Brenden Kirby of Fox 10 reports that the Mobile, AL County Government officials alerted their employees that personally identifiable information (PII) was potentially compromised by the unauthorized access that occurred on the county’s computer systems in May. The county advised that it had contained the damage from the attack and that it was able to restore their systems after the attack occurred. “Later, officials acknowledged that computer forensics experts were assessing the situation” Kirby writes.

The computer forensics investigation into the attack determined that the attackers could have accessed employee information such as social security numbers (SSN). The county “learned on July 13 that health insurance contract number for employees subscribed to receive health coverage and routing numbers for employees enrolled in direct deposit with the county, also were at risk” Kirby states.

“The possibility that employee PII was accessible by attackers, has prompted the government to provide the Mobile County employees with “notice and information about credit and identity protection”.  While the investigation is still ongoing, it was determined that employee PII was accessible but there has not been any information found to indicate how many employees’ PII was accessed or what other data was taken.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Texoma’s Homepage.com recently reported on a breakthrough Wichita Falls Police investigators were able to make in the case of the death of two year old Wilder McDaniel. In 2018 Wilder was found dead at his mother’s, Amber Odom McDaniel, boyfriend’s home. The boyfriend, James Staley, already faces murder charges in relation to the death but this breakthrough has resulted in charges of child endangerment and tampering with evidence for Amber as well.

The charges result from deleted text messages that were recovered from a cell phone that was collected at the home the day of the murder but unable to be analyzed at the time because of device encryption.  The encrypted phone was recently unlocked with assistance from examiners from the US Secret Service forensic lab. With the encryption bypassed, investigators were able to, with the help of a digital forensic examiner, analyze the phone and uncover what was described as “a long pattern of Staley telling Amber he was a threat to Wilder”.

Many of these messages had been deleted but were able to be recovered during the examination. During an interview Amber admitted to deleting some of the messages as well as doing a factory reset of the device a few months before the incident.

According to the affidavit the messages included threats of physical violence against the child that included punching him in the face, kicking him to the floor and that he needed “to be culled”.  In many cases Amber reportedly responded indifferently to these messages. The affiant goes on to state that “Your Affiant believes that there were multiple violent messages from Staley about Wilder that would have caused any protective mother to cut off Staley’s access to her son”.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Recent reports from Local New stations WBOY 12 and WSAZ 3 have confirmed a large scale data breach of the Workforce West Virginia website. The site provides West Virginians services such as filing for unemployment, job searching and even finding training opportunities.

The reports indicate the database used for the “Job Seekers” section of the database may have been compromised. This database contains personal information of those who used the service. The personal information stored in the database includes names addresses, phone numbers, dates of birth and even social security numbers.  

A computer forensic firm’s services have been engaged to assist in determining what parts of the database were accessed in the breach. Letters have been sent to those potentially affected to notify them of the issue and provide instructions about what they should do moving forward.

In a statement Workforce was quoted as saying “WorkForce regrets any inconvenience or concern this incident may cause. To help prevent something like this from happening again, WorkForce has implemented additional technical safeguards,”.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

According to a recent article on InsideNOVA, the Fairfax County Police department in Virginia has added a new member to their Cyber and Forensics Bureau. This new member is no normal new hire though, instead Officer Browser is a specially trained electronic evidence detecting Black Lab.

His extensive training focused on locating electronic storage media like USB thumb drives, external hard drives and other digital evidence like cellphones and computers. Expertise like this can be invaluable as storage media gets smaller and wireless capabilities are added. Having a K9 unit that can help locate a tiny micro SD card even when it is hidden away can uncover valuable evidence human officers might otherwise miss in a search.

To do this, Browser uses his nose to detect the unique chemical compounds found in chips and circuit boards much like other K9s might be used to find narcotics or explosives. Browser has been assigned to work with handler Detective Ray McCoy and the two are reportedly engaging in extensive training to stay on top of their game as they work with the Child Exploitation unit. Being one of very few duos in the entire state with this type of special training, Browser and McCoy are also assisting other jurisdictions as needed.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

CISOMAG reports that business email compromise (BEC) attacks have become the most common email threats. This type of attack is when a threat actor steals the credentials of targeted business email accounts and uses them later to launch phishing or social engineering campaigns on unknowing employees. CISOMAG cites the 2021 Business Email Compromise Report (download required) from GreatHorn.

The report notes that the most common types of BEC attacks are spoofed email accounts at 71% and spear phishing at 69%. In 49% of BEC attacks, the threat actors are spoofing an identity in the email’s display name to make the email look like it is coming from a trusted source. In the spear phishing emails, 68% were using the company’s name, 66% were using an individual’s name, and 53% were using a boss or manager’s name to trick employees into following the instructions.

Of the surveyed IT security pros, 65% of them state that in 2021 their organization experienced spear phishing. CISOMAG reports that “[the] report is based on the responses of 270 IT and cybersecurity professionals in the U.S., involved in fighting against BEC attacks and related email threats.”

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

On June 24, 2021 the Department of Justice (DOJ), issued a press release about a Ukrainian national who was sentenced to seven years in prison and ordered to pay restitution of $2.5 million dollars for his role in the hacking group known as FIN7. Court documents indicate that Andrii Kolpakov, a 33 year-old who worked with the FIN7 group, was identified as a pen tester for the group.

Kolpakov was arrested in Spain on June 28, 2018 and was extradited to the United States at the request of U.S. law enforcement on June 1, 2019. Kolpakov pleaded guilty to a single count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking in June of 2020.

The FIN7 group has been responsible for some of the attacks on U.S. companies, “predominantly in the restaurant, gambling, and hospitality industries”, the release states. FIN7 apparently used sophisticated phishing emails to trick people and businesses into downloading attachments that would install a version of the Carbanak malware to steal payment card information from business’s customers. The hacking group would then sell that data online in underground marketplaces.

“In the United States alone, FIN7 successfully breached the computer networks of businesses in all 50 states and the District of Columbia, stealing more than 20 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations” the press release states. The cost of these breaches cost the victims more than $1 billion.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

According to a report in the Dayton Daily News, the company that provides data management services to Ohio Medicaid providers, Maximus, recently experienced a serious data breach. This breach likely exposed the personal data of all Ohio Medicaid providers, including the provider’s names, social security numbers, and addresses.

Luckily those covered by Medicaid in the state were not included in the breach. Maximus and Ohio Medicaid are currently undertaking a forensic investigation of the incident, which apparently affected only the application used for Medicaid credentialing and licensing in the state.

A Maximus company statement explained that they ““promptly took the impacted application offline, launched an investigation with a leading cybersecurity firm, activated response protocols, and notified law enforcement.” after discovering the unauthorized access in mid-May of this year. The affected providers were notified via letter on the 18^th of June and are being offered two years of credit monitoring services. The investigation is still ongoing.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

According to a recent article in the Boston Globe, federal prosecutors have recently charged 13 individuals in an ongoing investigation into an alleged overtime pay fraud scheme in the Boston City Police department. The prosecutor’s office has reportedly been using cellphone data and the results of digital forensic analysis of the department’s attendance and pay records to further their investigation. The cellphone data in use includes cell site tower records that allow investigators to map where a person’s device was located at the specific time it connected to different network towers.

Up to this point at least 13 officers, both current and former, have been implicated in a scheme that goes back over an apparent 5 year period. In total it is thought that over $250,000 of fraudulent overtime pay was collected by those officers, all from the evidence unit. An additional five officers were included in court documents reviewed by the Globe; however, none had been charged at the time of the report. The amounts allegedly collected varied from officer to officer with at least one thought to have collected over $11,000 in unearned pay.  

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Lawrence Abrams from BleepingComputer reports that the US Government Contractor Sol Oriens suffered a cyberattack, alleged to be from the REvil ransomware gang. Sol Oriens helps the Department of Defense (DoD) and Department of Energy Organizations, Aerospace Contractors, and Technology Firms, “[however], job postings first spotted by CNBC correspondent Eamon Javers provide some insight into Sol Orien’s operations, who are seeking program managers, consultants and a ‘Nuclear Weapons Subject Matter Expert’ to work with the National Nuclear Security Administration (NNSA)”, writes Abrams.

Last week the REvil ransomware gang posted a list of companies whose data they had stolen and were auctioning off to the highest bidder. Sol Oriens is apparently one of the companies REvil claims to have stolen data from. “REvil claims to have stolen business data and employees’ data, including salary information and social security numbers”, Abrams states. REvil also published images of documents that they had taken from Sol Oriens as proof of the data breach. Sol Oriens confirmed a cyberattack on their network in May.

CNBC correspondent Eamon Javers took to Twitter to release information about the incident. Javers tweeted that the investigation is still ongoing and that Sol Oriens had hired a third-party cybersecurity and forensics firm to determine the breach’s scope.   

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Former councilman Kerry Kinard and his attorney have asked the judge to throw out computer evidence in relation to the sex-related chargers Kinard is facing in Bamberg County, Martha Rose Brown of The Times and Democrat writes. Council for Mr. Kinard, Bakari Sellers argued that all the computer evidence collected by law enforcement should be suppressed. Sellers is arguing that the evidence be suppressed because the evidence has yet to be available to him and his client to review before trial.

Kinard’s trial is set for July 12, and he faces charges of first-degree assault and battery, second-degree attempted criminal sexual conduct with a minor under 16, committing or attempting to commit a lewd act upon a child under 16, and two counts of criminal solicitation of a minor and dissemination of obscene material to a person under 18. Circuit Judge Clifton Newman heard arguments from Sellers and the Second Circuit Deputy Solicitor, David Miller. Miller informed the court that the South Carolina Law Enforcement Division (SLED) is still analyzing some of the data extracted from electronic devices that were seized from Kinard’s father’s home. At the time Kinard was taken in to custody he was living with his father.

Judge Newman is quoted by Brown “I may not make a decision until the time of trial, who knows.” Currently, the SLED has approximately a terabyte of data that has been extracted from some of the seized devices. The is “an Android tablet, a Chromebook laptop, a Microsoft Surface tablet and two Apple iPhones [that] remain passcode protected and SLED analyst haven’t been able to access them” Brown writes. Miller told Sellers that if Mr. Kinard wanted to provide the proper passcodes for the devices that it would speed things up. Miller stated that the available computer evidence and timeline would be provided on June 11, 2021.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics