The latest targeted attack incident being studied by security pros - a simple online dating scam that endangered NASA's secrets.
A Nigerian man has been sentenced to 18 months in prison for wooing a NASA employee so he could sneak malware onto her work computer and steal passwords, banking information and 25,000 screenshots.
Akeem Adejumo, a 22-year-old Nigerian citizen, pleaded guilty and was sentenced to 18 months in prison by the Lagos State High Court in Nigeria late last month. He was initially charged with four counts but pleaded guilty to two counts of obtaining goods by false pretences and forgery.
Jeff Taylor, US Attorney for the District of Columbia, said Adejumo did not target the woman because she worked for the government. He tried to scam several hundred women and was successful with several. Taylor noted that this case focused on the NASA employee but two other victims were considered part of the same scheme so there most likely will be no further prosecution.
According to Taylor and an investigator with NASA's Office of the Inspector General, Adejumo first contacted the NASA employee in November of 2006 on the online dating site Singlesnet.com.
Posing as a Texan by using a phony picture and background information, Adejumo courted the woman for several weeks before he sent her an email at her work address with an attachment that contained a phony photo of his phony persona. When she opened the attachment to see the picture, her system was automatically infected with a commercially available piece of spyware.
The spyware, which did not spread to other computers on the NASA network, was first downloaded onto her computer on November 21, 2006. It harvested private email, the woman's passwords, her Social Security number, driver's license information and her home address before it was detected on December 7.
During those few weeks, it also captured 25,000 screenshots of whatever she had up on her screen at the time, according to a DOJ official who worked on the investigation but asked not to be identified.
The investigator from the Inspector General's Office, who also asked not to be named, said some NASA information was harvested from the woman's computer but nothing critical was taken. "Fortunately, the victim did not have access to sensitive information," he added. "Some of her work product was taken, [but] it was mostly her personal information."
The inspector noted that NASA's IT security team caught the spyware when sensors detected that the screenshots leaving the network. Once they saw what was happening, they immediately pulled the plug on the worker's network connection, he added.
Once NASA's security team discovered the spyware, investigators analysed the victim's network traffic logs and obtained search warrants and subpoenas to get information from the email accounts that the attacker was using. The investigator said Adejumo mainly used a Yahoo account. From those accounts, investigators culled his IP addresses and then contacted the Nigerian Economic and Financial Crime Division, which carried on their own investigation in Nigeria.
Adejumo was arrested in April of 2007.
"It's a very important case," said Taylor. "There is just as much crime out there in the virtual world as in the real world. This sends a message that while you think you're doing these crimes under the cloak of anonymity and distance, we do have the tools to catch you."
Taylor also noted that it was a big step for US investigators and prosecutors to work so closely with Nigerian officials. "It's important no matter where it happens," he added. "To the extent that there has been a good deal of [computer crime] in Nigeria, it's important that the Nigerian authorities caught him and are sending him to prison."
Ken van Wyk, principal consultant at KRvW Associates, and an IT security veteran, said the case is a good sign that international law enforcement cooperation is improving. "I have seen cooperation [in the past] but it has been so dreadfully slow and painful that we didn't make much progress," he added. "[Criminals] knew there wasn't cooperation and if there was, it was a tedious process. We've made this a lot faster than it used to be."
NASA did not say if the victim was reprimanded or released from her job because of the incident. Taylor said that, so far, it does not appear that her personal information has been used to steal her identity.