Project 1 Case Analysis

CCJS321

The two cases I have chosen to analyze for Project One is the Max Ray Butler aka “Iceman” cybercrime case and the Albert Gonzalez cybercrime case. I have chosen these two cases because they both had significant impact on the computer forensics field. Both of these cybercrimes are similar in nature because both deal in credit card and identity theft on the grandest scale. Max Ray Butler and Albert Gonzalez were brought to justice after many years of a cyber-forensic investigation that went through a network of multiple U.S. agencies; including the FBI, US Secret Service and US-CERT (United States Computer Emergency Readiness Team) a Department of Homeland Security who were all networked together at the National Computer Forensic Training Academy in Pittsburg, Pennsylvania. Both of these men were given the longest prison sentences ever handed out by a judge for computer crimes of their notoriety and magnitude. Finally, they both set a blue print for digital forensic investigators of the proper procedures to follow in order to capture future want-to-be crime lords.
Max Butler aka “Iceman” was a white-hat hacker that went rogue. His story is that, “he was a good hacker hired by the government to test the security of one of their websites, while doing that job he installed a backdoor to their system that would allow him to come in later so he could make some fixes to the system on his own time. Well of course this second part of the story is illegal and so he goes to jail for 18 months. While in jail, he meets another inmate who introduces him to an ex-con on the outside. This second man fronts the cash for him to start his hacking skills again to make enough to where he never has to do it again. There lies the fall, never tells a hacker, he never has to do it again. It was once reported that the “Iceman” had become the Wal-Mart for all stolen credit cards and identities because he had knocked his competition out of the market.” One of the steps that helped put him away was that the National Computer Forensic Training Academy had started a “chain of custody” that they needed in order to locate, capture and then obtain a conviction in the courtroom (Pg. 65.) At the time when the investigation started the FBI did not know who they were tracking or where they were tracking them to, the evidence still needed to be collected, cataloged and stored so that when it finally did go to trial the verdict was guilty. It took a lot of effort to bring this anonymous hacker to justice. Max would move often using wireless access points that he would hi-jack into order to do his hacking. He was virtually untraceable, making it hard for forensic investigators to place him at the keyboard. In examining the evidentiary process, as it is found Chapter one of the National Institute of Justice. (2004). Forensic Examination of Digital Evidence, “Policy and Procedure Development” is the homework phase in making sure that they were able to secure a conviction. This includes that each of the personnel get up to date training on the most up-to-date cybersecurity techniques available. It was the US-CERT that had broken Max Butlers encryption on his computers when they finally did find his personal stash of computers in his raid. Max did not think they would be able to break his encryption but using proper evidence collection techniques, they were able to find more than 1,000,000 stolen credit card numbers inside his computer. With this information, they were able to put Max Butler away for a long time, which at the time of his sentencing was the longest for any cybercrime committed at the time, which was 13 years in federal prison and restitution payment of $27.5 million according to the Department of Justice Cybercrime.gov website.

Albert Gonzalez story is another credit card & identity theft scam like Max Butler with the exception that Mr. Gonzalez was previously an informant with the US Secret Service. Albert Gonzalez also had a crew of hackers unlike the Iceman where he was pretty much a 1-man operation when it came to the hacking side. Albert’s crew would actually go and search for targets on the street by looking for open or low security wireless access points or wardriving. There is nothing illegal about wardriving, until you cross over onto someone else’s private network. This is what they did except they did it with corporations; TJMaxx was one of their biggest. I can remember when this story broke the news for the first time. It was a shock to the non-tech savvy world to say the least. People were scared to shop at TJMaxx, and their sister stores. One thing that was able to make him so successful was his previous connections to the underworld as an informant. Then he had one of his crew write a “sniffer program that would capture credit card data, social security numbers, and any other personal information that it was programmed to look for and then it would simply and quietly report back to the designated location”, which in this case turned out to be offshore servers. Huge stores of this information would be downloaded all over the world to these offshore locations. This is one of the things that eventually lead to his downfall as it was discovered by the government but they did not know who to track the source of the program. One of the interesting things I found about the Gonzalez crime is how he was able to control his crew when he himself used to be an informant. I have not found anything to report that he told his crew that he was the original informant but in the end, they all talked to make better deals for themselves

Both of these cases had huge repercussions throughout the business community because of how huge of a reported loss it was and how long it went on undetected. If it could happen to these businesses, could it also happen at my bank or credit union? Because of these two cases is when Congress and the people started getting tough on businesses for not having safer online policies and security practices. Many corporations used to think of cybersecurity as an afterthought to their online awareness. Now they have to prove that they had safe practices in the event of a breach under the Gramm-Leach-Bliley (GLB) Act (Pg. 11.) In conclusion, both of these cases made major businesses and small businesses realize the importance for cybersecurity. They also let it be known how vulnerable our financial institutions were at the time. In this regard as long as we keep having technology, advancements there will always be that criminal element that chooses to exploit the advancements for financial gains or other ill-conceived gains. As long as this is the case then it is equally important for digital forensic techniques to keep pace with this advance technology.

References:
Department of Justice. (2012). Speeches By The US Attorney: Remarks of the Honorable David J. Hickton United States attorney for the Western District of Pennsylvania at the 2012 cybersecurity conference. Retrieved from http://www.justice.gov/usao/paw/djh_cybersecurity_conference.html
National Institute of Justice. (2004). Forensic Examination of Digital Evidence: A guide for law enforcement. Retrieved February 24th, 2013. from https://www.ncjrs.gov/pdffiles1/nij/199408.pdf Poulsen K. (2008). One Hacker's Audacious Plan to Rule the Black Market in Stolen Credit Cards. Retrieved Feburary 24th, 2013 from http://www.wired.com/techbiz/people/magazine/17-01/ff_max_butler?currentPage=all
Solomon, M. G., Rudolph, K., Tittel, E., Broom, N., & Barrett, D. (2011). Computer Forensics
Jumpstart. 2nd ed. Indianapolis: Wiley Publishing, Inc.