Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.
  • Residence:
  • County:
  • Country:
Cyber Security Incident Response
Management & Architecture of Cyber Security Teams
Solutions & Coaching
  • Cyber Security Incident Response
  • Management & Architecture of Cyber Security Teams
  • Solutions
  • Training & Coaching

Not all cybercriminals are sophisticated

March 3, 2021

Some perpetrators of on-line crime and fraud don’t use superior strategies to revenue on the expense of unsuspecting victims and to keep away from getting caught

Whereas loads of media protection facilities on how risk actors have gotten higher at evading seize and usually deploy ever extra refined methods, I wished to inform a narrative the place one legal particularly was something however refined.

Earlier than I joined ESET, I spent 14 years working in the UK police force working predominantly within the Cyber Crime Unit and the Digital Forensics Unit (beforehand referred to as the Excessive-Tech Crime Unit. My job on this unit was to find any type of proof left on digital units, from laptops to telephones, in an effort to then current such proof in a report back to the decide, jury and courtroom. I’d use quite a lot of forensic instruments and have to search out proof that will help investigations from fraud to homicide.

Again in 2011 I wanted to purchase a laptop computer however determined to purchase a second-hand one utilizing eBay. As at all times with any new buy, I performed numerous analysis and knew what I wished beforehand. I discovered an HP laptop computer that I wished being bought on the positioning by a vendor who had a very good vendor ranking and had bought related laptops and devices within the current previous. I positioned my bid and got here out on high successful the merchandise for somewhat over £210. I paid by PayPal for ease of use and added safety and entered my supply handle.

As a result of reality I used to be within the workplace between 0800 and 1700 throughout the week, I used the police station as my supply handle so deliveries may very well be signed for simply by the entrance desk. Moreover, I favored utilizing the police station as my corresponding handle simply in case I used to be ever dealing with a criminal and subsequently, I assumed this specific handle of the regulation would considerably put anybody off sending out stolen items. Particularly as my handle appeared like this with the phrases “Excessive-Tech Crime Unit” in there:

Mr J Moore 6408
Excessive-Tech Crime Unit
Ferndown Police Station
Ameysford Highway
BH22 9HQ

Oh, how flawed I used to be!

A number of days later I acquired a telephone name from the station reception stating that they had simply signed for a package deal in my identify. I nipped down to gather it and there was a brown package deal, badly taped along with a poorly scribbled identify and handle on it. I rapidly opened it up and true to the vendor’s phrase, there was the HP laptop computer inside, as marketed. Phew. No bricks.

I then proceeded to activate my new gadget solely to be met with the next go surfing display for a “sarah”.

Initially, I checked the advert once more to see if I had missed something. Possibly I had not seen that the wording within the description had acknowledged that I’d be met with this example. Nope.

I then checked the vendor’s identify once more to verify he wasn’t referred to as Sarah – though he may have been promoting it on behalf of a Sarah – so I made a decision to contact him through eBay to verify if he was certain that he had despatched me the right merchandise. I used to be met with silence.

It then dawned on me that this laptop computer may actually be stolen. However certainly nobody would ship a stolen laptop computer to the “Excessive-Tech Crime Unit” at a police station?! Refined? I believed this required extra digging.

RELATED READING: Common eBay scams and how to avoid them

At my disposal I had numerous instruments to have a look at computer systems forensically, so I made a decision to research my new laptop computer. I eliminated the exhausting disk drive and plugged it into my workstation through a Tableau Forensic Bridge (Steerage Software program) to protect the proof and successfully triage the drive. I used the digital forensics software program EnCase, which simply enabled me to view the folder construction together with all of the paperwork and recordsdata. I used to be additionally in a position to bypass Home windows 7 passwords by imaging the drive.

I went to the “Paperwork” folder and looked for any clues as to who the laptop computer actually belonged to. I quickly positioned just a few Phrase paperwork regarding a Sarah however when I discovered her CV, I used to be in a position to find extra info on her. In her CV was her handle and cellular quantity. Her handle was not too removed from the vendor’s handle, so this nonetheless stood as much as the likelihood that he was promoting it on behalf of somebody, however I felt compelled to verify together with her as I now had her telephone quantity.

I rang the telephone quantity and a really quaint, shy voice answered. I instantly informed her my identify and the place I used to be from and requested her to not panic. She informed me that her identify was Sarah and that she did certainly stay the place her CV acknowledged. I requested her if she had just lately bought or misplaced any objects to which she replied by telling me her home had been damaged right into a month in the past and her laptop computer, digital digicam and jewelry have been all stolen. I requested her to finest describe her laptop computer and naturally I used to be staring proper at it. She was naturally relieved to know she would get it again and I mentioned I’d organize for it to be reunited together with her after I had gone by means of the suitable channels.

As this laptop computer had been stolen in one other county about 100 miles away, I contacted my counterparts in Wiltshire Police and informed them the occasions of the previous few hours. They have been clearly excited to know the way by sheer luck I had stumbled upon this laptop computer after which they requested me for the vendor’s handle. I forwarded all my info and the subsequent morning a workforce was deployed to arrest the occupiers of the handle I had given.

On the handle, police discovered not solely Sarah’s digicam and jewelry, however one in every of Wiltshire’s most prolific handlers of stolen items surrounded by what was described as a “treasure trove” of the county’s stolen items from months of burglaries.

I additionally contacted eBay and inside a month I used to be reimbursed on PayPal for the mishap. After this escapade, I additionally determined to purchase a model new laptop computer from one other retailer. Nevertheless, each time I hear of “refined” cybercriminals I now additionally consider this story.

Posted in SecurityTags:
Write a comment