Jeff Weiner from The Orlando Sentinel reported that an Orange County Florida man has been arrested and accused of calling in a bomb threat to a Wendy’s restaurant. The bomb threat call occurred on February 11, 2021 and law enforcement began investigating that day after an employee filed a report about the incident.

Law enforcement arrested 33 year-old Yassir Baroudi on the charge of false report of a bombing, with bail set at $2,500. It is reported that the caller made multiple calls to the Wendy’s location before the employee’s manager said to call the police and make a report. Law enforcement evacuated the restaurant and conducted a search for any explosives on the premises, but none were found.

Investigators were able to ascertain the caller’s phone number and that the caller had placed an order through Uber Eats. The Sheriff’s Office issued a subpoena to Uber Eats, a food delivery app, requesting additional information about the account used to make the order. The information obtained from the subpoena led law enforcement to Mr. Baroudi who was arrested at his home on March 3, 2021.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Jared Strong of the Carroll Times Herald reported that two men were arrested in connection with the robbery of a Scranton bank after a tip and a confession from a woman who claimed she unknowingly assisted the two. The two men are Zachary Wailes and Tyler Mattingly. They were arrested in connection with the robbery of Peoples Bank that occurred on February 25, 2021. Wailes is alleged to be the individual who committed the robbery of the bank and made off with around $20,000 from various tellers at the bank. Surveillance footage from the robbery was compared to a previous robbery that Wailes was suspected of committing “and it appeared to be the same person.” Strong writes.

A day later, a woman was arrested for a separate matter but claimed to have information about the robbery that had taken place. The woman had allegedly made a report of a crash just before the robbery was to take place and has said that both Wailes and Mattingly had asked her to make the phone call about the false crash. She claimed to not know that the robbery was going to be committed at that time.

Law enforcement arrested Wailes the next day, and an examination of his cellphone revealed messages between Wailes and Mattingly that discussed items such as a getaway vehicle and talk about how to delete or destroy evidence on a cellphone. Mattingly was arrested on March 3, 2021. Law enforcement has stated that there could be additional criminal charges in the future.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Recently, WBBM News Radio reported on a suit being brought against Micheal Papandrea, a 59 year old restaurateur in Frankfort Illinois. The case was brought by eight of his female employees, including one 14 year old, and alleges that Papandrea had secretly been filming them from under their skirts while they worked at his three restaurants. Skirts or dresses were apparently required attire for female staff.

This civil case comes on the heels of an investigation and eventually a raid in March of 2020 where Illinois State Police charged Papandrea with “up-skirting” using what was described as “a camera on his shoe that shot the unauthorized video.” A digital forensic expert has been hired to assist in this new civil matter. The expert was provided access to Papandrea’s equipment for analysis. Reports indicate that deleted videos were recovered and estimate that potentially 500 more females may have been filmed without their knowledge both at Papandrea’s restaurants and other public places.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Shelbie Harris of the Idaho State Journal recently provided an update on a security breach that affected the Bannock County courthouse in mid-2020. The chief of staff for the Bannock County Commissioners, Scott Crowther, was quoted as stating “On or about June 30, 2020, Bannock County learned that its computer network was potentially accessed by an unknown actor on or about June 22, 2020”.

Upon discovering the potential breach, the county engaged computer forensic specialists to assist in determining the scope of the activity and what data on the systems was affected. The review took place over a number of weeks and the resulting forensic report confirmed that personal data had been accessed and taken by those responsible for the attack.

This prompted further review to identify whose information had likely been accessed so a notification could be sent out to the appropriate parties. This review resulted in the identification of approximately 1,500 people who had potentially been impacted. In mid-February the county began sending out notices to those people along with guidance about how to protect and monitor their identities moving forward.

Exactly what types of personal information was compromised was not disclosed by the county and likely varied from person to person. However, as the breach occurred on the county courthouse’s network, it would seem probable that everything from full names and addresses to social security and driver’s license numbers could have been collected.   

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Earlier this month, it was reported in an article by PC Mag that security team Red Canary located a new strand of macOS malware. Upon investigation, it was determined the malware seemed to exhibit behaviors previously unheard of in regard to its execution. After consulting with popular malware detection company Malwarebytes, it was determined the strand of malware had infected nearly 30,000 macOS endpoints. These infected devices spread across 153 countries with a majority of infections occurring in the United States. Red Canary has since named the newly identified malware as “Silver Sparrow.”

Further research determined that it doesn’t appear Silver Sparrow has been responsible for delivering any malicious payloads yet. It was determined that every Mac infected with Silver Sparrow is in communication with a control tower in case there are any received commands. Researchers believe a command could be issued at any point. It was also determined the malware has the capability to remotely remove itself from an infected system.

Apple has stated that it is taking steps to revoke certain certificates that will prevent new macOS machines from being infected.

In an online forum for MalwareBytes, a staff member confirmed that they had been detecting the infection before the news had been released.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

In a message from the director of the Michigan State Police, officers have been instructed to remove “nonstandard” applications from their provided state phones. In addition, officers must now seek authorization before downloading such apps going forward, according to a story by the Detroit Free Press.

The memo comes after various articles have detailed senior Michigan State Police members using the encrypted communication application Signal, which keeps no record of text messages sent and received. Once the messages are deleted within the Signal application, they are unable to be traced or recovered. This finding raised concerns about the potential ability to evade the Michigan Freedom of Information Act, should communications between officers be requested.

Attorney James Fett, who is representing previous officers fired by the Michigan State Police and alleging retaliation in their cases, fears that relevant text messages exchanged over the Signal application are gone and irretrievable.

Officers who would like to use a nonstandard application on their work provided devices must fill out a form to get authorization to do so. Social media apps such as Facebook, Instagram, Twitter, YouTube and LinkedIn are specified as not needing prior authorization.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Motherboard writers Jason Koebler, Joseph Cox and Lorenzo Franceschi-Bicchierai reported that Jones Day, one of the largest law firms in the world, was breached by hackers. Jones Day has recently been in the news as it was one of the law firms that represented the Donald Trump campaign in the challenges made to the 2020 election. The trio write “[the] hackers who run the Cl0p ransomware recently posted several gigabytes of data on a dark web site where they advertise their breaches.” If you are interested in the original site where the breach was first reported, it can be found here.

Jones Day apparently did not immediately respond to Motherboard’s request for comment; however, the Motherboard writers state “but confirmed the hack happened in a statement to The Wall Street Journal.” Jones Day has blamed the data breach on Accellion. Accellion provides file sharing systems and they were also victims of a recent hack. Information about the hack can be found here. Accellion is currently conducting an assessment of the breach and is using “an industry-leading cybersecurity forensics firm” to assist them, Motherboard reports.

There are apparently 20 caches available relating to the data breach at Jones Day, and they range from 1.5GB to 4.5GB. The original post from DataBreaches.net indicates that the hackers uploaded the data that was exfiltrated because the firm did not respond to their demands and threats.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

A current criminal investigation into the hacking of the City of Oldsmar, FL water system is underway reports Sarah Wray of CitiesToday. The city’s water treatment plant was the victim of a cyber-incident on February 5, 2021, in which an intruder attempted to change the levels of sodium hydroxide in the water supply that provides drinking water to the city of Oldsmar. The levels of sodium hydroxide were attempted to be changed from 100 parts per million to 11,100 parts per million. “Sodium hydroxide is also known as lye or caustic soda. The chemical is used at low concentrations to regulate the PH level of potable water but at high levels it is highly corrosive and damaging to human tissue” Wray writes.

The levels of the sodium hydroxide were not changed due to an operator at the treatment plant noticing that the levels were being raised. The operator quickly solved the issue and notified a supervisor of the incident. Wray writes that “the city’s computer system was remotely accessed at 8:00 am and 1:30 ppm by an unknown party.” Preliminary investigation by the Sheriff’s Office indicates that the unknown party gained remote access to the system using the TeamViewer software, which is used by the plant for monitoring and troubleshooting of the plant systems while off-site. The investigation into the incident is still ongoing and includes parties such as the FBI, the Secret Service, and the Sheriff’s Office Digital Forensics Unit. There are currently leads in this hacking case, but there are no confirmed suspects.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Keith Schweigert of Fox 43 recently reported on charges made against a now former Waynesboro Pennsylvania Police officer, William Everett Sublett IV. Sublett has been charged with Aggravated Indecent Assault, Unlawful Contact with a Minor and Corruption of a Minor based on an investigation that stemmed from a report made by the 16-year-old alleged victim to her school counselor. The victim reported that she had been in contact with the officer via text and that he had even brought her to his home and fondled her. When the report came to light, Sublett was immediately placed on administrative leave and resigned his position less than a month later.

Sublett first met the minor while on a call at her residence. He continued to have contact with her while making a number of checkups at the house. The two began to communicate via text message and these messages were discovered as a result of forensic examinations of several phones recovered from Sublett throughout the course of the investigation. One of the phones even turned out to belong to the alleged victim.

The victim sent photographs of herself to Sublett via text messages and Sublett allegedly offered to buy her a burner phone and vaping products in return for naked photos of herself. Further timeline review of the messages made it clear that some texts would have even been exchanged while Sublett was actually on duty for the city. Further evidence of Sublett engaging in contact with the victim was caught on a surveillance camera at her home when he stopped by to drop a cell phone off for the girl. Sublett has apparently denied contacting the victim via text messages although the mobile device forensic results seem to contradict that.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Recently, according to Penn State News, a virtual student involvement event including the school’s Black Caucus group was interrupted by a number of uninvited participants making racist remarks.

This type of incident, known as Zoom-Bombing” has unfortunately become much more common place with pandemic restrictions forcing many meetings, which were once held in person, online. Over the last year, Zoom and other video conferencing apps have introduced several security features to assist in securing meetings on their platforms. Unfortunately, if a meeting is not properly configured, incidents like this are still a very real threat. To learn a bit more about what changes Zoom has been making you could check out the November 18, 2020 post on Sharon Nelson’s blog, Ride the Lightning.  

The university is working with digital forensic examiners to collect evidence about the incident and those involved. The university police lauded the victims of the harassment for their quick reporting of the incident. In the course of the ongoing investigation, university police say they have consulted with both internal resources such as the school’s office of information and external entities such as the FBI. At this time the university has found no indication those who committed the disturbance were connected to Penn State in any way.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics