Yarbrough Strategic Advisors

The Kinko’s Caper: Burglary by Modem

http://www.nytimes.com/2003/08/07/technology/the-kinko-s-caper-burglary-by-modem.html?pagewanted=1

By LISA NAPOLI
Published: The New York Times – August 7, 2003

Illustration by Bob Scott - The New York Times: Kinko's Caper

ON a steamy summer day, the 16-story apartment building on Kissena Boulevard in Flushing, Queens, hardly looks like a place where Secret Service agents would show up with a search warrant, and later for an arrest. Women trudge from the bustling markets just two blocks away, children and bags in tow; elderly couples sun themselves on park benches. Nothing about the quiet, neatly kept grounds suggests a crime scene.

But when computers are the weapons and the victims are far from sight, it is easy to operate quietly and, for a while at least, undetected. And that is how, for almost two years, Juju Jiang used an arsenal of computers in his bedroom on the 14th floor — in an apartment he shared with his mother — to break into others.

According to the federal agents who prosecuted him, Mr. Jiang had unwitting help from his victims: customers at Internet terminals at 13 Kinko’s copy shops in Manhattan entered personal information that he gathered with software he had installed there to capture their every keystroke.

Mr. Jiang, 25, pleaded guilty last month to computer fraud and software piracy. Had one target not heard his home computer inexplicably come alive late one night last fall, there is no telling how long Mr. Jiang might have gone on with his scheme — and even then, he was not finished trying. Agents say 450 people were ultimately victimized, with Mr. Jiang breaking into a number of their bank accounts, opening new ones with their data or selling that data on the Internet.

Now Mr. Jiang, who immigrated from China at 16, sits in custody awaiting sentencing, an audacious if ultimately clumsy predator in the immeasurable world of cybercrime. ”It’s one of those things that’s so — for lack of a better word — easy, and so prevalent,” said Shannon Zeigler, a spokesman for the Secret Service, which after 9/11 was given an expanded role in investigating computer fraud.

The source and extent of Mr. Jiang’s computer knowledge are not clear. He was enrolled as an engineering major at Penn State from 1996 to 1998. A doorman at his Queens building said Mr. Jiang described himself as a consultant. In any case, Mr. Zeigler said, ”if you know how to maneuver a computer, there are ways to kind of get into areas to do things you probably shouldn’t be doing.”

That is putting it lightly, as the man identified in court documents as Victim 1 knows only too well. In a telephone interview with a reporter — the call was put through by the Secret Service to shield the man’s identity, which neither they nor the victim would disclose — Victim 1 recounted how he came to detect a cyberburglar in his home.

He had just finished watching the movie ”Rocky” one night last October. And as he was winding down with a little channel surfing after midnight, he heard his laptop activate across the room.

”I thought it was my antivirus software running, and I kind of ignored it,” he said.

After a few minutes, he realized that software does not make the sort of noise he was hearing. Curious, he walked over to the computer and watched as the mouse moved around the screen, opening up files and searching, as if they were dresser drawers that might harbor cash.

A few weeks earlier, Victim 1 had signed up for a $179-a-year service called GoToMyPC, which gives users remote access to their own computer desktops. Instantly, he wondered if that might be the tool by which this ghost was casing his hard drive.

Like a determined sleuth, Victim 1 resisted the urge to stop the rogue cursor, and instead watched it move.

”I sat there as this person opened my CV, and some documents in other files, and got my Social Security and credit card numbers,” he said. They were easy to get: Victim 1 had them stored on a desktop organizing program. Armed with the data, the phantom user dialed up a bill-paying service called Neteller and opened an account in Victim 1’s name.

The virtual intruder’s next stop was the Web site for American Express. There, Victim 1 saw his credit card information being entered on the screen.

And that, he said, is when he intervened, grabbing control of the computer by touching the mouse and, in essence, shooing the intruder away. ”As soon as I did it, he disappeared,” Victim 1 said.

But the man known as Victim 1 did not drop the incident. He called 24-hour customer support for GoToMyPC, a product of ExpertCity of Santa Barbara, Calif.
”They didn’t believe me when I first told them; they told me it must be a mistake,” said Victim 1, who called customer support again in the morning and persisted: ”They asked where might I have exposed my user credentials.” And that is when he recalled a session at a copy shop on Seventh Avenue in Manhattan just a few days earlier: ”I had a couple of hours to kill before my train, so I logged in at a Kinko’s. We figured out that was probably how the person had figured out what my user name and password were.”

ExpertCity officials in turn contacted the federal authorities, who, using logs of GoToMyPC use on Victim 1’s computer, traced the attacking computer by its Internet protocol address, first to the company providing it cable-modem service and then to a specific Queens address. With ExpertCity’s help, federal agents found that at least nine other customer accounts had been used by the same suspicious computer.

The agents obtained a search warrant and headed to the building on Kissena Boulevard. Four desktops and a laptop whirred in Mr. Jiang’s bedroom, and, court documents said, telltale signs of digital subterfuge were scattered about the room: Post-it notes containing bank account numbers, Kinko’s credit card receipts, and books and manuals on hacking.

”On the screen of one of the desktop computers, I observed files with labels corresponding to the names of various banks including HSBC, North Fork, Chase, Citibank and Wells Fargo,” a special agent for the Secret Service testified in federal court in Manhattan in December. ”I also observed a file labeled GoToMyPC.” The agent testified that the laptop in Mr. Jiang’s bedroom displayed a crime in the making: a ”brute-force attack” computer program that, if uninterrupted, could have hacked into other computers.

Mr. Jiang confessed that he had been breaking and entering for almost two years, the court documents said. A crucial tool was a software program called Invisible KeyLogger Stealth, which he admitted to surreptitiously installing at the Kinko’s terminals. (The product sells for about $100, and is marketed largely to parents and employers who want to monitor what gets done on home and workplace computers.) Using the logging software, agents said, Mr. Jiang recorded every character entered at the Kinko’s computers, dialing in later to retrieve the data.

But Mr. Jiang’s arrest in December did not end his exploits. After his release on bail that month, Kinko’s officials advised the federal agent in January that Mr. Jiang had been recorded on security monitors making new visits to Kinko’s stores. The Kinko’s security staff had reconfigured the stores’ 30-cents-a-minute public terminals to register any use of key-logging software, and in February further logging activity at one store was traced to Mr. Jiang, according to court documents.

He was arrested again in March and pleaded guilty last month to five counts of computer fraud and software piracy, with maximum penalties totaling 17 years in prison and hundreds of thousands of dollars in fines. No sentencing date has been set.

There have certainly been farther-reaching cybercrimes, with deeper impact. But experts say the Jiang case is especially disturbing because it illustrates the potential damage that could be wrought by invisible spy tools.

”Any time you’re intercepting communications from a person, it’s a very invasive act, and the amount of damage can range from nothing or very light to very severe,” said Ed Stroz, who formed the Federal Bureau of Investigation’s computer crime squad in New York in 1996 and now leads a private forensics firm. ”What mitigates that is that most people don’t use Kinko’s for the most serious stuff. I don’t think the top-flight investment bank is going there, but I have known art dealers’ having to use places like that for an anticipated auction the next day. The kind of content that can be intercepted in this way is serious.”

Making the public aware of the vulnerability of shared Internet access terminals is one thing. Remedying this vulnerability is quite another.
”I don’t know how you manage the risk,” Mr. Stroz said. ”It’s a little like managing the risk of catching cold. I don’t think you can eliminate risk; all you can do is notify the user of the potential for it.”

Officials at Kinko’s and at the software makers whose products were used by Mr. Jiang to execute his crimes were quick to point out that his was an isolated case.

Maggie Thill, a spokeswoman for Kinko’s, said the company had updated its security measures for its stores’ public computers since his initial arrest. She declined to elaborate on a statement she issued after Mr. Jiang’s second arrest, which said, ”We believe we have succeeded in making a similar attack extremely difficult in the future.”

An updated user agreement warning customers who sign in at the terminals about protecting their data has also been put into use. ”The hope is that customers will be encouraged to guard the information in ways we’ve all become used to guarding the credit card number on a charge slip,” Ms. Thill said. ”The challenge is that technology the way it is it has so many benefits no one can ensure 100 percent security.”

Leon Yan, managing director of Amecisco, the San Francisco company that makes Invisible KeyLogger Stealth, said he was distressed that his software has been used in the crime, but he added that it was simply a tool.

