TANGLED WEB Tales of Digital Crime from the Shadows of Cyberspace RICHARD POWER A Division of Macmillan USA 201 West 103rd Street, Indianapolis, Indiana 46290 Tangled Web: Tales of Digital Crime Associate Publisher from the Shadows of Cyberspace Tracy Dunkelberger Copyright 2000 by Que Corporation Acquisitions Editor All rights reserved. No part of this book shall be reproduced, stored in a Kathryn Purdum retrieval system, or transmitted by any means, electronic, mechanical, pho- Development Editor tocopying, recording, or otherwise, without written permission from the Hugh Vandivier publisher. No patent liability is assumed with respect to the use of the infor- mation contained herein. Although every precaution has been taken in the Managing Editor preparation of this book, the publisher and author assume no responsibility Thomas Hayes for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. Project Editor International Standard Book Number: 0-7897-2443-x Tonya Simpson Library of Congress Catalog Card Number: 00-106209 Copy Editor Printed in the United States of America Michael Dietsch First Printing: September 2000 Indexer 02 01 00 4 3 2 Erika Millen Trademarks Proofreader Benjamin Berg All terms mentioned in this book that are known to be trademarks or ser- vice marks have been appropriately capitalized. Que Corporation cannot Team Coordinator attest to the accuracy of this information. Use of a term in this book should Vicki Harding not be regarded as affecting the validity of any trademark or service mark. Design Manager Warning and Disclaimer Sandra Schroeder Every effort has been made to make this book as complete and as accurate Cover Designer as possible, but no warranty or fitness is implied. The information provided Anne Jones is on an “as is” basis. The author and the publisher shall have neither liabil- ity nor responsibility to any person or entity with respect to any loss or Interior Designer damages arising from the information contained in this book. Trina Wurst Product Marketing Manager Amy Neidlinger Publicity Gardi Ipema Wilks Layout Technicians Ayanna Lacey Heather Hiatt Miller Stacey Richwine-DeRome Contents at a Glance Foreword xi I Crime, War, and Terror in the Information Age 1 1 Welcome to the Shadow Side of Cyberspace 3 2 Inside the Mind of the Cybercriminal 9 3 Been Down So Long It Looks Like Up To Me: The Extent and Scope of the Cybercrime Problem 21 4 Let It Bleed: The Cost of Computer Crime and Related Security Breaches 39 II Hackers, Crackers, and Virus Writers 53 5 Did the 1990s Begin with a Big Lie? 55 6 Joy Riders: Mischief That Leads to Mayhem 65 7 Grand Theft Data: Crackers and Cyber Bank Robbers 87 8 Hacktivists and Cybervandals 115 9 The $80 Million Lap Dance and the $10 Billion Love Letter 141 III Spies and Saboteurs 157 10 Corporate Spies: Trade Secret Theft in Cyberspace 159 11 Insiders: The Wrath of the Disgruntled Employee 179 12 Infowar and Cyberterror: The Sky Is Not Falling, But… 191 IV Muggers and Molesters in Cyberspace 213 13 Identity Theft 215 14 Child Pornography on the Internet 223 V The Defense of Cyberspace 229 15 Inside Fortune 500 Corporations 231 16 Inside Global Law Enforcement 249 17 Inside the U.S. Federal Government 263 18 Countermeasures 279 Epilogue: The Human Factor 313 VI Appendixes 325 Glossary 327 A U.S. Laws and International Treaties 339 B Excerpt from Criminal Affidavit in the Ardita Case 369 C Resources and Publications 387 Index 403 Table of Contents I Crime, War, and Terror System Penetration from the Outside in the Information Age 47 1 Unauthorized Access from the Inside 1 Welcome to the Shadow Side of 47 Cyberspace 3 Sabotage of Data or Network Types of Cybercrime 4 Operations 48 Types of Cybercriminals 6 Malicious Code 48 2 Inside the Mind of the Don’t Underestimate “Soft Costs” Cybercriminal 9 48 “Stereotyping Can Be Dangerous” 10 If We Can Quantify Losses, We Can “Intense Personal Problems” Are the Key Calculate ROI 50 13 3 Been Down So Long It Looks Like II Hackers, Crackers, and Up To Me: The Extent and Scope of Virus Writers 53 the Cybercrime Problem 21 5 Did the 1990s Begin with a Big Lie? The CSI/FBI Computer Crime and 55 Security Survey 22 The First Serious Infrastructure Attack? Whom We Asked 24 55 Outlaw Blues 26 Public Cyberenemy No. 1? 57 Types of Cyberattack 28 The Worms Crawl In, the Worms Crawl Out… 60 To Report or Not to Report 28 What the Morris Worm Did to The Truth Is Out There 32 Systems 61 A Note on Methodology 32 What the Morris Worm Relevant Data from Other Sources 33 Demonstrated 63 CERT/CC Statistics 33 Conclusion 64 Dan Farmer’s Internet Security 6 Joy Riders: Mischief That Leads to Survey 35 Mayhem 65 WarRoom Research’s Information The Rome Labs Case: Datastream Security Survey 35 Cowboy and Kuji Mix It Up with the U.S. Conclusions 38 Air Force 66 4 Let It Bleed: The Cost of Computer Investigators Wrestle with Legal Crime and Related Security Issues and Technical Limitations 68 Breaches 39 Datastream Cowboy’s Biggest How Do You Quantify Financial Losses Mistake 69 Due to Info Security Breaches? 44 Scotland Yard Closes in on You Can’t Fully Quantify the Loss if Datastream Cowboy 71 You Haven’t Valued the Resource 44 Kuji Hacks into Goddard Space Flight Center 72 Kuji Attempts to Hack NATO HQ 72 From Russia With Love: The Sad Tale Scotland Yard Knocks on Datastream of Ekaterina and Evygeny 100 Cowboy’s Door 73 The Phonemasters Case 102 Kuji’s Identity Is Finally Revealed 74 How the Phonemasters Almost Who Can Find the Bottom Line? 75 Blunder into Discovering the FBI’s Surveillance 105 HotterthanMojaveinmyheart: The Case of Julio Cesar Ardita 76 A “Dream Wiretap” Results in an Enormous Challenge 105 How the Search for “El Griton” Began 77 Quantifying the Financial Losses Proved Essential in Court 107 Ardita’s Biggest Mistake 79 “The Number You Have Reached Has No Ordinary Wiretap 80 Been Disconnected…” 113 Debriefing “El Griton” 80 8 Hacktivists and Cybervandals 115 The Solar Sunrise Case: Mak, Stimpy, Hackers Run Amok in “Cesspool of and Analyzer Give the DoD a Run for Its Greed” 116 Money 81 Schanot Goes Underground 120 Conclusion 85 Schanot’s Indictment and Capture 7 Grand Theft Data: Crackers and 121 Cyber Bank Robbers 87 How Schanot Rang Southwestern’s The Case of Carlos “SMAK” Salgado 88 Bell 122 Diary of a Computer Crime Attack of the Zombies 124 Investigation 88 Once Upon A Time, An Eerie Calm Don’t Underestimate Internet-Based Descended on Cyberspace… 125 Credit Card Theft 91 Blow by Blow 126 The Crest of an Electronic Commerce Crime Wave? 91 How DDoS Works 127 Citibank 92 Who Launched the Attacks and Why 127 Where Did It All Begin? How Did It Happen? 93 Aftermath 129 Misconceptions Dispelled 93 Calculating the Financial Impact 132 What It Took To Take Levin Down 95 The Moral of the Tale 133 You Don’t Know How Lucky You Are, 9 The $80 Million Lap Dance and the Boys…Back in the USSR: $10 Billion Love Letter 141 Unanswered Questions About The $80 Million Lap Dance 143 Megazoid and the Russian Mafia 99 “My Baby, She Wrote Me a Letter…” 148 vi TANGLED WEB III Spies and Saboteurs V The Defense of 157 Cyberspace 229 10 Corporate Spies: Trade Secret Theft 15 Inside Fortune 500 Corporations in Cyberspace 159 231 The Corporate World’s Dirty, Little, How to Structure Your Information Secret War 160 Security Unit 232 Some Real-World Tales of Economic Where Should Your Information Security Espionage 166 Unit Report? 238 Tit for Tat? State-Sponsored Economic 16 Inside Global Law Enforcement Espionage 169 249 EEA Sinks Its Teeth In 173 National Infrastructure Protection Center (NIPC) 250 11 Insiders: The Wrath of the Disgruntled Employee 179 The Role of Computer Analysis Types of Cyberattack by Insiders 179 Response Team (CART) 252 Oracle Scorned: The Unauthorized “Isn’t It Good, Norwegian Wood…” Access of Adelyn Lee 181 255 Omega Man: The Implosion of Tim Case Study in the Struggle Over Lloyd 183 Subscriber Data 257 12 Infowar and Cyberterror: The Sky U.S. Law Versus Norwegian Law Is Not Falling, But… 191 259 Cyberwar in Kosovo? 196 Council of Europe Floats a China, U.S., and Taiwan: Has Code War Cybercrime Treaty 260 Replaced Cold War? 200 17 Inside the U.S. Federal Government Storming the Digital Bastille 203 263 Inside the Pentagon 265 Helter Skelter in Cyberspace 204 What’s Going On in the Murky Waters at Digital Dirty Tricks and Cyber Plumbers Foggy Bottom? 268 208 FAA Secured on a Wing and a Prayer? Defensive Information Warfare 209 270 IV Muggers and Molesters Lessons Learned from the NASA Probe in Cyberspace 213 272 Is Something Nasty Floating in Your 13 Identity Theft 215 Alphabet Soup? 273 14 Child Pornography on the Internet 223 Harold Nicholson, Traitor 273 Do You Have Your Priorities Straight? Douglas Groat, Would-Be Traitor 225 274 John Deutch: A Good Man Blunders 274 King and Lipka, Traitors 276 Conclusion 276 CONTENTS vii 18 Countermeasures 279 B Excerpt from Criminal Affidavit in Organizational Issues 279 the Ardita Case 369 Risk Analysis 280 Efforts to Identify and Localize the Intruder Within the FAS Harvard Host Baseline Controls Versus Risk 372 Analysis 283 Real-Time Monitoring of the Intruder’s Sound Practices 284 Activities in November and December, Sixteen Sound Practices Learned 1995 376 from Leading Organizations 284 Identification of “Griton,” the Intruder, Information Protection Assessment in Buenos Aires, Argentina 384 Kit (IPAK) 286 C Resources and Publications 387 Policies and Procedures 292 General Information 387 Net Abuse 292 U.S.