[ISN] The Case of the Hacked South Pole

From: InfoSec News (isnat_private)
Date: Tue Jul 22 2003 - 00:20:01 PDT

  • Next message: InfoSec News: "[ISN] ITL Bulletin for July 2003"

    Forwarded from: William Knowles <wkat_private>
    
    http://www.fbi.gov/page2/southpole.htm
    
    [I don't recall this one, thought you all might enjoy it.  - WK]
    
    
    Two Romanian citizens accused of hacking into the National Science
    Foundation’s Amundsen-Scott South Pole Station science research
    facility were arrested in a joint FBI/Romanian police operation last
    month.
    
    On May 3, 2003, an anonymous email was simultaneously received by the
    Foundation’s U.S. Antarctic Program network operations center and by
    technical staff at the South Pole. "I've hacked into the server of
    your South Pole Research Station," it read. "Pay me off, or I will
    sell the station's data to another country." The email contained data
    found only on South Pole computer systems, demonstrating that it was
    not a hoax. The threat hinted that the South Pole network had been
    widely penetrated, potentially with harmful software that would cause
    harm if triggered by the hacker.
    
    NSF and its contractor, Raytheon Polar Services Company, immediately
    isolated the entire station's computer network to prevent future moves
    by the hacker. For part of each day the station is naturally isolated
    from the Internet because of limited satellite coverage, and by the
    time satellite access returned the next day the NSF team had locked
    down the station while beginning to restore essential services such as
    email and telemedicine and to isolate the known hacked computers from
    the local network.
    
    A case of unusual circumstances 
    
    In May, South Pole Station is closed to the outside world -
    temperatures approach 70 degrees below zero; aircraft cannot land for
    another six months except in extreme cases for medical emergencies;  
    and the computer network is the main connection for the 58 wintering
    scientists and support contractors to maintain a lifeline to the
    outside world for scientific data transmission, station operations,
    medical support and emotional contact with family and friends.
    
    The South Pole Station is a unique laboratory for scientific research 
    where scientists deploy powerful radio telescopes that look out to the 
    fringes of the universe to study its birth, sensitive seismometers 
    that probe for earthquakes around the globe, detectors buried in the 
    ice that measure neutrinos from cataclysmic events in outer space, and 
    make long-term observations to document the changing composition of 
    the pristine atmosphere. 
    
    The chase is on
    
    While the network was being secured and service restored to the 
    personnel isolated at the bottom of the world, the NSF contacted the 
    FBI, and the agencies worked together to find those behind the scheme. 
    The Washington Field Office helped the NSF preserve evidence and use 
    cyber-investigative techniques to track the path of the extortionist’s 
    emails. The FBI Information Technology Division and the Cyber Division 
    collaborated to determine that the hackers were accessing their emails 
    from a cyber café in Romania. A call to the FBI Legal Attaché in 
    Bucharest revealed that the Romania suspects were the target of other 
    investigations out of the Mobile and Los Angeles Field Offices. The 
    investigation was so far along in Mobile that the agents working with 
    the Romania police had already made controlled payments to the 
    suspects in an effort to flush them out further.
    
    In executing a search warrant of the suspects' residence, the Romanian 
    authorities seized documents, a credit card used in the extortion 
    scheme, and a computer that contained the very email account that was 
    used to make the demands of NSF. The Romanian police had all they 
    needed and arrested two individuals and charged them with the crimes. 
    The two are scheduled to stand trial.
    
    International partners close the net
    
    What did it take to track down these extortionists willing to endanger 
    the well being of the South Pole researchers and threaten the public 
    investment in scientific research that benefits all mankind? It took 
    the concerted efforts on a global scale of a diverse group of 
    individuals: the National Science Foundation's Computer Incident 
    Response Team (CIRT), which includes NSF's Security Officer, and 
    representatives from the Office of Inspector General, the Office of 
    Polar Programs and the Division of Information Services, all located 
    in Arlington, Virginia; NSF's Raytheon contractor support personnel in 
    Colorado, Maryland, and Antarctica; NSF's scientific researchers in 
    Antarctica and across the U.S.; FBI Agents in Washington, Mobile, 
    Alabama, and Los Angeles; the FBI Legal Attaché in Romania, and the 
    Romanian police. This case exemplifies how the FBI works in 
    conjunction with its fellow government agencies as well as the 
    international law enforcement community to bring cyber criminals to 
    justice.
     
     
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ----------------------------------------------------------------
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ================================================================
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Jul 22 2003 - 03:11:37 PDT