Page 46 - Cyber Warnings
P. 46
How many infections could be attributed to each of the separate co-defendants vs. other
SpyEye customers
The harm here would be calculated by the total number of infections for which each co-
defendant was found responsible times an average remediation cost. The prosecution
produced a range of costs. The defense argued that anti-virus software was freely available
and already bundled with and automatically updated on virtually all PCs.
The defense argued that this free anti-virus software, as long as it was "allowed to run", would
prevent SpyEye infections, and if any existing infections were found, it would be 100% effective
in restoring the system to its pre-infection state at zero cost to the user. In the end, the judge
accepted the lowest figure in the range quoted by the prosecution.
Harm Attributed to Stolen Data
In the second instance, the following issues were argued:
How many "access devices" were discovered in each co-defendant's possession
The average financial harm attributed to a stolen access device
What constitutes an access device
Factors that might influence the financial harm attributed to the theft of an access device
The court guidelines are clear that USD $500 is to be considered the average financial harm
attributed to stolen access devices. The bulk of the testimony involved how many incomplete or
duplicate records existed in the evidence recovered from the various computers and external
hard drives that were in in Bendelladj's possession when he was arrested.
This was the subject of multiple rounds of lengthy witness examination and the biggest
contributor to the "highly unusual" five-day length of the hearing. At one point, an expert
witness for Bendelladj's defense team spent quite some time setting up a Raspberry Pi and
projecting the connected LCD panel's output onto a screen just to run the "grep" and "comm"
Linux commands a single time each.
To be fair, the numbers produced would form the facts that directly correlated with how many
months Bendelladj would be sentenced to spend in a federal prison.
On the other points, some records contained personal customer information, but no credit card
number, some lacked CVV2 codes, and others had card expiration dates that had passed.
Payment card data lacking these details may not seem very useful, and indeed they sell for far
less in underground markets, but "carders" can use the information to get cads reissued, use
criminal-to-criminal (C2C) services to fill in missing details, and find other ways to monetize
records with these missing bits.
46 Cyber Warnings E-Magazine – May 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
