The US Attorney’s Office of the Northern District of Ohio recently released a press report detailing that Christian Ferguson of Cleveland, OH was found guilty on two counts of attempted kidnapping. Ferguson was arrested on May 8, 2020 after placing a fake distress call to law enforcement officers. The FBI apparently received a call-in complaint in April of 2020 about a violent and extremist posting made in an online chatroom. It was later determined that the poster of the comments was identified as Ferguson.

 The release states “In these postings, Ferguson expressed a desire to call in false in-progress calls to the police in order to lure law enforcement to a remote location where they could be robbed of their weapons and body armor and possibly killed.” The FBI then introduced a confidential source into the chatroom, which Ferguson controlled.

More details about Ferguson’s plot were discussed in March of 2020 on the chatroom site. Through the use of confidential sources, the FBI and other local agencies were able to thwart the plot and make the arrest. A federal jury found Ferguson guilty on May 7, 2020 of the two kidnapping charges. Ferguson’s sentencing is set to take place August 27, 2020. The Acting U.S. Attorney Bridget M. Brennan said “’The community members who reported this plan, and the federal agents who worked to prevent it, should be commended for their actions. Lives were saved.”

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Andy Greenberg from Wired reports that an attack against the Colonial Pipeline Company’s network caused them to shut down a large portion of their pipeline. The company is responsible for providing 45% of the gasoline, natural gas and diesel fuels to much of the Eastern states. The company shut down parts of pipeline in order to contain the threat against their network and systems.  Greenberg writes “The incident represents one of the largest disruptions of American critical infrastructure by hackers in history.”

A statement from Colonial Pipeline explains that the company has begun an investigation into the incident, and that its investigation is currently ongoing. The release from Colonial Pipeline, which was last updated May 9, 2020, states that the company determined that ransomware was involved in the incident. The company’s statement also indicates that they have retained leading third-party cybersecurity experts to assist in the investigation to determine the scope and nature of the incident. They are also working in conjunction with law enforcement and other federal agencies.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

According to a recent report in the Duluth News Tribune, Michelle Brownfield, a psychologist in the Moose Lake Minnesota Sex Offender Program, or MSOP, has recently been charged with two counts of third-degree criminal sexual conduct.

These charges stem from an investigation undertaken by local police and the Minnesota Department of Human Services. The MSOP is a secure facility that, according to the article, treats “clients committed as sexually dangerous or sexually psychopathic personalities” after their release from the state correctional system.

The investigation began after authorities became aware of rumors alleging a relationship between Brownfield and one of her sex offender clients. The investigation turned up evidence in the form of victim reports and text messages that indicated Brownfield may have had sexual contact with not one but two of the clients under her care as a psychologist. The offenses were alleged to have taken place within the state-run facility in assessment and polygraph rooms.

Investigators from the Minnesota Bureau of Criminal Apprehension recovered text messages between Brownfield and one of the victim’s sisters, who was passing messages along regarding the incidents and her “romantic feelings”.  Also recovered from her phone were messages sent to the other victim’s girlfriend and explicit photos.  If she is convicted of both counts Brownfield could see up to a 15-year sentence and a $30,000 fine.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Tim Hrenchir of the Topeka Capital- Journal recently reported on the ongoing dispute between counsel for former high school teacher Jeffrey Pierce and prosecutors in the case. Pierce has been accused of solicitation of minors, including boys from the school where he taught as well blackmailing them to send him sexually explicit pictures and videos.

Pierce’s attorneys have filed a motion to suppress evidence from his cellphone that was obtained by the FBI after they allegedly forced him to turn over the password to his phone, a potential violation of his Fourth Amendment rights.

The government has claimed that this evidence shouldn’t be suppressed as they had other ways of breaking into the phone. In fact they state they already had the passcode of the phone as Pierce’s wife had turned it over in a separate previous interview. They also stated, due to the relatively simple four digit passcode in use, they would have been able to open the phone using the law-enforcement-only phone cracking tool GreyKey.

The statement regarding GreyKey prompted a request from Peirce’s council that the prosecution be required to provide access to the GrayKey hardware, software and documentation, such as manuals. Christopher M. Joseph, one of Pierce’s attorneys, was quoted from the motion stating “The government cannot claim its forensic tool rendered useless the passcodes officers compelled from Pierce while simultaneously denying the defense the information necessary to evaluate its claim.”

Prosecutors responded with a number of reasons they feel the request should be denied including pointing out that law enforcement already had the passcode from Pierce’s wife and that they believed the defense had failed to show how the GreyKey and related software and documentation would be material to Mr. Pierce’s defense. 

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Deanna Barash, who was employed as an assistant superintendent with the Northville school district in Michigan, is facing charges of obstructing a federal probe that involves a business agreement the school previously signed.

According to WZZM13.com, Barash instructed the school district to pay $45,000 to a company which provided social-emotional learning materials. Barash failed to disclose that she would be benefitting financially from the transaction, with $6,500 in up front payments from the company and a percentage of future profit.

After learning more about the deal, the FBI and the U.S. Attorney’s Office began investigating the claims made by the school district regarding Barash’s dealings. According to Patch.com, when Barash was made aware of the upcoming investigation, she deleted pertinent emails between herself and the third-party company and then lied to investigations about the deletion. Barash later admitted the emails had been deleted in an attempt to keep investigators from seeing them.

Barash has been convicted of obstructing a federal grand jury investigation which carries up to a 10-year jail term. The sentencing is set to take place on August 25^th.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Apple’s annual spring event took place last week where several new products and features were released including new iPad Pros, iMacs, and upgrades to Apple TV. The presentation also featured the release of a product that has been heavily speculated about for a while, Apple AirTags. These tiny item trackers allow you to fix them to common personal everyday items such as keys, wallets, and purses.

