Anatomy of a Security Breach

In recent Information Security news, The Wall Street Journal reported on the upcoming trial of an alleged botnet master. The trial is in progress now. It is not often that we get a look at the details of a computer security breach, but in this case at least some details are in the docket of the Eastern District of NY. I have downloaded the original complaint of US v. Gasperini here. The accusations include violations of the Computer Fraud and Abuse Act, Wire Fraud, Conspiracy to Commit Wire Fraud, and Conspiracy to Commit Money Laundering. All of these acts were allegedly undertaken in a click fraud scheme. If you want to understand the details of these accusations, I uploaded the judge s jury directions here.The defendant allegedly hacked into QNAP NAS devices using the Shellshock vulnerability and downloaded click fraud software. This is a network device that many people will not patch regularly. Unfortunately, the court transcripts don t describe how he got past firewall security….

*** This is a Security Bloggers Network syndicated blog from Security Connections authored by Fred Scholl. Read the original post at: