Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: gotomypc - data from a compromise?

From: "security () nuvox net" <security () nuvox net>
Date: 07 Mar 2003 14:02:07 -0500
Some information that I have collected:

Combating Nonviral Malware - Trojans, sniffers and spyware, oh my!
http://www.infosecuritymag.com/2002/may/combatingmalware.shtml

Check Point Notes - Remote Access Application - GoToMyPC 
http://www.checkpoint.com/techsupport/documentation/smartdefense/2002/cpai-2002-14.html

Pest Patrol considers GoToMyPC a "pest"
http://www.pestpatrol.com/pestinfo/db/g/gotomypc.asp

--and the good stuff--
(Thanks Mary)

U.S. Arrests Queens, New York Man on Computer Fraud Charges 
  
JAMES B. COMEY, United States Attorney for the Southern District of New
York, announced today that JUJU JIANG, 24, of Flushing, Queens, New
York, was arrested on charges of computer fraud for attempting to gain
access to the accounts of numerous subscribers of GoToMyPC.com, a
computer services company that provides subscribers with remote computer
access, and successfully taking control of one of those accounts.

According to the one-count Complaint filed today, JIANG, operating from
his home in Flushing, and using a computer program designed to record
computer passwords and user names, attempted to gain access to the
computer accounts of approximately 15 subscribers of GoToMyPC. 

As described in the Complaint, GoToMyPC is a company that offers
individuals the ability to remotely access their personal computers from
any computer connected to the Internet. According to the Complaint,
JIANG obtained these users' passwords and user names by installing
computer software for this purpose at a Kinko's located on Seventh
Avenue in Manhattan. JIANG then used these passwords and usernames in
attempts to gain access to those subscribers' personal computers in
order to obtain credit card and other information stored on those
computers, it was alleged. 

As described in the Complaint, JIANG's alleged fraud came to light after
a subscriber of GoToMyPC (the "Victim"), who was at home, heard his
personal computer ("PC") turn on without any action on the subscriber's
part and then observed the cursor of the PC move around the screen and
files on the PC being accessed and opened as if by remote control.
Afterwards, as alleged in the Complaint, the Victim observed his
computer access a website known as www.neteller.com ("Neteller"), an
online payment transfer service, and observed an account in his name
being opened at Neteller, also without his authorization. 

A short time later, the Victim allegedly observed his computer accessing
the website for the American Express Corporate card and, using
information stored on his computer, saw his computer attempt to access
his corporate American Express card account file. According to the
Complaint, upon viewing this unauthorized activity, the Victim manually
regained control of his PC, terminated the computer session, and
contacted officials of Neteller in order to direct them to close the
unauthorized Neteller account that had been opened in his name.

According to the Complaint, computer records maintained by GoToMyPC
traced the unauthorized intrusion of the Victim's account to JIANG's
home. The Complaint alleged that, upon searching JIANG's Flushing
residence, agents observed one of JIANG's computers executing a program
known as a "brute force attack," a program frequently used by computer
hackers to gain unauthorized access to other persons' computers. 

If convicted, JIANG faces a maximum sentence of 5 years in prison and a
$250,000 fine.

Mr. COMEY praised the investigative efforts of the United States Secret
Service Electronic Crimes Task Force. He said the investigation is
continuing. Assistant United States Attorney JOSEPH V. DeMARCO is in
charge of the prosecution.

The charges contained in the Complaint are merely accusations, and the
defendant is presumed innocent unless and until proven guilty.


--
Scott Lesley



On Wed, 2003-03-05 at 17:27, security () nuvox net wrote:

After googling for a while, I have found out much about what gotomypc
does, but I haven't run across any actual data from a compromise.

Does anyone out there have such data, or can you direct me to a site
that has it posted?

I am looking for specifics on 
      1 - how it was compromised
      2 - what activity caused it to be noticed
      3 - evidence that supports the data (log files, etc)
      4 - information on "damage control" after the fact

Feel free to email me offlist if you prefer.

--
Scott Lesley
Previous By Date Next
Previous By Thread Next

Current thread: