Tom Loewy of the Quad-City Times reports that a Davenport man who was originally charged with two misdemeanors now faces a felony charge for the possession of a stolen handgun. Ray Watkins was arrested and charged with an aggravated misdemeanor of carrying weapons and possession of marijuana. The charges stem from police seeing Watkins in a Davenport park with a loaded gun. They conducted a traffic stop of Watkins’ vehicle where they found the marijuana on his lap and through a search of the vehicle found a loaded Smith & Wesson semi-automatic pistol under the driver seat.

Officers had determined that the gun found in the vehicle was reported stolen by the Indianapolis Metropolitan Police Department on September 10, 2019. The Davenport Police obtained a search warrant for Watkin’s phone and recovered evidence that led to the addition of the felony charge. Photo and video evidence on the phone showed the accused in possession of the firearm. Additionally, they found a video on the phone that displayed the gun on Watkin’s lap just 12 minutes before officers had made contact.

In this case, the possession of the stolen firearm is considered trafficking. Watkins is currently being held in jail on a $5,000 bond and the preliminary hearing is scheduled for Friday September 25, 2020.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Nikie Mayo of Greenville News reports that Belton mayor Tiffany Ownbey has been a victim of revenge porn, and that the State Law Enforcement Division (SLED) is conducting a computer forensic examination relating to the matter. If you are not familiar with it, revenge porn is the release of sexually explicit material without the consent of the party or parties involved with intent to cause harm to the individual(s) depicted in the acts. The Belton Police Chief, Robert Young passed the case off to SLED in June after Ownbey told him about the video. According to a spokesperson for SLED, the video was published on social media, though they did not say which of the various platforms. Spokesperson Thomas Crosby states “[we] continue to look into the situation, and we’re exhausting all forensics and investigative leads.”

Ownbey’s attorney, former 10^th Judicial Circuit Court Solicitor Druanne White, has said that a man had in the past secretly recorded the video of the intimate encounter with Ownbey and threatened to release the video if she broke up with the unnamed individual. Ownbey is the first woman to have been elected to the position of mayor in Belton, and White has stated “[after] Tiffany was elected Mayor, she began hearing rumors that the recording might be released.” Ownbey is currently waiting on SLED to finish their investigation before any further legal action is pursued in the matter.

“According to the Cyber Civil Rights Initiative, 46 states and the District of Columbia have specific laws against the distribution of sexually graphic images of individuals without consent” Mayo writes. South Carolina is one of the states not included and does not contain such a law. Ownbey has stated that she will work toward advocating for others who have been in situations like hers. A bill was introduced in 2019, but it has not advanced.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Baltimore ABC Affiliate WMAR recently reported on the story of a murder case in which Calum Thomas of Annapolis Maryland was found guilty and sentenced to 55 years in prison for second degree murder and related firearms charges. Digital forensic analysis of Thomas’s cell phone was instrumental in solving the case.

It all started back on January 2, 2017 when Anne Arundel County police were called to a report of shots fired in Annapolis. At the scene, they discovered the victim, Terry Crouse. Crouse had been shot multiple times and unfortunately was pronounced dead at the scene. Through the course of the investigation Mr. Crouse’s son was interviewed. He indicated to police that Thomas may have been involved because he believed Thomas was potentially angry about a debt Thomas thought Crouse’s son owed him.

On January 13, 2017, Maryland State Police pulled over a car Thomas was driving. In the car they located a firearm that fired the same type of ammunition used in the murder. Also found in the car was Thomas’s cell phone. The Digital Forensics Unit of the Anne Arundel County Police analyzed the phone. During the course of the analysis, investigators found browser history indicating the phone had been used to search for both the type of firearm and ammunition which ballistic examiners had already linked to the crime. With the assistance from the FBI, they were able to determine that the phone was connected to cell towers surrounding the crime scene around the time of the murder.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

According to NBC News, Hartford Public Schools in Connecticut was forced to postpone the first day of school after a ransomware attack made the district’s system inaccessible.

In an online message released to students, the district stated that ransomware was responsible for causing an outage of critical systems used by the school’s transportation company, making it impossible for students to return to school. Superintendent Dr. Leslie Torres-Rodriguez told NBC Connecticut that the school does not believe any personal information of students or staff was compromised, however, there will still be an investigation.

In the interview, Torres-Rodriguez stated “This is another example of how flexible we all have to be. We were ready and we were excited, and we still are, to receive our students and staff. This was something that was out of our control and we’re going to give it another try.”

The school will reopen its door officially on September 9^th, one day later than expected.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Back in 2016, Morgan Stanley closed two data centers and hired a vendor to remove old equipment from the buildings. Subsequently, Morgan Stanley learned that some of the machines still contained unencrypted client data and had not been fully wiped clean, according to Think Advisor.

Flash forward to 2020. Morgan Stanley is unable to locate the equipment and have deemed it “missing.” Additionally, back in 2019, Morgan Stanley had replaced multiple servers across various branch locations. A filed complaint alleges that the discarded servers contain unencrypted data and that Morgan Stanley had also deemed those servers missing.

The missing equipment is said to contain “everything unauthorized third parties need to illegally use Morgan Stanley’s current and former customers’ PII (personal identifying information) to steal their identities and to make fraudulent purchases, among other things.”

The complaint states that the customers whose personal information resides on the discarded equipment face a “lifetime risk” of identity theft and their information being sold on the dark web.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Matthew Ormseth of the Los Angeles Times reports that a visiting researcher at the University of California Los Angeles (UCLA) has been arrested and charged with destroying evidence. The FBI originally began investigating Guan Lei in July under suspicions that he had committed visa fraud and possibly shared software or technical data from UCLA to officials in the Chinese military. However, he is not currently charged with those crimes; instead he has been accused of destroying evidence. Agents had been staking out his apartment in Irvine, CA where they observed Lei pull a computer hard drive out of his sock and dispose of it in a trash bin.

The FBI interviewed Lei and Ormseth writes “[t]wo days after being interviewed, Guan tried to board a flight out of LAX to Xiamen, a city in southeast China.” Six days after the interview, the agents saw Lei dispose of the hard drive outside of his apartment. The hard drive was crushed according to an affidavit.

Agents returned to the Lei’s apartment five days later with a search warrant, with authorization to search Lei as well, however the agents were unable to locate him at that time. Ormseth writes that “Guan [Lei], who was doing laundry across the street, saw them arrive and walked briskly away, the affidavit said.” It is currently unclear what was recovered from the apartment with the search warrant, or if any data was salvageable from the hard drive agents recovered from the trash bin.

“Guan is the latest Chinese national studying at a U.S. University to be charged with a federal crime” Ormseth writes. According to the LA Times article, visiting scientists from Stanford, UC San Francisco, and UC Davis have also been arrested and detained. More information is likely to come in the following weeks.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

 
Scott Ferguson of Govinfosecurity.com reported that Sudhish Kasaba Ramesh, an ex-Cisco engineer, has pled guilty to causing $1.4 million in damages to the company. Ramesh has plead guilty to one charge of intentionally accessing a protected computer without authorization and recklessly causing damage. The breach did not cause any damage or compromise to customer data; however, there was damage to Cisco’s internal systems and other expenses Cisco occurred due to the access, estimated at $1.4 million.

The incident occurred in September of 2018 but criminal charges against Ramesh were made in July of 2020. Ramesh resigned from his position with Cisco in April of 2018, and it is alleged that Ramesh accessed Cisco’s systems where he executed malicious code from his own cloud platform. The malicious code then deleted 465 virtual machines that are used to support Cisco’s WebEx application. This caused around 16,000 WebEx accounts to be affected over a course of two weeks.

WebEx, if you are unfamiliar, is an application that allows for video conferencing, screen sharing, and other virtual collaboration tools. The disruption in the WebEx service caused Cisco to refund their clients who were affected, which is part of the calculation of the $1.4 million in damages. Ferguson notes “The court documents in the case do not mention how Ramesh maintained his access to Cisco’s cloud infrastructure after he left or what led the FBI to press criminal charges.”

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

As reported by ZDNet, the University of Utah recently paid out almost $500,000 to a ransomware group. While paying these types of groups is unfortunately not all that remarkable, the fact that they paid even after a relatively successful response by the University is rather remarkable.

Apparently the university was able to identify and halt the attack before 99.98% of their data had been encrypted. Of the data that was encrypted, just .02%, was unable to be recovered from backups. With almost no data loss, the university seemed to have avoided disaster. Then the ransomware group threatened to release documents stolen before the encryption began if a substantial payment wasn’t made. This is a backup maneuver that has become all too common in these types of ransomware attacks. In many cases, the ransomware groups will get two ransom payments, one for giving victims the decryption key and one for (supposedly) deleting the data.

Reportedly, after a review of the matter and consulting with their cyber insurance provider, it was agreed that a payment would be split between the cyber insurance and the university. A university spokesperson was quoted as describing the payment as “a proactive and preventive step to ensure information was not released on the internet”. One has to wonder how much faith anyone can have in the promise of the ransomware group which, of course, stole the data in the first place.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Phil Muncaster from Infosecurity Magazine reports that on August 6, the SANS Institute discovered that hundreds of emails from an internal account were forwarded to an unknown third party. SANS has stated that a regular review of email configuration settings revealed a forwarding rule that was flagged as suspicious. The emails that were forwarded contained information such as first and last names, work titles, company name, industry, address and more.

Muncaster writes “SANS Institutes confirmed to Infosecurity that the exposed data belonged to individuals that had registered for one of its virtual summits and ‘was intended for community outreach purposes.’” The investigation into the forwarding revealed that there were a total of 513 emails forwarded to the unknown email address and that a malicious Office 365 add-on was installed on the victim’s machine as part of the attack. The attack vector was a single phishing email that infected the victim’s machine allowing for the setup of the forwarding. SANS has since secured the account to prevent any other release of information. The SANS digital forensics team is looking into the attack to determine if any other information was compromised due to the breach. SANS has posted information on their website about the incident, and has stated that passwords and financial information were not disclosed in the incident.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Ryan Neal of Financial Planning reported Wednesday, that Morgan Stanley has two current lawsuits against the company that allege that the company compromised sensitive client information. The Lawsuits allege that the company failed to fully wipe decommissioned computer equipment, which has gone missing. The two lawsuits have been filed by former Morgan Stanley clients who were notified of data breaches in early July.

Morgan Stanley closed two data centers in 2016 and hired a vendor to remove customer data from the equipment. Morgan Stanley was then notified that some devices still contained unencrypted data after they left the firm’s possession. The lawsuit states “The missing equipment and servers contain everything unauthorized third-parties need to illegally use Morgan Stanley’s current and former customers [information] to steal their identities and to make fraudulent purchases.” Neal writes that “Morgan Stanley has investigated the matter and is working with outside experts to understand the potential risks to clients.”

When electronic storage media is being retired or discarded, it is important that the information that is contained on those devices is securely wiped, and if the media is damaged or malfunctioning, that the device/storage media is destroyed. Securely wiping storage media ensures that the information contained on the device is unavailable to anyone who could get their hands on the discarded storage device. There are many methods of wiping data as well as tools and companies that can provide wiping and data destruction.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics