Micropatent's efforts against cyberstalker
MicroPatent and its parent company, the Thomson Corporation, did not respond to several phone calls seeking comment about the apprehension and conviction of a cyberstalker who had plagued MicroPatent. But others with direct knowledge of the hunt for the company's stalker said MicroPatent, which had grown rapidly through acquisitions, had a computer network containing stretches of online turf that were once used by acquirees but were abandoned after the takeovers.
Those digital back alleys offered access to the entire MicroPatent network to people with old passwords. Once inside, they could inhabit the network undetected - in much the same way that anyone with a key to one abandoned house on a block of abandoned houses can live in a populous city without anyone knowing he is there. And MicroPatent's stalker was lurking on one of its network's nether zones.
By 2003, MicroPatent had become so frustrated with its unknown stalker that it reached out to the F.B.I. for help. But with its resources spread thin, the F.B.I. could not pin down the stalker's identity, his motivations or how he managed to trespass on MicroPatent's electronic turf. A year later, MicroPatent hired Stroz Friedburg and secured the services of Eric D. Shaw, a clinical psychologist who had once profiled terrorists and foreign potentates for the C.I.A.
The first order of business, investigators said, was to narrow the field of MicroPatent's potential stalkers and to try to isolate the perpetrator. "You need to take the temperature of the person on the other side and determine how seriously you need to take them," said Beryl Howell, who supervised the MicroPatent investigation for Stroz Friedburg. "Is it a youngster or is it someone who's angry? Is it someone who's fooling around or someone who's much more serious?"
Investigators said their examination of the stalker's communications indicated that he was much more than a hacker on a joy ride. That would be consistent with what law enforcement authorities and computer security specialists describe as the recent evolution of computer crime: from an unstructured digital underground of adolescent hackers and script-kiddies to what Mr. Bednarski describes in his study as "information merchants" representing "a structured threat that comes from profit-oriented and highly secretive professionals."
(...)
Dr. Shaw's analysis of e-mail messages led them to believe that they were tracking a technologically sophisticated man, older than 30, with a history of work problems and personal conflicts, who was compulsively obsessed with details and who might own weapons. The stalker was extremely angry and "holding a grudge," Dr. Shaw recalled. "People like that can be very dangerous. He referred to himself as a soldier behind enemy lines."
Within a few weeks, Dr. Shaw's analysis led the investigative team to focus on Myron Tereshchuk, a 43-year-old Maryland entrepreneur who ran his own patent business and had once been rebuffed by MicroPatent when he applied to the company for a job. And Mr. Tereshchuk was indeed their man. Members of Ms. Howell's investigative team all said that Dr. Shaw's profiling was a breakthrough in the pursuit, but that without the subsequent involvement of local and federal law enforcement officials, Mr. Tereshchuk would not have been captured.
(...)
A computer forensics expert embedded a Web bug, a kind of digital tracking device, in one of the e-mail messages that Mr. Videtto sent to the stalker. But the stalker screened his e-mail with decoding devices that included a hex editor, software that allows users to preview the contents of incoming files, and he uncovered the bug. "Was it a script to capture my IP address?" the stalker wrote tauntingly to Mr. Videtto after finding the Web bug, referring to his Internet Protocol address. "I'll look at it later with a hex editor."
Investigators said the failed bug worried them because they thought it might scare off the stalker, but by this point Mr. Tereshchuk had already demanded his $17 million extortion payment. He also clumsily revealed his identity by demanding that the money be sent to the person accused of threatening to bomb the patent office. And he kept sending e-mail messages telling Mr. Videtto that he had MicroPatent's customer lists, patent applications, customer credit card numbers and the Social Security numbers of some employees, as well as the employees' birth dates, home addresses and the names of their spouses and children.
The stalker also threatened to flood the computer networks of MicroPatent clients with information pilfered from the company, overwhelming the customers' ability to process the data and thereby shuttering their online operations - a surreptitious digital attack known as distributed denial of service, or D.D.O.S. Such assaults, analysts and law enforcement officials say, have become a trademark of cyberextortionists. Federal prosecutors in Los Angeles are currently investigating a group of possible cyberextortionists linked to a television retailer indicted there last August. The retailer was accused of disrupting competitors' online operations, and prosecutors have called suspects in that case the "D.D.O.S. Mafia."
"D.D.O.S. attacks are still one of the primary ways of extorting a company, and we're seeing a lot of that," said Larry D. Johnson, special agent in charge of the United States Secret Service's criminal division. "I think the bad guys know that if the extortion amounts are relatively low a company will simply pay to make them go away."
Mr. Tereshchuk's apparent ability to start a D.D.O.S. attack attested to what investigators describe as his unusual technological dexterity, despite evidence of his psychological instability. It also explained how he was able to evade detection for years, and his methods for pulling off that feat surfaced after the F.B.I. began following him.
Using wireless computing gear stashed in an old, blue Pontiac, and fishing for access from an antenna mounted on his car's dashboard, Mr. Tereshchuk cruised Virginia and Maryland neighborhoods. As he did so, federal court documents say, he lifted Yahoo and America Online accounts and passwords from unwitting homeowners and businesspeople with wireless Internet connections. The documents also say he then hijacked the accounts and routed e-mail messages to MicroPatent from them; he used wireless home networks he had commandeered to hack into MicroPatent's computer network and occasionally made use of online accounts at the University of Maryland's student computer lab, which he had also anonymously penetrated.
BY late February of last year, however, the F.B.I. had laid digital traps for Mr. Tereshchuk inside the student lab, which was near his home. As investigators began to close in on him, his e-mail messages to Mr. Videtto became more frantic. A note sent on Feb. 28 told Mr. Videtto that if he forked over the $17 million then "everything gets deactivated, sanitized, and life will go on for everybody."
In his last e-mail message, sent several days later, he dropped his guard completely: "I am overwhelmed with the amount of information that can be used for embarrassment," he wrote. "When Myron gets compensated, things start to get deactivated."
On March 10, 2004, federal agents swarmed Mr. Tereshchuk's home, where they found the hand-grenade components and ricin ingredients. The agents arrested him in his car the same day, in the midst of writing his new crop of e-mail messages to Mr. Videtto.
Late last year, Mr. Tereshchuk was sentenced to five years in prison after pleading guilty to a criminal extortion charge filed by the United States attorney's office in Alexandria. Earlier this year he pleaded guilty to criminal possession of explosives and biological weapons, charges that the United States attorney's office in Baltimore had filed against him. Possessing illegal toxins carries a maximum term of life in prison. Mr. Tereshchuk is expected to be sentenced this fall.
[from the New York Times through the Wilmington Star]
0 Comments:
Post a Comment
<< Home