[ISN] Alabama computer forensics duo cracks high-profile hacker attacks

From: InfoSec News (alerts@private)
Date: Thu Dec 07 2006 - 22:28:01 PST


http://www.timesdaily.com/apps/pbcs.dll/article?AID=/20061207/APN/612072348

By DAVID FERRARA
Press-Register
December 07. 2006

The suspect's constant keystrokes inside an underground nuclear 
laboratory in New Mexico uncovered personal photographs, voice mails and 
secret passwords.

The worried victims, a rock star and his Playmate wife, called their Los 
Angeles attorney.

A pair of investigators worked the case in front of computer screens in 
a small office in suburban Mobile.

And late last month, after months of computer tracking, Gus Dimitrelos 
and Kevin Levy, of the Alabama Computer Forensics Laboratory in Spanish 
Fort, cracked one of the year's most high-profile identity theft cases. 
The team, paid for with federal funds administered by the state of 
Alabama, works with prosecutors and police to solve crimes.

In September, they began tracking down the woman who had hacked her way 
into the computer and phone records of Chester Bennington - the frontman 
for the band Linkin Park - and wife Talinda, Dimitrelos said.

The case gained national attention last month when Devon L. Townsend was 
arrested at Sandia National Laboratories, a Department of Energy nuclear 
testing site on Kirtland Air Force Base in New Mexico where she worked. 
She admitted to accessing personal information of the famous pair since 
January, Dimitrelos said.

Townsend is currently free on bond, but under house arrest pending her 
trial, according to reports.

Dimitrelos, the director of the computer forensics team in Spanish Fort, 
said he and his partner Levy, a Secret Service agent, worked the 
high-profile cyber stalking case seven days a week for three months.

Second after second, they followed Townsend's electronic trail. She 
bounced from the couple's Yahoo! account to their Verizon billing 
statement to their personal e-mails, according to a federal indictment.

"The amount of activity was just overwhelming," Dimitrelos said. "She 
didn't hesitate. She systematically attacked every single one of their 
accounts."

Dimitrelos and Levy followed each of the suspect's moves from an office 
in the Spanish Fort Police Department, where their lab is based.

For months, Townsend sat unsupervised at her computer in New Mexico, 
according to Dimitrelos. When she found out personal information about 
the Benningtons, she learned their passwords through "brute force 
password attacking," Dimitrelos said. In other words, she tried 
different words and numbers until she gained access.

With a goal of blackmail, Townsend found her way into one of the 
couple's private accounts, Dimitrelos said. According to a federal 
indictment, she'd listen to their voice mails and read their e-mails. 
She'd find out where they were having lunch and show up. She learned 
where they lived and scribbled notes about their home.

Townsend admitted in a four-hour interview to having access to the 
couple's private information since January, according to Dimitrelos, who 
flew to Mexico to question the suspect. But the director of the Spanish 
Fort lab and a former Secret Service agent says he believes Townsend had 
been stalking the couple for years. He's still flipping through computer 
histories and files to find more information, he said.

He called the Bennington case one of the most difficult he's followed 
since retiring from the Secret Service last year. Simply gaining access 
to the high-security laboratory where Townsend worked was a struggle.

"Imagine calling up from Alabama, asking folks in this nuclear facility 
for assistance," Dimitrelos said. "They're going to tell you to pound 
sand."

But, he added, "it was a good case. Definitely the best one we've 
worked."

Since the Spanish Fort lab opened in January, Dimitrelos says he has 
received calls for five times as many cases as he expected. This week, 
he's expanding the size of his office to allow for evidence storage and 
take on more work. He also wants to work with the University of South 
Alabama to train future cyber sleuths through internships.

Hackers can track down personal information in two ways, Dimitrelos 
said. One method involves "social engineering," in which the hacker 
learns details about the victim through the victim's friends. There's 
also a "technical" aspect, where hackers find a vulnerability in a 
computer system and peer into confidential activity. Once the victim 
suspects something might be amiss, Dimitrelos advised recording the 
suspicious activity.

"The victim has to be very persistent in these cases," Dimitrelos said.

This is just one of a growing number of computer forensics cases 
assigned to the Spanish Fort-based team.

While most of their work stems from crime in Alabama and parts of the 
Southeast, people from all over the country are now tapping Dimitrelos 
and Levy to catch cyber criminals.

The lab is funded through a federal grant to the Alabama District 
Attorneys Association, and police don't have to pay Dimitrelos for his 
work.

They're handling cases involving everything from identity theft to 
murder, and helping authorities in Mobile and Baldwin counties solve 
crimes they might never have.

Baldwin County District Attorney Judy Newcomb said Dimitrelos has 
testified before grand juries, and she expects him to take the witness 
stand in upcoming trials.

The lab, she said, has allowed prosecutors to expand the number of cases 
from which computer evidence is retrieved. In the past, authorities 
would send information to Montgomery and wait months for a response.

"Gus is like one of the best, and if you need anything, he will come in 
and look at it for law enforcement," Newcomb said. "If it's something 
you need, he'll come right in and take care of it. And I think that's 
the concern: we need about five of him."

Baldwin County Sheriff's spokesman Lt. John Murphy agreed, saying 
investigators call Dimitrelos on a weekly basis.

"They bring something to the table that we just don't have in this 
area," Murphy said. "So it's an incredible asset."

In at least one case, Murphy said, Dimitrelos found child pornography 
that they didn't know existed on a sex offender's computer.

"That made our case stronger," Murphy said.


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Thu Dec 07 2006 - 22:42:21 PST