GE Investigations Blog

News and interesting articles from around the world.

Symantec’s Norton / Cybercrime Stories: Sandra

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Social Media, Technology & Digital Security  No Responses »
Nov 172011
 

Cybercrime Stories: Sandra
NORTON by Symantec

How does cybercrime affect people? Check out this real-world example. To avoid becoming a victim of cybercrime, learn the basics of online protection.
Sandra’s Story

Sandra is a human resources professional who lives in Miami, Florida. She has used a computer in her job for more than 10 years. At work, her computer is maintained by her organization’s IT department, and she has never experienced any security problems with the computer in her workplace.

Sandra considers herself to be computer savvy and believes that she is at low risk of online fraud for the following reasons:

* She never shops online because she doesn’t want to risk exposing her credit card information, and she doesn’t like the idea that data about her purchases might be stored and used to make a profile of her likes and dislikes.

* She uses her home computer only for personal email with friends and family, to surf the Web for information about new developments in her field, and to do banking once a month via her bank’s website.

* Occasionally she looks other things up on the Web, but not often.

Sandra’s situation seems safe enough, right?

Unfortunately, looks can be deceiving. At work one day last summer, she heard about a new vulnerability specific to the Internet browser she used. It was so critical that emergency patches for all work computers in her organization had been distributed by her IT department that same day. Sandra wanted to be sure her home computer was protected too, so when she got home she went online to get more information about the vulnerability, and to determine if she was protected.

Using a popular search engine, she found a website that offered not only information about the vulnerability, but the option to have a patch for the vulnerability downloaded automatically to her computer. Sandra read the information, but opted not to accept the download since she was taught to download information only from authorized sources. Then she went to the official Internet browser site to obtain the patch.
So, what went wrong?

Unfortunately, as Sandra was reading information about the vulnerability on the first site, the criminal who had created the website was taking advantage of the fact her computer actually had the vulnerability. In fact, as she was clicking “no” (to refuse the download that was being offered), unbeknownst to her the automatic installation of a small but powerful crimeware program was already taking place on her computer.

The program was a keystroke logger. Simultaneously, the website’s owner was already receiving a notification that the keystroke logger had been secretly and successfully installed on Sandra’s computer. The program was designed to covertly log everything she typed in from that moment on, and to send all of the information to the website owner as well. It functioned flawlessly, too–recording everything Sandra typed. Every website she visited and every email she sent was passed on to the cybercriminal.

Later that evening, Sandra finished up her monthly online banking. As she logged into her personal bank account, the keystroke logger recorded those keystrokes too, including confidential information: the name of her bank, her user ID, her password, the last four digits of her Social Security number, and her mother’s maiden name. The bank’s system was secure, and all the data she typed in was encrypted so no one along the route could casually discern the information. However, the keystroke logger was recording the information in real time as she typed it in–before it was encrypted. Thus the keystroke logger was able to bypass the security that was in place.

It was just a matter of time before her bank’s name, her user ID, her password, and her mother’s maiden name were in the hands of the cybercriminal. He added Sandra’s name and information to a long list of other unsuspecting users. He then sold that list to someone he had met on the Internet–someone who specialized in using stolen bank information to make illegal withdrawals. When Sandra went to make a deposit several weeks later and asked for her balance statement, she was shocked to find that her bank account was almost empty. Sandra had been the victim of a cybercrime.

Direct Link: http://us.norton.com/cybercrime-stories-sandra/article

 Posted by GE Investigations at 20:26  Tagged with: confidential information, Hacking, hijack, ID, Information, keystroke logger, login, password, stolen identity, theft, victim of a cybercrime
< Blog Home

<< Main Site

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Tags

adware Android Anonymous Apple Arizona Brooklyn Cyber Attack cyber security Cybersecurity DEA Digital Security Drug Enforcement Administration Drugs exploit Exploits Facebook FBI Federal Bureau of Investigation G.E. Investigations Blog G.E. Investigations LLC GE Investigations Blog Google hack hacked hacker Hackers Hacking LAPD Law Enforcement Los Angeles Police Deparment LulzSec Malware Microsoft Narcotics New York City Police Department NYPD privacy social engineering Spyware trojan Twitter U.S.M.C. United States Marine Corps USMC virus

Categories

  • Announcements
  • Articles of Interest
  • Bail Recovery
  • Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved)
  • FALLEN & INJURED HEROES
  • Firearms, Weapons & Personal Safety
  • G.E. Investigations Articles
  • Investigative
  • Law Enforcement
  • National security, Terrorism, Cyber Terrorism & Related Crimes
  • Science & Related Space Technology
  • Social Media
  • Technology & Digital Security
  • U.S. MARINES & Military
  • WANTED CRIMINALS & POI

Search

Archives

  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011

RSS Feed RSS - Posts

© 2012 G.E. Investigations Blog Created by Mercurius Creative, LLC! Suffusion theme by Sayontan Sinha