”By nature, a tool like that can be used for good or bad purposes,” Mr. Yan said by e-mail. ”A gun does not kill people; only people do. Some people may want to ban all guns, all CD recorders or all key-loggers. But they are the same people who want to go back to the Stone Age.”

For a maker of a product intended to be used while one is away from one’s home computer, the Kinko’s incident is a sensitive issue. Andreas von Blottnitz, chief executive of ExpertCity, said: ”Our system in itself is secure. The risk we cannot control is the Kinko’s risk. Users have to learn there is potential risk in using the Internet from a public terminal. I would not do online banking from a Kinko’s terminal.”

Perhaps Mr. Jiang’s case will make computer users more cautious, Mr. von Blottnitz said.

For his part, Victim 1 said he has remained a customer of GoToMyPC and is still an ardent technology user. ”Computers are a big part of my life, and I can’t stop using them, and I can’t stop using the technology I need to use on a daily basis,” he said.

”I still use it. I’m just smarter about it.”

Photo: UNSUSPECTING — A Kinko’s store in Manhattan where cybertheft occurred. (Photo by Christopher Smith for The New York Times)(pg. G7) Drawing (Drawing by Bob Scott)(pg. G1) Chart: ”Data Theft, by Remote Control” Court documents show two software programs were crucial to Juju Jiang’s identity-theft scheme. Mr. Jiang installs keystroke-logging software on PC’s at several Kinko’s locations in Manhattan. Kinko’s customers use the computers. Some go online to conduct financial transactions. Others, using a remote-control software program called GoToMyPC, tap into their home computer to work or retrieve files. Mr. Jiang later dials in to collect the data from the logging software, including user names, account numbers and passwords. Mr. Jiang sells some of the data on the Internet. Mr. Jiang, using his own GoToMyPC program, uses passwords captured from GoToMyPC users at Kinko’s to gain access to their home computers, gleaning more personal financial data. After a victim reports unauthorized access to his home computer, federal agents, working with the makers of GoToMyPC, trace Mr. Jiang’s Internet address and arrest him. (pg. G7)

Continue Reading

http://cbs11tv.com/topstories/local_story_270212100.html

By Robert Riggs
Reporting
Sept 27, 2006

(CBS 11 News) ADDISON Jim Damman thought somebody was looking over his shoulder for months. Little did he know that his office had been routinely broken into and more than 150-million dollars worth of trade secrets were stolen without a visible trace, according to a federal lawsuit?

The President of Exel Transportation Services says his suspicion grew so strong that he took the unusual step of sweeping the companys Addison offices for electronic bugs.

Exel is not a business typically considered a target of corporate spying its a shipping broker. Inside its offices, logistic agents sit in front of computer terminals with telephones cradled to their ears. Hundreds of times a day, they match-up shippers to freight carriers and move loads of everything from potatoes to computer chips around the world.

The sweep for bugs yielded nothing. But Damman says a new start-up competitor in Plano named Total Transportation Services (TTS) seemed to have an uncanny knack of taking away Exels customers.

The competitor was like one step ahead of us but they could not have known we were going to see a certain person, Damman says. They could not have known what we were going to talk about when we were going to see that person, unless they were getting information somewhere. We knew something was wrong.

Exel alleges what was wrong in a federal lawsuit filed against Total Transportation Services (TTS) and four former Exel executives who went to work there.

The lawsuit alleges that a computer forensics investigation discovered a conspiracy in which disloyal insiders and former employees hacked into Exels computer network to steal trade secrets and that the stolen information helped TTS quickly launch its new business.

Matt Yarbrough, a former federal cyber crimes prosecutor, now with the Fish & Richardson law firm, represents Exel, This is no different than your child cheating off the paper of the child sitting next to them. You wouldn’t put up with that conduct for your kid. You certainly wouldnt want corporate CEO’s and executives in American industry doing the same thing.

The lawsuit accuses two of the former Exel executives, Mike Musacchio and Roy Brown, are accused of installing a backdoor into Exels computer system.

An exhibit in the lawsuit features a series of email messages titled Youwill enjoy this that were exchanged between Musacchio and Brown last October. Musacchio, who had left Exel a month earlier to set-up TTS, asked Brown, who was still working at Exel, ?how are we going to get into email after you leave? Brown left Exel three days later for TTS after replying, Not a problem.

