You are on page 1of 2

FBI New Haven Field Office Computer Analysis and Response Team:

Tracking a Computer Intruder

> In the header information the 'From' address was different when compared
to the 'Reply-To' address
> This was being passed through a hosting site called
> FBI traced the owner of the IP address of hosting site to CommuniTechNet
> Discovered that site hosted an e-mail spoofing site to hide sender identity
> Court order to for information on
FBI's Top three National Security priorities
Protect the United States from terrorist attacks
To counter foreign intelligence operations against the United States
Protect the United States against cyber-based attacks and high
technology crimes
Additional Information
- account belonged to:
Jason Smith (Name changed to protect ID)
Location - Los-Angeles, CA
from IP -
IP source: Seoul, Korea
Registration Date: 23 April, 2001
(1 day prior to e-mail being sent)
FBI Seal curtosy of
Off Shore Support
- IP belonged to BORANet
In Seoul, Korea
- New Haven contacted Legal, FBI
Foreign liaison office in Seoul, Korea
Additional Observations

> FBI noticed a suspicious string "../../../../../../../../"

> After research, it was found that the string allowed an exploit on the
WebStore software which was using for their store
> FBI notified of this exploit and the patch available (released
6 months prior) to fix vulnerabilities
> IP's from various countries were used to access the order log files of using this vulnerability
More Digging
> Combining the details from Hotmail and logs it was found
that a proxy server in California was used to access the "orders.log" files
> The IP address of proxy server was registered to Road Runner in Herndon,
> Subsequent court orders were filed for that location and the results found
-Subscriber: Student at University of Akron
Warrant Issued
> FBI in Connecticut drafted a warrant for student in Ohio and sent to local
> FBI found student in a frat house and the computer partially disassembled
> After interviewing the student admitted to hacking
> FBI recovered broken (unreadable) master drive as well as readable slave
> On slave drive data was found proving intrusion into
- June 13, 2002 the student entered guilty plea
- Title 18 US Code 1030 a(4)
- Sentenced to: 12-months in prison and $20,000 in restitution
- Served only 6-months of sentence
Other FBI Priorities include :
Protect Civil Rights
Combat significant violent crime
Combat major white-collar crime
Company affected :