In the early morning hours of Monday September 2, residents of West Medford, Oregon were alarmed by a shooting that took place, Jennevieve Fong of CBS News 10 reports. A 17-year-old shot two individuals who were attempting to break into his home that morning. In a later article, Fong reports that the Medford Police Department (MPD) are continuing their investigation into the shooting and looking into potential digital evidence.

The MPD are searching to obtain any prior threats made between the parties involved. MPD Lt. Budreau said that they are looking at not only threats that could have been made in person, but also looking at threats that came from electronic communications, such as text messages, social media, and instant messaging applications.

Electronic evidence gathered from cellphones, computers and social media has become a new norm for many investigations as it provides investigators with additional information. The MPD has enlisted the help of the Southern Oregon High-Tech Crimes Task Force to assist in collecting electronic evidence, and it said that the digital evidence obtained will be included in their investigation.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

According to Expatica, Spain’s conservative Popular Party  has been acquitted of all charges in its alleged role in the destruction of evidence. Spain’s Popular party (PP), was undergoing trial for the destruction of evidence in a case dating back to 2013 involving the party’s former treasurer, Luis Barcenas. Trial for the PP began in June, the first time Spain has had a political party on trial.

The party had been accused of taking the hard drives of the former treasurer, Barcenas, before the investigators had been able to access them. The hard drives were then allegedly wiped clean by one of the defendants, Jose Manuel Moreno, an IT Specialist for the PP. It is alleged that the hard drives contained information about an illegal funding racket within the PP. The court deemed that was unclear as to whether the hard drives stored any data when they were wiped, and no proof that they were cleaned to obfuscate evidence.

Defense counsel argued that the drives were wiped to be in compliance with Spain’s data protection laws. When the drives were wiped, the former treasurer was under investigation and was eventually found guilty in May of 2018 for having benefitted from funds that were illegally obtained. Barcenas was sentenced to 33 years in jail and the PP was fined the Euro equivalent of $268,000.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

The BBC reported last Friday that Google security researchers have located malicious websites that allowed personal data to be taken from iPhone devices.

The security researchers determined the website attack appeared to have been functioning at least for two years before it was discovered and subsequently reported to Apple on February 1, 2019. The websites had the capability to implant malicious software on the devices and gather information such as installed contacts, photos, GPS locations, and various other data.

The software was also able to collect certain information from third party applications installed on the device, such as Instagram, WhatsApp, and Telegram. According to data collected from Google analytics, the websites containing the malicious code were visited thousands of times per week. It is not known who is responsible for the attack, nor where the information collected has ended up.

Once the vulnerability was reported to Apple, a security update was issued that patched the issue and prevented the malicious websites from infecting additional devices.

To help protect your device, ensure your device is running the latest operating system version available. At the date of publication, the latest version of software available for iPhone users is 12.4.1.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

On Tuesday, August 27, 2019 the FBI reported that Anthony Levandowski was indicted by a federal grand jury in San Jose for the theft of trade secrets. The indictment alleges that Levandowski, an engineer at Google working on their self-driving car project, stole files relating to the project after his resignation in January of 2016. Levandowski worked on the self-driving car project from 2009 until his resignation, without notice in 2016.

He was the lead of the Light Detecting and Ranging (LiDAR) engineering team at the time of his resignation and the indictment alleges that in the months before his departure, he downloaded numerous engineering, manufacturing, and business files from secure Google repositories about the LiDAR and self-driving car technologies. The indictment also alleges that Levandowski was involved with other competing companies, Tyto LiDAR LLC and 280 Systems, Inc.

The indictment charges Levandowski with 33 counts of theft and attempted theft of trade secrets. Arraignment was set for August 27, 2019 in the afternoon and at the arraignment, NBC’s Lauren Feiner and Paayal Zaveri, reported that the next court date was set for September 4, 2019 at 11:00.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

Digital evidence is continuing to appear in a wide variety of cases, and may be the focus of an investigation into claims of identity theft originating from outer space. A Forbes article breaks down the news of how NASA is investigating claims of the first potential cybercrime committed off-planet.

NASA astronaut Anne McClain has been accused of accessing a bank account belonging to her estranged wife, Summer Worden. As a former U.S. Air Force intelligence officer, Worden had believed her bank account was being accessed from an unauthorized party. Worden requested account login history from her bank and received a history of past logins. Upon reviewing the login location history, it was determined a computer registered to NASA was used to access her account. At the time of the account access, McClain was aboard the International Space Station.

Since the alleged incident, McClain has returned to Earth after spending six months in space and has admitted to accessing the account while away, but insists she was checking to ensure the account was properly funded, since Worden was tasked with the responsibility to care for a child McClain and Worden had been raising together.

An investigation to determine case specifics is underway, and that has many questioning what the legal jurisdiction is with the alleged crime originating from space. BBC News has reported that, “a legal framework exists that dictates any crime committed in space would be under the jurisdiction of the country of origin of the astronaut concerned.”

We remind readers  that it is not recommended to share or reuse passwords to any accounts. If shared passwords are used, it is recommended they be updated when personal situations change.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

Courts have always had to adapt to societal changes and new technologies. One of the latest stumbling blocks encountered by courts all over the world is the humble emoji. The issue courts are having with emojis generally concern how they should be interpreted. This issue can be especially difficult for older judges who are simply not familiar with this new facet of communicating.  In other cases, due to issues actually inserting a symbol into transcripts, like a smiley face or an eggplant, the emojis are simply left off the official record.

This fact can be very concerning to those who are familiar with the sort of visual slang that becomes associated with different emoji. Those various little faces, hands and icons can carry a lot more meaning than a simple smile. There are over a thousand different emojis maintained by the Unicode Consortium, the Organization that maintains the Unicode text standards, so it is no wonder interpreting these pictographs has been a challenge. There really are no standard guidelines on how to interpret the different icons leaving this task up to individual judges and the attorneys arguing their own interpretations.

To add another level of difficulty to this situation, it is important to remember that emojis are not completely standardized platform to platform. For example while the Unicode consortium does maintain a pistol emoji, depending on the device one is using it may be displayed as a grey revolver, a toy gun or even a squirt gun. Obviously this type of variation can lead to confusion about their meaning as they are sent between different platforms like Android and iOS.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

Technology blog TechNadu reported that a British teen acting as a hacker-for-hire had been arrested for SIM-Swapping attacks. Elliot Gunton, a 19-year-old from Norwich pled guilty to charges of online fraud and money laundering at the local Crown Court, receiving a 20 month prison sentence. It is reported that he offered hacking-for-hire services in exchange for cryptocurrencies, and charged $3000 per case. His use of cryptocurrency was not enough to stop the authorities from identifying him.

In April 2018 the police visited the teen’s house for a different matter, and made note that he could be involved in cybercrime during their inspection. Gunton’s laptop was seized and during their investigation and analysis of the device authorities were able to determine that he was running a hacker-for-hire service.

The type of attacks that he was conducting are called SIM-swapping attacks. This form of attack is a form of identity theft in which an attacker removes the SIM card from the victim’s phone to access the information stored on the device. The data contained on SIM cards can often contain phone numbers, contact lists, and stored messages. Gunton’s other activities included stealing and selling of personally identifiable information (PII), hacking of an Instagram account, and the breach of a Sexual Harm Prevention Order that was imposed in 2016. In his hacker-for-hire scheme, he made about £275,000 in Bitcoin, which was seized by the police.

The court determined that the imprisonment sentence had already been served on remand and Gunton will not serve any additional time behind bars. He is prohibited from using any internet capable devices unless he is being monitored by the police directly or through a network that the authorities can monitor at all times. He is not allowed the use of a virtual private network (VPN), encrypted communications of any type, or the use of a Tor network. Additional restrictions include the inability to delete web browser history, the use of any private browsing on web browsers, and the use of any cloud storage service. The restrictions are to be imposed for the next 3.5 years and he has been instructed to pay back £407,359 to the identified and confirmed victims.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

Fotis Dulos and girlfriend Michelle Troconis have been charged with tampering evidence and hindering the prosecution in connection with the disappearance of Mr. Dulos’ wife, Jennifer. Norm Pattis, the attorney for Mr. Dulos, is seeking to have any evidence that was pulled from a cellphone owned by his client suppressed in the case of his missing wife, according to the Stamford Advocate.

