Two Walmart locations in Casper Wyoming reported threats being made against their property and employees in August 2020, according to the Sheridan Media. The threats were being sent to two employees via text message and allegedly claimed there were bombs planted in both stores. The sender of the texts also claimed to have access to guns and stated they were “after everyone”.

Over the course of the Casper Police Department’s investigation into the incidents, both employees who received the messages were questioned and the messages on their phones documented. Detectives reviewing the phones were able to do more than just preserve the threatening messages though. They determined that the texts had not been sent over the traditional cellular protocols and instead were sent using voice over IP or VOIP.

They were able to track down evidence of access to a VOIP service on one of the employee’s phones. When confronted with the evidence from her cellphone as well as records provided by her internet provider and VOIP service, she confessed to sending the messages to herself and the other employee. She was subsequently arrested in connection with the terroristic threats made against both stores.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Recently, Bleeping Computer reported on a cyberattack that has crippled the transportation technology company Rand McNally. While many consumers know of Rand McNally for their map and atlas products, those in the trucking and logistics world will know the company is very much online these days.

Rand McNally provides services that allow trucking fleet managers to map and optimize routes, GPS navigation and even network based electronic logging for individual trucks and drivers. Unfortunately for the company, many of these services were taken offline by the attack. This prompted the company to place banners on their website indicating their systems were down and that they were “upgrading our systems now and will be back up soon.”

Reports from the company indicate they are working with computer forensics specialists to investigate the full scope of the event. They have indicated that at this time no customer data is believed to have been accessible. However, online ordering and perhaps even more importantly their electronic trucking logging device platform is reportedly not working. These devices are a part of a federal mandate aimed at transportation safety issues. With the platform not working, fleets are having to use the deprecated system of paper driver logs until their systems can be restored. The company has not been able to provide an estimated date for the restoration of services.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Researchers at Abertay University in Scotland performed a cybersecurity study by purchasing 100 used USB drives from the internet and examined them for retrievable data. The study, led by student James Conacher, investigated whether sellers are aware of how to properly sanitize their old USB drives of personal data before sending them out. To begin, the used drives were purchased from the auction site eBay and a forensic analysis was performed of each drive received.

Out of the 100 analyzed drives, only two contained data that was “immediately visible”, meaning the drive contained active files that the seller made no attempt to delete. 32 of the drives contained no recoverable data, and the remaining 68 drives had data that was recoverable to a certain degree. Out of the 68 drives that had data available to be recovered, full file recovery was possible on 42 of the drives.

The recovered files were then categorized into three types: low, medium, and high sensitivity. Recovered files that were classified as low sensitivity contained data such as downloaded videos, operating system installation files, and various student work. Medium sensitivity files contained various images with location data included, personal photographs, and clinical trial studies. The most concerning high sensitivity files contained data such as password lists, CVs, bank statements, invoice records, and health reports.

When making used USB drives available for purchase online without securely deleting the contents beforehand, there is immense risk on the part of the seller. However, there is also the component of buyer risk. Those who have expertise in the field of electronic evidence often lean on the side of caution when inserting used USB drives into their devices, attempting to steer clear of the possibility of malware. Out of the 100 analyzed drives, there was no evidence to suggest any drives had installed malware on them. However, the findings do not make the scenario any less possible.

To conclude, when selling USB drives online, there are techniques to utilize to ensure data security. It is recommended to make use of widely available software that has the ability to completely wipe all the contents of the drive prior to sending the drive off to a new owner.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Last week, Baltimore County public school district found itself victim of a ransomware attack occurring on their systems the day before Thanksgiving, according to the BBC.

Due to the attack, students found themselves unable to access online lessons amid the ongoing remote learning sessions. The district has released a statement saying it would be spending the next couple days reviewing the details surrounding the attack and working towards getting its systems up and running. Popular local newspaper the Baltimore Sun has reported the attack could leave the school’s systems down for weeks.

The school district has offered limited information regarding the breach and called it a “catastrophic attack on our technology system.” The district also acknowledged that local, state and federal law enforcement was involved in investigating the attack.

The issue that often occurs with ransomware attacks is that there is no guarantee that the cyber-criminals will provide a decryption key for the systems once payment is made. This is why law enforcement often suggests not complying with these types of requests.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Vernal Douglas of Brooklyn was recently arrested along with three other men in connection with a more than yearlong investigation into the steady stream of illegal guns flowing into the city, according to the New York Daily News.

The investigation relied on digital evidence that allowed the police to trace the weapons all along their route. Douglas, a conductor for the New York Metropolitan Transportation Authority, had been making frequent trips to meet with a contact in South Carolina to purchase pistols which he then sold to another man in New York, Montoun Hart. Hart then resold the firearms to contacts in the city.

The investigators were able to put the pieces together using wiretaps and examining the cellphone text and picture messages between Douglas, his supplier in South Carolina and Hart. These messages included pictures of many of the guns involved. Using the information gained in the investigation, undercover officers were able to purchase 44 guns directly from Hart before making the arrests and charging the men on counts including criminal possession and sale of a firearm as well as conspiracy charges.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Recently NECN.com reported on a cyberattack that caused a widespread outage for the University of Vermont Health Network, Vermont’s largest hospital. Hospital patients were unable to log into their personal portals to access their personal health information as the IT staff and outside forensic examiners worked to document the incident and begin recovery.

While it has yet to be confirmed, it seems likely this attack was related to a rash of recent ransomware attacks affecting hospitals all over the country. In fact the FBI released a warning in late October alerting the healthcare industry that cyber criminals were stepping up efforts against hospitals and other healthcare related systems in an attempt to extort ransoms for the return of encrypted data. This warning would have been dire even in the best of times but with the world still solidly in the midst of a global pandemic, the situation is all the more troubling.

While much of the computer systems appeared down at the hospital, officials reported that for the most part all was operating normally as they have plans in place for these types of incidents. The ER was still able to handle local trauma incidents; however, reports indicate that some elective procedures were rescheduled to ease pressure.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

According to CrimeOnline, Prosecutors in New Jersey are looking into the death of a local Freehold woman, Stephanie Parze, who disappeared on September 30, 2019, and was later found dead off of a highway months later. Investigators have performed digital forensics to help ascertain clues as to who may be responsible for her death.

An immediate suspect of Parze’s death was her ex-boyfriend, John Ozbilgen. A forensic review was performed on Ozbilgen’s cell phone and multiple images of child pornography were located on the device. Ozbilgen was arrested and once bail was posted, he was found dead in his home a few days later. His death was ruled a suicide.

Prosecutors have now begun looking into Ozbilgen’s parents, as they believe there were text messages of interest sent and received with the parents after he allegedly killed Parze. When investigators asked the Ozbilgens for their cellphone passwords to perform a forensic analysis, the couple reportedly refused. There is currently an open investigation regarding the parent’s refusal, and it is possible they may face obstruction of justice charges.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

A year ago on November 3^rd, Jessica Lopez, a New York woman, disappeared after being spotted at a motel in the early morning. After an initial investigation, her car was found abandoned in a nearby parking lot. A trail of electronic evidence assisted prosecutors in finally charging a man with her presumed death.

Upon her disappearance, authorities conducted tons of searches to locate Lopez. Cadaver dogs had been deployed, and police followed up on more than 440 leads in the case. The search even stretched to a landfill in Northern Pennsylvania, where a majority of the trash near Lopez’s residence ends up. Even though a body has yet to be recovered, police are moving forward with charges against Lopez’s ex-boyfriend, Matthew Mercado.

Mercado has been a suspect since the initial investigation phase. Shortly after Lopez disappeared, Mercado was charged with breaking into a different room at the same motel where Lopez was last seen. Prosecutors believe that Mercado killed Lopez when she tried to leave the motel in the early morning of November 3^rd, 2019. A trail of electronic evidence shows Mercado withdrawing $15,000 from Lopez’s bank account and then deleting text messages the two had exchanged.

Mercado is currently being held on $3 million bond after he pled not guilty to murder and grand larceny.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Terry Spencer from the Associated Press reports that when Florida Governor Ron DeSantis went to cast his ballot earlier last week he was initially refused because someone had changed his address online. When attempting to vote last Monday, October 26, he was told that the voting address had been changed from the governor’s mansion to another address in West Palm Beach, FL just over 400 miles away. The problem with the address was promptly resolved and DeSantis contacted the Florida Department of Law Enforcement about the illegal change of address. Law enforcement was able to determine that the address was changed online from a residence in Naples, FL.

Officers went to the residence where they found 20 year-old Anthony Guevara who admitted to changing DeSantis’ address through the elections website in Leon County. “He told agents he gained access by using the governor’s birth date, which he got from Wikipedia” Spencer writes.

The Leon County Elections Supervisor has said that there are two online systems that allow for voters to change their address. One requires only the voter’s birth date and that is the one that Guevara has been accused of using. “It has safeguards to prevent hackers from executing mass changes” Spencer reports. The second system, requires additional information such as the person’s driver licenses number, issuance date, and their last four digits of their social security number to change an address.

Guevara has been charged with accessing a computer without authorization and illegally altering voting records. Both charges are third-degree felonies and are punishable with up to five years in prison.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

According to the Hill County Journal, Jennifer Bardeaux and Tadeo Graces Jr. were arrested on October 20^th and charged with Tampering with Physical Evidence. The charges stem from an ongoing investigation by the Kerrville Police department in Kerr County Texas regarding the death of Gideon Barideaux, Jennifer’s two-year-old son.

The investigation began in August when police responded to a call about an injured child. Jennifer told the officers that the injuries were the result of a fall earlier in the day; however, officers and medical staff did not believe the injuries were consistent with the fall. Unfortunately, despite being taken to a local medical center and eventually being transferred to San Antonio University hospital by air ambulance, Gideon died as a result of the injuries three days later.

Over the course of the investigation, authorities interviewed both Jennifer and Tadeo regarding the matter and both maintained the child had been hurt because of a fall, a fact the forensic medical examiner’s reports have disputed. Cell phones belonging to both parties seemed to point to a different story when they were analyzed. An examination of their phones revealed Jennifer and Tadeo had each deleted a significant amount of content relating to the incident allowing offers to obtain arrest warrants for both parties based on this alleged evidence tampering.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics