Anatomy of a cyber-attack

It is hard to operate in cyberspace without leaving a trail. The September 25th cyber attack on deproxfraud.info, and whistleblower Richard Marsh’s personal Facebook, Google, Gmail, Twitter, Dropbox, Vimeo, WordPress, YouTube and Twitter accounts shows a particularly grubby set of fingerprints that the Norfolk CID will doubtless be familiar with…

Richard Marsh is resident in Saskatchewan, Canada, and has been since January 2017. Thus when social media sites detected “persons unknown” logging in to the administration areas of his websites and pages from locations in Norfolk UK, they automatically sent out Security Alert emails to the page or website owner.

From the flurry of security alerts received on the 25th and 26th September, an exact timeline of the hacker’s activity can be constructed. Note that the email times are for Saskatchewan, which is 7 hours behind the UK. The hacker started by illegally accessing Richard’s Twitter account at 20.33 from a location in King’s Lynn, Norfolk. This generated the security alert below at 13.33 Saskatchewan time.

fentiman hack

September 25th, 2017

13.33 Twitter new login from King’s Lynn, Norfolk

13.40 Facebook password reset

13.47 Twitter password reset

13.54 Twitter email address changed

14.34 WordPress (deproxfraud.info) email address changed

15.22 Vimeo account deleted

15.23 Gmail account security alert: Sign in from a Blackberry device in the UK

18.31 Dropbox account accessed from Terrington St. Clement, Norfolk

19.33 New email address “rubbish@sasktel.net” added to LinkedIn account

September 26th, 2017

01.58 Romer Photonics Company page removed from LinkedIn

05.16 Facebook account login from Whittlesford, UK

The directors of Hygiene Solutions Ltd and their partners in crime might like to contemplate the fate of young Gareth Crosskey, who was sentenced to a year in prison for hacking a Facebook Account.

fentiman hack facebook

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s