When you misplace the item, you can simply use the “Find My” application to pinpoint their current location. These trackers are currently available for purchase online and will soon be found in stores worldwide. The price of one AirTag is listed at $29, and with a replaceable battery, this gives competing item trackers a run for their money.

However, curious minds want to know what happens when AirTags are not used as intended. Can they be used for nefarious purposes such as tracking a spouse’s current location or vehicle?

The answer is probably not.

AirTags have been manufactured with unwanted tracking in mind. If an AirTag has secretly been attached to your personal belongings, your device will receive a notification stating “AirTag Found Moving Near You.” In addition, AirTags must be registered to an Apple ID when they are set up. If an AirTag is not within a certain distance to a device associated with the Apple ID used for setup for multiple days, a sound will begin to play notifying you of its presence.

In a new Apple Support document, Apple says if someone feels their safety is at risk after noticing an AirTag attached to their belongings, they should contact local law enforcement who can work with Apple to identify the Apple ID and personal information for the individual responsible for setting up the AirTag.

The likelihood of being tracked long term with an AirTag is not high. However, other methods still exist that allow you to be tracked including other types of tracking hardware in addition to unwanted software that can reside on personal cell phones and computers.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Lawrence Abrams of BleepingComputer reports that Eversource Energy, a large energy supplier in the New England area, suffered a data breach. Eversource provides electric and natural gas to 4.3 million customers throughout Connecticut, Massachusetts, and New Hampshire. Eversource is currently notifying their customers about the breach, where the customer information exposed was “name, address, phone number, social security number, service address, and account number” Abrams writes.

“According to the FAQ shared with BleepingComputer, Eversource performed a security review on March 16^th”, Abrams writes. This security review found that on a server there was a cloud storage folder that was misconfigured. This misconfiguration allowed for anyone to access that folder and the data contained within.

Eversource has since secured the folder and began investigating what data was stored in that location. The investigation found that there were unencrypted files stored in that folder that contained information of 11,000 customers from Eastern MA. They were created in August of 2019. “At this time, Eversource states that there is no indication that any of this data was acquired or misused by unauthorized people.” the article states.

Eversource is offering its customers affected by the data breach a year of free identity monitoring services offered through Cyberscout. The BleepingComputer article provides some other information that may be beneficial to those affected by the breach and certain items to watch out for such as phishing emails that are masked as coming from Eversource.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

The Western District of Oklahoma U.S. Attorney’s Office recently published a release about a Lawton, OK man who has been convicted in relation to a bank robbery that involved a fake bomb. The press release dated April 15, 2021 states “a federal jury in Oklahoma City found John Scott Brooks guilty of bank robbery involving a fake bomb.”

Digital evidence used at the trial helped to find Brooks guilty of the crime. Among the evidence used at trial was the bank’s security camera footage which showed the vehicle and the driver who had pulled up to the drive-through teller lane where the fake bomb was put in the teller drawer. A forensic examiner from the FBI conducted an image comparison analysis of the vehicle. The investigators also discovered that Brooks had tried to erase data from his cellphone. There were also multiple witnesses called in at trial who testified to a still photo of the surveillance footage, stating that they recognized the man depicted as Brooks.

The trial lasted two days and Brooks was found guilty by the jury after two hours of deliberation on one count of bank robbery. Brooks was acquitted on the count of making a bomb threat. The sentence that Brooks faces is up to 25 years in prison with three years of supervised release, mandatory restitution and a $250,000 fine. Brooks was arrested on April 2, 2020 and has been in custody since then.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

According to the Wisconsin Rapids Daily Tribune, Elizabeth Zivney faces a charge of second-degree reckless homicide stemming from the investigation into a deadly crash she was involved in on September 19, 2019.

The victim osf the crash, Deborah Johnson and her husband, were riding a Can-Am Spyder trike when Zivney crashed into them from the rear in her Chevy Cruze. While both riders were wearing helmets this was not enough to protect them from the violent impact. Johnson died due to her injuries while her husband’s shoulders, arm, ribs, pelvis and vertebrae all suffered fractures.

Zivney stated that her work phone had rung just before the crash but she mistakenly picked up her personal device instead just as the crash took place. However, a forensic examination of the device seemed to show that a gaming app called Lucky Gold had been open for 7 minutes and 54 seconds at the time of the incident. According to the complaint, the activity included “19 different game screens during the almost eight minutes”.  If Zivney is convicted of the charge of second-degree reckless homicide she faces a maximum sentence of 25 years.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

According to Mark Hand, a staff writer for Patch.com, Seth Pendley of Wichita Falls, Texas was arrested last week after FBI agents discovered he planned to destroy an Amazon data center in Ashburn Virginia.

The investigation that led to the arrest began when the FBI received a tip in January about posts being made by a particular user of a forum called mymilitia.com. The poster was reportedly planning to attack the data center in an attempt to, in his words, “kill off about 70% of the internet.”

The poster’s email address was provided to the investigators who were able to verify it was registered to Pendley. The investigation continued onto his personal Facebook page which included claims of participation in the January 6^th attack at the US Capitol building. Pendley was also active on the encrypted chat application Signal.

Another confidential informant was able to connect him though that app with an “explosives supplier” who was actually an undercover FBI agent. Eventually Pendley arranged to meet the undercover agent to purchase what he believed to be C4 explosives. The agent supplied Pendley with inert devices and demonstrated how to arm and trigger them. Once Pendley loaded the devices into his vehicle, FBI agents immediately placed him under arrest.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics