After five years of investigation, Ashley Liles, a former sysadmin at a business in Oxford, England, has been convicted of a Man-in-the-Middle (MitM) cybercrime. MitM attacks depend on someone or something intercepting messages sent to a recipient and modifying them to deceive the receiver, and these types of attacks are usually performed by machines. Liles, however, modified email messages from the original crooks to his bosses by editing the Bitcoin addresses listed for the blackmail payment, and spoofed messages from the original crooks to increase pressure to pay up. Despite wiping his computer, phone, and USB drives, Liles was linked to the crime by data recovered from his devices. This case highlights the importance of dividing and conquering sysadmin access, keeping immutable logs, and getting independent, objective confirmation of security claims.
MitM attacks are a type of cybercrime that depends on someone or something intercepting messages sent to a recipient and modifying them to deceive the receiver. These types of attacks are usually performed by machines, but in the case of Ashley Liles, a former sysadmin at a business in Oxford, England, it was a man in the middle. Liles modified email messages from the original crooks to his bosses by editing the Bitcoin addresses listed for the blackmail payment, and spoofed messages from the original crooks to increase pressure to pay up. Despite wiping his computer, phone, and USB drives, Liles was linked to the crime by data recovered from his devices.
This case highlights the importance of dividing and conquering sysadmin access, keeping immutable logs, and getting independent, objective confirmation of security claims. By avoiding situations where individual sysadmins have unfettered access to everything, it becomes harder for rogue employees to concoct and execute “insider” cybercrimes without co-opting other people into their plans, and thus risking early exposure. Keeping immutable logs makes it as hard as possible for anyone, whether insider or outsider, to tamper with official cyberhistory. Finally, getting independent, objective confirmation of security claims is essential, as few sysadmins are 100% right all the time.
This case is a reminder that cybersecurity threats can come from within a company as well as from external sources. It is crucial to have measures in place to detect and prevent insider threats, as well as to respond to external attacks. Sophos Managed Detection and Response offers 24/7 threat hunting, detection, and response to help companies stay on top of cybersecurity threats. By always measuring and never assuming the effectiveness of cybersecurity measures, it is possible to reduce the risk of cybercrime and protect company assets.
In conclusion, the case of Ashley Liles highlights the need for companies to be vigilant against insider threats, to keep immutable logs, and to get independent, objective confirmation of security claims. By taking these measures, businesses can reduce the risk of cybercrime and protect their assets. Sophos Managed Detection and Response offers a way to respond to cybersecurity threats 24/7, allowing companies to focus on other aspects of their business.
