21 Oct 2007

Cyber Crime Investigation Case Studies (The Hydra Case)

This case study is a simplified version of a case successfully investigated by the Computer Emergency Response Team of Asian School of Cyber Laws.

The names of people, Case Numbers, email IDs and IP addresses etc have been changed in order to protect the privacy of the individuals concerned. All names, case numbers, IP addresses, email IDs are fictitious and any resemblance to any person living or dead or any organization are purely co-incidental.

Note: Neither this case study nor any part thereof may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, microfilming, and recording, or by any information storage or retrieval system, without prior permission in writing from Asian School of Cyber Laws.

On 20th January, the Computer Emergency Response Team of Asian School of Cyber Laws issued a global alert for a new generation hydra. (A hydra is a malicious code that has the capabilities of a virus, a worm and a Trojan.)

The Alert cautions against the threat of the hydra which is spreading fast and destroying huge amounts of data worldwide. The hydra is also stealing confidential information such as passwords, credit card numbers etc and emailing them to unknown locations.

After a rampage of seven days, the spread of the hydra is finally controlled after a consortium of anti virus companies comes up with a solution. The estimated loss due to data damage caused by the hydra is a staggering Rs 16,000 crore. The loss due to theft of confidential information is incalculable.

After weeks of intensive tracking (with the help of honeypots and IDS located worldwide), ASCL CERT is able to pinpoint the IP address of the computer from which the hydra originated.

The local police raid the relevant location and find that the computer belongs to Tanya, a 19-year-old college student. A year ago Tanya had been arrested for trafficking in stolen credit card numbers, but she had been acquitted due to lack of evidence.

On examining Tanya's computer, they find that there is no hard disk in it! Tanya tells the police that she had no idea when her hard disk had been stolen. She also tells them that she had last used her computer a week ago.

The police have recovered one floppy disk from Tanya's cupboard. This floppy has been provided to you. Please investigate.

Hint: The floppy would be containing the hydra,(which may not be detected by Virus scanners) as she would need to spread the Hydra through this media (possible)

Asian School of Cyber Laws is the pioneering institute in the field of education, training and consultancy in cyber law, cyber crime investigation and information security. In these fields ASCL works with several Universities and Colleges, Government departments, law enforcement agencies, defence organizations and corporates in several countries.

Copyright (c) 2007, Asian School of Cyber Laws. All Rights Reserved. Used by Permission.

Courtesy: http://www.asianlaws.org


comments powered by Disqus