, and co-defendant Lohus Haavel & Viisemann (LHV) must pay a $650,000 fine.
In August 2006, a final judgment was entered against a third defendent, Kristjan Lepik, a former partner of LHV.
The SEC charged that the defendants started hacking into the Business Wire web site starting in January 2005, and over an extended period of time stole over 360 confidential press releases issued by more than 200 companies in order to trade ahead of yet-to-be-made public news.
Wonder what vulnerability, or vulnerabilities, in the Business Wire site allowed for these long-term hacks to take place in the first place? Perhaps it involved an insider? Has Business Wire improved its web site security to help prevent this from happening again?
Tags: awareness and training, Business Wire, cybercrime, hacker, Information Security, IT compliance, policies and procedures, privacy, risk management, SEC, secure applications