All is relatively well here at Woesnotgone Meadow, where everyone has above average bandwidth.
Universities and colleges have been targeted for years by attackers across the globe. These
are known for not necessarily having the most current technology, yet having a mass amount of PII, which is readily marketable.
Two Nigerian citizens, Olayinka Olaniyi and Damilola Soloman Ibiwoye, living in Kuala Lumpur, were targeting colleges and universities in the US. The focus was to steal paychecks and tax returns. To compromise the targeted systems, the two attackers were phishing 130-140 universities and colleges a day. The attackers took the time and effort to produce emails which appeared to be legitimate, including the actual logos.
To achieve the end goal, the attackers needed system credentials. The fraudulent emails would direct the user to a non-college or university website, which appeared again to be completely legitimate. Here, the user provided credentials would be harvested. With this data, the attackers were able to reroute paychecks and access certain financial documents. The attackers, unfortunately, were successful with 20 different schools. Specifically, with Georgia Tech, the attack was noted quickly. This quick detection was definitely a bonus. Due to the quick work, the FBI was notified and they were on-site the next day. They were able to monitor the attacker’s traffic once present.
To assist with the identification of the person(s) responsible for this unlawful endeavor, Georgia Tech continued to work with the authorities. The IP addresses were traced to Malaysia. The authorities secured search warrants for the “alleged” attackers’ email accounts to provide evidence for legal actions. From this evidence, the two suspects were clearly identified by their respective names.
It is notable the US does not have an extradition agreement with Malaysia. To work with this, the FBI’s legal attache’ contacted the Malaysian royal police. The local Malaysian authorities also confirmed the attacker’s individual identities. Curiously, the two attackers were living in Malaysia on expired visas. The two were arrested. The evidence gathered also indicated the attackers were using the PII to file fake tax returns. The two were sentenced to federal prison. Ibiwoye pleaded guilty and received 39 months in January 2018. Olaniyi was convicted with a jury trial and received six years.
This case emphasizes two aspects of a breach. The breached party needs to be fully aware, as much as possible, of the breach and extent of the breach. There also needs to be a fully cooperative stance with a breach. Anything short of this merely adds more time to the open window for the attacker(s) to steal and use the data.
Thanks for visiting Woesnotgone Meadow, where the encryption is strong, and the O/Ss are
always using the latest version.
11 Alive. (2019). Nigerian hackers convicted after trying to break into Georgia tech’s payroll system. Retrieved from https://www.11alive.com/article/news/nigerian-hackers-convicted-after-trying-to-break-into-georgia-techs-payrollsystem/
FBI. (2019, February 4). Hackers targeted universities. Retrieved from https://www.fbi.gov/news/stories/cyber-thieves-sentenced-for-hacking-scheme-targetting-universities-020419
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!