Phone records pulled indicated location data for the phone and where it traveled on the day Jennifer Dulos went missing. The records led the New Canaan police to ask for assistance from the Hartford Police Department to gain access to surveillance footage from the extensive cameras that are located throughout the city. Surveillance video showed two people resembling Mr. Dulos and Ms. Troconis stopping along Albany Avenue about thirty times. The vehicle in the video also matched a vehicle owned by Mr. Dulos, and footage shows a man placing numerous garbage bags into bins along the street. The police were able to retrieve the garbage bags, which contained clothing and other items with Jennifer Dulos’ blood on them.

Warrants indicate that Fotis Dulos arrived at the New Canaan Police Department with an attorney the day after his wife was reported missing. While at the Department, an iPhone belonging to Mr. Dulos was seized by police. Pattis alleged that the phone was taken without a search warrant and that police refused to return the device.  In June, Mr. Pattis submitted a list of items that he  would like returned; on that list were two iPhones. The judge in the pre-trial hearing allowed for the return of a Jeep and a Chevy Suburban, but nothing else from the list.

The question moving forward is when a search warrant was obtained for the iPhone. If there was not an active search warrant when Mr. Dulos requested to have the phone returned to his possession, it is possible the evidence will be suppressed since it would have been obtained unlawfully. Additional hearings were  scheduled for August 19^th and September 13^th.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

A recently published FBI.gov article documents the importance of digital forensic laboratories when dealing with modern day criminal investigations.

An interview with Steven Newman, an FBI Special Agent, highlighted the vast amounts of electronic evidence that occurs in casework. “Every single case now involves some sort of digital evidence.”

Newman is the director of the New Jersey Regional Computer Forensics Laboratory, dealing with digital evidence and cyber investigations. In May of 2018, a tip submitted to the FBI lead to the investigation of three men in a suspected connection to the terrorist organization ISIS. Once the suspect’s computers and mobile devices were examined, a wealth of crucial electronic evidence was reported that showed steps taken to view “ISIS materials, maps, and videos, including videos that depicted executions.” Evidence was also presented that documented the men’s desire to join the organization and ultimately disguise their online activity. Each man received a jail sentence ranging from eight to fifteen years.

Modern communications are changing and subsequently complicating the way digital forensic examinations are performed. More and more online communication is subject to encryption, where investigators are required to search for alternate routes in order to obtain information of interest. An emphasis is places on the ability to keep up with rapidly evolving technology and the tools that assist in the examination of electronic media.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/

Several instructors at Fayetteville Technical Community College were released from their positions after they alleged the school was tampering with student grades in order to receive a higher pass rate. The former instructors are now seeking a digital forensics expert to examine computer records belonging to the college for evidence to back up their claims.

The lawsuit, originating in 2016, made claims that the school’s administration team began “pressuring instructors to start giving D grades to failing students instead of F grades so that the students would pass their classes and stay in school.” The alleged order was received after laws were passed that allowed for additional college funding for schools with high retention rates. Instructors claim that if they had low retention rates, they were subjected to low performance reviews and were unable to teach additional classes.

When the instructors spoke with the head of the Human Resources department, their concerns did not receive a response. When it was time to sign annual teaching contracts, the instructors claim they were not offered positions due to their stance on the grading policies. Fayetteville Tech released a statement saying the instructors’ claims are not valid and they have never asked instructors to inflate student grades.

Fayetteville Tech’s computer records have been requested by the plaintiffs in order to search and extract documents relevant to the investigation. Previously, a judge approved the order to hire a computer forensics examiner to receive a complete copy of the computer system in question. A Court of Appeals Judge later denied that order due to the fact that the records could include sensitive documents that are protected by law, including correspondence between the school and its lawyers.

Currently, the court is deciding how to allow for an examination of Fayetteville Tech’s computer records without jeopardizing confidential data.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/