I have the back door password that only I know and no one else can change. Musaccho replied, Beauty! Yarbrough says the beauty of the alleged scheme was that the backdoor was the equivalent of having a secret entrance into the vault for the companys crown jewels. Whenever you have super user backdoor into any corporate network or enterprise you can do whatever damage you want to commit, as much ransacking or taking of that corporate information that you want to, Yarbrough said.

The lawsuit alleges that Exels computer network was hacked into almost 1200 times and that the defendants accessed the email accounts of 65 of Exels top ranking employees. Damman says he feels betrayed, It’s a very strange feeling to think that somebody has seen everything that you have seen. Everything that you have sent. Everything you have received from business people, my boss, from customers, from my wife. It’s a strange feeling.

A written statement from Thompson & Knight, the Dallas law firm defending TTS, says that Musacchio and Brown, Were told in April of this year to resign or be fired. They have not been with the company since that time. They are not receiving legal assistance from the company. This company (TTS) is built on high ethics and excellent service to the industry.

TTS admits, in a court filing, that it currently has Exels documents on its computer system but doesnt know how those documents were obtained. TTS denied all allegations that the company participated in hacking or stealing trade secrets.

The attorneys for Musacchio and Brown declined to comment. Brown took the 5th Amendment privilege against self incrimination 45-times in response to questions in the lawsuit about hacking and stealing Exels trade secrets. Musacchio took the 5th Amendment in the lawsuit when asked if after leaving he accessed the email accounts of five Exel employees, including its president Jim Damman.

The lawsuit alleges that the hackers brazenly created exact replicas of Exels documents, such as contracts, budget templates, and spreadsheets, for use in connection with TTSs business.

Damman says the looted information included a $300,000 marketing study. Its scary its something we all have to watch out for in this electronic day and age that we are in. People talk about identity theft all the time. This is just a big example.

Continue Reading

Dallas Attorney Matt Yarbrough Highlighted Among Dallas’ Top Corporate Defenders

DALLAS — Business attorney Matt Yarbrough, founder of The Yarbrough Law Group and Yarbrough Strategic Advisors in Dallas, once again has earned a spot among North Texas’ top business defense attorneys. Mr. Yarbrough is one of 15 attorneys profiled in “The Defenders,” a special section published in the May 22 edition of the Dallas Business Journal.

To compile “The Defenders” listing, Dallas Business Journal editors solicited nominations from across Dallas/Fort Worth in search of attorneys whose reputations and track records put them among the area’s top defense attorneys for corporate clients. Mr. Yarbrough is the only 2009 honoree to have been previously recognized in “The Defenders,” having first earned the honor in the 2007 version of the list.

Continue Reading

“It all comes down to digital information and communication. The lawyers and businesses who understand that and know how to use digital information and how electronic evidence plays out in the courtroom are the ones who are going to win.” – Matt Yarbrough, President, Yarbrough Strategic Advisors

At Yarbrough Strategic Advisors (YSA), we consistently take AmLaw 100 Law Firms and Fortune 500 companies to trial victories. We know how to turn electronically stored information into evidence that gets results. We were among the first to do it. We know how the other side thinks.

YSA stands at the intersection of business, technology and litigation. A unique team of experts, YSA comprises industry leaders in fraud investigations, computer forensics and business litigation. Our combined experience and expertise generates the best possible solutions for our clients. Our specialists provide you with a comprehensive approach to your business and litigation-related problems. Our team of Masters of Business Administration, Juris Doctors, Certified Public Accountants, Department of Justice (DOJ) prosecutors and investigators, Homeland Security professionals and certified computer forensic examiners are responsive and efficient. We work with you to identify the issue, create a solution and execute in a manner that protects and promotes your interests.

YSA can quickly deploy anywhere in the world a team of skilled professionals to investigate, analyze and create solutions for the challenges you face. An integrated team of professionals who excel in their individual fields, we dig deep into your business to get to the root of the problem. We have the experience and the expertise in house to tackle any conflict you might have – from internal corporate fraud to corporate disputes to theft of intellectual property.

With YSA, there is no “B” team. You always get the best. We bring all of our resources to bear on each and every project.

Continue Reading