Prosecution:
With the rising popularity and price of cryptocurrency, cryptojacking is becoming a serious threat to individual and company devices. While cryptojacking can seem rather harmless, it can actually leave holes in the security of the device and cost the victim thousands in device damage and energy usage. Let us look at a federal case that involved cryptojacking.
The defendant was a computer programmer out of Washington. She was described to be mentally unstable by one of the “few” friends she had, making it hard for her to make and keep friends. She often displayed erratic behaviors online in computer programming and hacking forums, even bragging about people she had cyber-attacked.
One day on an information sharing site, the defendant had shared information from a credit card company’s cloud-based information system and placed mining malware onto their cloud system with the help of another user. Afterwards, the second user alerted the company to the possible intrusion in mid-July. After the company concluded that there was an intrusion, the FBI was contacted to do an investigation of the hacking.
After the FBI did a thorough investigation, they were able to determine the identity of the hacker. They executed a search warrant to seize all of the defendant’s devices and recovered data that was stolen, along with evidence that proved that she was involved with cryptojacking using mining malware on the company’s cloud-based computer system.
It was determined that the intrusion of the company’s cloud-based system was in March, but they were not made aware of it till the middle of July of that same year. The defendant was placed under arrest and is now awaiting trial. Additionally, charges were added after reviewing her online activity and cross referencing it with other companies that she had hacked with mining malware.
Defense:
With technology advancing at high rates of speed, cybercrimes are also proliferating, making it harder for the everyday consumer to stay protected against threats. Many times, we don’t know the threat even occurred until it is too late. Cryptojacking is a threat that causes a computer to slow down and get hot which may be overlooked by the consumer.. Let us look at a case where a remote employee fell victim to mining malware.
John Doe is a work from home or remote employee using company-issued devices in order to accomplish his work. A few weeks into working, he noticed that his devices were slowing down a lot. He notified his company who gave him some pointers on how to improve the speed of his device. While he tried to implement those pointers, they ultimately were not successful in improving the device’s performance.
Eventually, John Doe was let go from his employer because of work performance metrics not being met. Because John Doe loved his job and had invested a good amount of time into it, he was not willing to let it go and decided to hire an attorney.
His attorney recommended that the device be sent to a digital forensic company for analysis to see whether it could truly support the level of productivity expected by the company. With the company’s permission, the digital forensics agents got to work collecting digital evidence. After analyzing the data contained on the device, they were able to conclude that John Doe was not responsible for the lack of productivity and that the device had been attacked by mining malware.
Without the admissible evidence collected from the digital forensics company, John Doe would still be out of a job and could potentially have been held liable for any damages incurred from the mining malware to the devices. Now that the company knows that the employee is not at fault, they can pursue the actual party responsible for any damages incurred and implement safer online practices.