Cybersecurity Analyst and Analysis of Case Studies on Cybercrime

Final Project Selection Paper
Student Name
University/College
Course
Professor's Name
Due Date
My career selection role is that of a cybersecurity analyst, because it is an increasingly fulfilling and relevant job in the contemporary society. As a result of the rapid proliferation of internet technologies in the business industry, several benefits have been attained, such as increased productivity. On the other hand, the revolution in technology has also brought forth challenges such as hacking, distributed denial of service, phishing, pharming, and so forth. All these attacks threaten a firm's productivity and soundness and people's accounts by causing reputational damage, financial loss, and operational damage (Xu et al., 2018). This leads me to say that a cybersecurity analyst job is necessary for all businesses, as they reinforce proactive risk mitigation rather than reactive measures. The role of a cybersecurity analyst, such as monitoring, detecting, and analyzing cybersecurity threats and setting up measures to mitigate the risks, will ultimately be very fulfilling.
A critical reflection indicates that my entire educational journey has constantly driven me to this career path. I have learned to be detail driven and have an eye for detail, which will help me perform vulnerability assessments, spot the system's vulnerabilities, and propose the most appropriate measures. Additionally, my analytical skills are sharp, and I can solve complex problems presented to me by hackers. When equipped with cybersecurity analyst knowledge, I can solve problems pertaining to identity theft. For instance, in Gonzales's case, I will help in analyzing his network traffic and track any unusual pattern. Additionally, I will help assess the organizations for vulnerabilities that cyber attackers can use, such as Gonzales. Later, involve law enforcement and develop measures to prevent such an occurrence from happening. As long as technology keeps evolving, so do the techniques that cybersecurity attacks will; hence it is important that I, as a cybersecurity analyst, stay updated and be one step ahead of them. So is the saying, "if you want to catch a thief, act like one."
Case study 1-Identity Theft
Procaccino, J. D., & Sanchez, M. H. (2016). A real world case of identity theft. Review of Business & Finance Studies, 7(1), 105-111. Available at: /RePEc/ibf/rbfstu/rbfs-v7n1-2016/RBFS-V7N1-2016.pdf#page=107
Local Bank and Checking Account
Jim, a resident of the Northeast, returned home from a week spent out-of-state on vacation. Later the same day, Jim went to the local branch of his bank to cash a personal check. The branch was located across the street from his home and some of the bank tellers knew him as a regular customer. Jim was informed by the bank that his account had insufficient funds to cover the amount of the check. Knowing that there should have been approximately $5,000 in the account, he was a little confused. He thought that perhaps he had made a mistake and had inadvertently tried to cash the check on a different checking account. However, he soon realized that it was the correct account and that he had been the victim of fraud. Jim asked the bank teller how his account had insufficient funds to cash his check and he was told that a check had been recently cashed from that account in the amount of $5,200. Jim then asked for a copy of the check in order to see who had signed it. The bank indicated that the signature resembled the one they had on file for him (apparently in a folder), and although while not a match, the signature on the check was close enough for the teller not to question the validity of the fraudulent check. The thief had a fraudulent driver's license with the victim's name on it and the thief's picture, who was a different race than Jim. The teller who accepted the check from the thief was not one of the tellers who knew Jim.
A representative from the bank informed the victim that the bank had video of the person who had cashed the fraudulent check. Jim was further told that the video was recorded earlier the same day that he had come into the bank upon returning from vacation. He asked the bank to produce the video, but they never did. Jim demanded that the stolen funds be placed back in his account. However, due to the timing of the thief cashing a check and the Jim's attempt to cash another check, the bank had reason to suspect that the 'victim' might be attempting to 'defraud himself', pretending to know nothing about the situation and then claiming he was the victim of fraud. The bank said that they would only place the funds back in the account if local police were satisfied that he had nothing to do with the situation. After being questioned by detectives, Jim agreed to take a polygraph test at taxpayer expense. The test was delayed for weeks, despite the victim pressing to take it as soon as possible so he could get the funds placed back in his account. Jim demanded to take the test but couldn't get detectives to return his phone calls, and he eventually contacted a supervising officer in the police department. He explained the delay and the lack of response from the detectives. The test was then scheduled to be administered a few days later. Jim passed the test and then took the test a second time to verify the results, which he also passed. (Prior to taking the polygraph, the tester talked with Jim for 10-15 minutes, asking him questions about his family life, parents' occupations, his brothers and sisters, what he does for a living, hobbies, etc., in order to get to know him a little bit. The tester said that he had been administering these tests for about 25 years and he told Jim after the test results were completed that he knew from talking with him that he had nothing to do with the situation.) The police then sent a letter to the head of security of Jim's bank acknowledging the result of the tests. A week later the $5,200 was deposited back into the victim's account, which was about three months since the initial discovery of fraud.
Check Printing
Jim had previously used an Internet-based check printing company for his personal checks in order to save money. He did not know how the thieves gained access to his checking account number, but armed with that number, as well as, presumably, his mother's maiden name, they were able to successfully order the fake checks. These checks were out of sequence from the Jim's actual checks. Also, the style of the fraudulent checks (very generic) was not the same as the checks Jim had previously ordered. The thieves had the checks overnighted to Jim's house so they would know when to wait outside of his house in order to 'intercept' the package, posing as Jim. This way, they could avoid filing a change of address with the check printing company, which may have raised suspicion. (It was unclear if the thieves knew the victim was away on vacation.) Jim had previously noticed a check for a small amount that had cleared his checking account that was payable to a local branch of a National automotive service center. (He later learned the check was for some automotive parts.) The thieves used the check to test to see if the check would clear the bank. Jim saw that this small check had cleared his account, but he was busy preparing to leave for vacation at the time, and as a result, did not put a hold on the account and look into the matter with his bank. The thieves had apparently verified the current balance in the checking account with the bank, as the small test check was followed up with the $5,200 withdrawal, almost emptying out the account. Subsequently, Jim got a phone call from the garage informing him that he owed for some repairs. He immediately informed the garage that this was a fraudulent transaction, as he had only purchased gas there, but never had repairs done. Jim was informed that the purchase was made by a woman with a child in a Jeep Cherokee. Jim explained that he wasn't married, had no children, and didn't own that vehicle. The garage rep said he had written down the VIN number in case it was fraud. Jim told him to report this information to the local police department, as the detectives are currently working on the case. The garage reported the information and the following day the local police department informed Jim that the VIN number from the Jeep Cherokee matched the VIN of a van registered to a company in Northern New Jersey.
Credit Cards
Fraudulent activity also occurred with Jim's credit cards. The thieves had enough information to re-open two previously closed credit accounts, including one that had been paid off for the final time about five years earlier. The thieves were able to supply enough of Jim's personal information, which presumably included his Social Security number, full name, mother's maiden name, home address, telephone number and account number. Posing as Jim, they used the excuse that the he was going on vacation, and needed checks and credit cards. After the request was made, they waited for delivery outside of Jim's residence, possibly showing fraudulent identification to the driver. This part of the scheme was made easier as Jim lived in a condominium. Had Jim lived in a single-family home, this scenario may have raised some suspicion. While he was away on vacation, thieves went on a shopping spree in local malls with fraudulently obtain credit cards, buying thousands of dollars of mostly children's clothing. (Jim had no children.) It was not known how the thieves obtained Jim's personal information necessary to perpetrate the fraud. One of the only hints may be that a few pieces of mail turned out to have been missing during the months leading up to the discovery of fraud, including a credit card statement and a cable television bill. Jim suspected after the fact that the thieves might have been collecting information, specifically account numbers.
Credit Line
Jim also got a phone call from a furniture company which informed him that a piece of furniture that had been backordered had arrived for him. The thieves had applied for credit and purchased a few thousand dollars' worth of bedroom furniture, including waterbeds and dressers. They had previously picked up their items at the store rather than have them shipped to a location. So when the backordered item arrived and the thieves were long gone, the store called the Jim, who subsequently went to the financial institution that had provided the credit for the furniture purchases. He was told by the financial institution that the people who applied for the credit came into the location in person, where they completed the paperwork (and/or possibly were told that they needed to be interviewed regarding their financial situation). Jim inquired as to who was the furniture rep that met with the thieves, and he was told that that individual no longer worked at the store and could not be located. Subsequently, Jim heard that this person had been associated with some other suspicious transactions actions at the same financial institution, but it was not known if this person had anything to do with this situation.Jim asked a rep at the financial institution why someone didn't call to verify his place of employment, and he was told that someone did call, and 'verified' his employment there. However, Jim had never been employed by the company that was called. Jim, who had earned an associate's degree in Science and Law Enforcement, played detective, even prior to police involvement, and worked as his own advocate in order to find those responsible. He made a point to go to the various organizations involved in this case in order to speak face-to-face with supervisors, including those at the furniture store, financial company and bank. Jim felt that looking into his case was also good for his psyche, being able to do something and not feel so helpless.
Wrap-up
The thieves had taken money from the victim's checking account (through the fraudulent checks), made purchases using Jim's credit card, run up charges related to car repairs, and used credit in his name to purchase furniture. In all, approximately $15,000 in fraudulent charges was made. In the end, the Jim was able to get back almost all of the stolen funds, including the $5,200 withdrawn from his checking account, as well as the various fraudulent charges made on credit cards (Jim recalled that he did not get back the small amount of the original check the thefts used to 'test' his checking account). Jim had to straighten out his credit report with the three reporting agencies, providing them with reports from local police. In addition, he requested that his bank, credit card companies, and loan institution report the fraud to the credit reporting agencies, which they did. He also put a fraud alert on his credit with the three agencies.Jim continues to get credit reports to insure that everything is straightened out, and his credit rating has remained high. He was able to get everything resolved within one year, but it cost him many hours making phone calls, going to meetings and writing letters. No one who committed any of the fraudulent activity related to his case was ever identified.
Case Study 2
Verini, J. (2010). The Great Cyberheist (Published 2010). The New York Times Magazine. Available at: /2010/11/14/magazine/14Hacker-t.html
One night in July 2003, a little before midnight, a plainclothes N.Y.P.D. detective, investigating a series of car thefts in upper Manhattan, followed a suspicious-looking young man with long, stringy hair and a nose ring into the A.T.M. lobby of a bank. Pretending to use one of the machines, the detective watched as the man pulled a debit card from his pocket and withdrew hundreds of dollars in cash. Then he pulled out another card and did the same thing. Then another, and another. The guy wasn't stealing cars, but the detective figured he was stealing something.
Indeed, the young man was in the act of "cashing out," as he would later admit. He had programmed a stack of blank debit cards with stolen card numbers and was withdrawing as much cash as he could from each account. He was doing this just before 12 a.m., because that's when daily withdrawal limits end, and a "casher" can double his take with another withdrawal a few minutes later. To throw off anyone who might later look at surveillance footage, the young man was wearing a woman's wig and a costume-jewelry nose ring. The detective asked his name, and though the man went by many aliases on the Internet — sometimes he was cumbajohny, sometimes segvec, but his favorite was soupnazi — he politely told the truth. “Albert Gonzalez,” he said.
After Gonzalez was arrested, word quickly made its way to the New Jersey U.S. attorney's office in Newark, which, along with agents from the Secret Service's Electronic Crimes Task Force, had been investigating credit- and debit-card fraud involving cashers in the area, without much luck. Gonzalez was debriefed and soon found to be a rare catch. Not only did he have data on millions of card accounts stored on the computer back in his New Jersey apartment, but he also had a knack for patiently explaining his expertise in online card fraud. As one former Secret Service agent told me, Gonzalez was extremely intelligent. "He knew computers. He knew fraud. He was good."
Gonzalez, law-enforcement officials would discover, was more than just a casher. He was a moderator and rising star on Shadowcrew.com, an archetypal criminal cyberbazaar that sprang up during the Internet-commerce boom in the early 2000s. Its users trafficked in databases of stolen card accounts and devices like magnetic strip-encoders and card-embossers; they posted tips on vulnerable banks and stores and effective e-mail scams. Created by a part-time student in Arizona and a former mortgage broker in New Jersey, Shadowcrew had hundreds of members across the United States, Europe and Asia. It was, as one federal prosecutor put it to me, "an eBay, Monster.com and MySpace for cybercrime."
After a couple of interviews, Gonzalez agreed to help the government so he could avoid prosecution. "I was 22 years old and scared," he'd tell me later. "When you have a Secret Service agent in your apartment telling you you'll go away for 20 years, you'll do anything."
He was also good-natured and helpful. "He was very respectable, very nice, very calm, very well spoken," says the Secret Service agent who would come to know Gonzalez best, Agent Michael (a nickname derived from his real name). "In the beginning, he was quiet and reserved, but then he started opening up. He started to trust us."
The agents won his trust in part by paying for his living expenses while they brought him to their side and by waiting for Gonzalez to work through his withdrawal. An intermittent drug addict, Gonzalez had been taking cocaine and modafinil, an antinarcoleptic, to keep awake during his long hours at the computer. To decompress, he liked Ecstasy and ketamine. At first, a different agent told me, "he was extremely thin; he smoked a lot, his clothes were disheveled. Over time, he gained weight, started cutting his hair shorter and shaving every day. It was having a good effect on his health." The agent went on to say: "He could be very disarming, if you let your guard down. I was well aware that I was dealing with a master of social engineering and deception. But I never got the impression he was trying to deceive us."
Gonzalez's gift for deception, however, is precisely what made him one of the most valuable cybercrime informants the government has ever had. After his help enabled officials to indict more than a dozen members of Shadowcrew, Gonzalez's minders at the Secret Service urged him to move back to his hometown, Miami, for his own safety. (It was not hard for Shadowcrew users to figure out that the one significant figure among their ranks who hadn't been arrested was probably the unnamed informant in court documents.) After aiding another investigation, he became a paid informant in the Secret Service field office in Miami in early 2006. Agent Michael was transferred to Miami, and he worked with Gonzalez on a series of investigations on which Gonzalez did such a good job that the agency asked him to speak at seminars and conferences. "I shook the hand of the head of the Secret Service," Gonzalez told me. "I gave a presentation to him." As far as the agency knew, that's all he was doing. "It seemed he was trying to do the right thing," Agent Michael said.
He wasn't. Over the course of several years, during much of which he worked for the government, Gonzalez and his crew of hackers and other affiliates gained access to roughly 180 million payment-card accounts from the customer databases of some of the most well known corporations in America: OfficeMax, BJ's Wholesale Club, Dave & Buster's restaurants, the T. J. Maxx and Marshalls clothing chains. They hacked into Target, Barnes & Noble, JCPenney, Sports Authority, Boston Market and 7-Eleven's bank-machine network. In the words of the chief prosecutor in Gonzalez's case, "The sheer extent of the human victimization caused by Gonzalez and his organization is unparalleled."
At his sentencing hearing in March, where he received two concurrent 20-year terms, the longest sentence ever handed down to an American for computer crimes, the judge said, "What I found most devastating was the fact that you two-timed the government agency that you were cooperating with, and you were essentially like a double agent."
IN APRIL, I visited Gonzalez at the Wyatt Detention Center in Central Falls, R.I., situated by a river and a pleasant place as jails go. Once muscular and tan, Gonzalez, who turned 27 and 28 behind bars, was pallid and thin. His khaki uniform hung on him baggily, and his eyes were bloodshot behind wire-rim glasses. Occasionally a mischievous smile played on his face; otherwise, he looked through the wire-glass partition with a sympathetic but inscrutably intense stare.
He didn't want to talk about his crimes at first, so in a soft voice he told me about his ex-girlfriend, who had stopped visiting him ("I can't blame her"), about what he'd been reading ("Stalingrad," by Antony Beevor; "Into Thin Air," by Jon Krakauer; essays by Ralph Waldo Emerson), about his thoughts on recent high-profile computer breaches in the news. The public's ignorance about his chosen criminal field baffled him. He had become a fan of National Public Radio at Wyatt, and had recently listened to a discussion of hackers on "Fresh Air." ("Terry Gross is a great host," he wrote me earlier in a letter, but "these authors and co-authors can't possibly be making decent earnings. Are they?") He talked about his childhood and family. His father, Alberto Sr., is a landscaper who as a young man left Cuba on a raft and was picked up by a Coast Guard cutter in the Florida straits. He and Albert share a birthday with Gonzalez's 5-year-old nephew, "whom I love more than anyone in this world," Gonzalez said. His nephew's mother, Maria, Gonzalez's sister and only sibling, "always learned by listening to our parents' advice." He didn't.
Gonzalez bought his first PC, with his own money, when he was 12. He took an interest in computer security after it was infected with a downloaded virus. "We had to call the technician who sold it to us, and he came over," he said in one letter. "I had all these questions for him: 'How do I defend myself from this? Why would someone do this?'" He got over his indignation easily enough, and by the time he was 14 had hacked into NASA, which resulted in a visit by F.B.I. agents to his South Miami high school. Undeterred, Gonzalez formed a cooperative of "black hats" — curiosity-driven hackers with an antiauthoritarian bent — and acquired a reputation. He gave an interview to the online magazine ZDNet under his new screen name, soupnazi: "Defacing a site to me is showing the admins [and] government . . . that go to the site that we own them," he said. On the side he was also purchasing clothing and CDs online with stolen credit-card numbers. He ordered the merchandise delivered to empty houses in Miami, and then had a friend drive him to pick it up during lunch period.
By the time he dropped out of Miami Dade College during his freshman year, Gonzalez had taught himself, by reading software manuals, how to hack into Internet service providers for free broadband. He discovered he could go further than that and co-opted the log-ins and passwords of managers and executives. "On their computers would always be a huge stash of good information, network diagrams, write ups," he said, audibly enthralled at the memory. "I would learn about the system architecture. It was as if I was an employee."
Gonzalez's closest friend, Stephen Watt, who is now serving a two-year prison sentence for coding a software program that helped Gonzalez steal card data, describes Gonzalez as having "a Sherlock Holmes quality to him that is bounded only by his formal education." Like the other hackers who would go on to form the inner circle of Gonzalez's criminal organization, Watt met Gonzalez when both were teenagers, on EFnet, an Internet relay chat network frequented by black hats. Watt and Gonzalez interacted strictly online for a year, though each lived in South Florida. Once they began spending time together, in Florida and New York, Watt, who is 27, noticed that Gonzalez's talents as an online criminal carried over into his life away from the computer. "He could spot wedding rings at 50 yards. He could spot a Patek Philippe at 50 yards. He would have been a world-class interrogator. He was very good at figuring out when people were lying."
Like many hackers, Gonzalez moved easily between the licit and illicit sides of computer security. Before his first arrest, in the A.T.M. lobby, Gonzalez made his way from Miami to the Northeast after he hacked into a New Jersey-based Internet company and then persuaded it to hire him to its security team. The transition from fraudster to informant was not too different.
After he agreed in 2003 to become an informant, Gonzalez helped the Justice Department and the Secret Service build, over the course of a year, an ingenious trap for Shadowcrew. Called Operation Firewall, it was run out of a makeshift office in an Army repair garage in Jersey City. Gonzalez was its linchpin. Through him, the government came to, in hacker lingo, own Shadowcrew, as undercover buyers infiltrated the network and traced its users around the world; eventually, officials even managed to transfer the site onto a server controlled by the Secret Service. Meanwhile, Gonzalez patiently worked his way up the Shadowcrew ranks. He persuaded its users to communicate through a virtual private network, or VPN, a secure channel that sends encrypted messages between computers, that he introduced onto the site. This VPN, designed by the Secret Service, came with a special feature: a court-ordered wiretap.
Gonzalez worked alongside the agents, sometimes all day and into the night, for months on end. Most called him Albert. A couple of them who especially liked him called him Soup, after his old screen-name soupnazi. "Spending this much time with an informant this deeply into a cybercrime conspiracy — it was a totally new experience for all of us," one Justice Department prosecutor says. "It was kind of a bonding experience. He and the agents developed over time a very close bond. They worked well together."
On Oct. 26, 2004, Gonzalez was taken to Washington and installed in the Operation Firewall command center at Secret Service headquarters. He corralled the Shadowcrew targets into a chat session. At 9 p.m., agents began knocking down doors. By midnight, 28 people across eight states and six countries had been arrested, most of them mere feet from their computers. Nineteen were eventually indicted. It was by some estimates the most successful cybercrime case the government had ever carried out.
"I did find the investigation exciting," Gonzalez told me of turning against Shadowcrew. "The intellectual element. Unmasking them, figuring out their identities. Looking back, it was kind of easy, though. When someone trusts you, they let their guard down."
He did say, however, that he "actually had a bad conscience" about it. "I had a moral dilemma, unlike most informants." On another occasion, when he was discussing the same subject, Gonzalez wrote to me in a letter, "This distinction is very important . . . my loyalty has always been to the black-hat community."
Those captured by the government with his help are less interested in this distinction. "Shadowcrew was not a forum of thugs," a member who occasionally laundered money for Gonzalez told me. This casher served two years in prison thanks to Operation Firewall. "He was a coward who betrayed us all, and I suppose if you believe in karma, he got what he deserved in the end."
Before being arrested, Gonzalez had actually vouched for this casher to the higher-ups at Shadowcrew. He had gone out of his way to help many members, according to the federal prosecutor in New Jersey, Scott Christie, who worked with him on Operation Firewall. Christie says that based on their exchanges when Gonzalez was being recruited as an informant, Gonzalez seemed to be "less interested in money than in building up Shadowcrew." He "gave back to the members in the way of education and personal benefit. Unlike other cybercriminals, he wasn't just out for gain."
Indeed, no one I spoke with compared him to a gangster or a mercenary — preferred honorifics among hackers — but several likened him to a brilliant executive. "In the U.S., we have two kinds of powerful, successful business leaders. We have people like Bill Gates and Steve Jobs, who are the most sophisticated of electronic techni...