Empire Flashcards
Briefly, because we’re going to explore it further, can you just generally list what you found to support that?
i. It was not a mistake, The missile alert was issued by EmpiCode on purpose
ii. By someone in Pasqual
ii. Who knew how to hack in already
iv. Only one person in Pasqual knew how to hack in already, that was Jo Tierne
V. their desk top was purposefully erased, they did not use their work laptop, they certainly had the capability to do it from a personal laptop
What did you review in coming to this conclusion?
i. I spoke with the FBI agent about their investigation, and I read the lead agent’s report.
ii. I read transcripts and affidavits of pertinent persons
iii. And I reviewed numerous exhibits
iv. Most importantly, I spoke with the IT department and reviewed their logs
So, let’s move to how, on a Tuesday morning in January 2020, when people were sent running for their lives. You said that a computer was logged into EmpiCode’s system and that IT automatically records who logged in and how, so can’t we just look there and see who did it?
No, you cannot. The IT records show that there were two entries into the alert webpage, but the person who accessed the EmpiCode network to get to that page did not do it by entering a username and password. The major flaw in the security system is that instead of kicking that user out, the server let that person.
Is there any evidence whatsoever that anyone else knew how to do that, or whether an outside person was attempting to do that?
Like i said, only one person knew how to do that, jo tiernee. There is no evidence that anyone inside or outside of empicode knew how to do that, and there is no evidence that anyone else ever tried, which you would see in the logs.
Explain the significance of the two IP addresses, one for each hack that day
The internal log captured two requests to the EANS page and the corresponding emergency messaging system. One request was to access the page itself, while the other was a command to send the alert message. Both originated in Pasquale and were separated by a very short period of time, like 2 hours apart.
So, Dr, if there was a deleted history from his desktop, and no history on his company-issued work laptop, how would the defendant accomplish this task?
The defendant finally learned how to gain access to the EANS from his desktop, then deleted it. This would explain the initial IP access that we see. Then, they left knew how to hack the system. He either did it from two locations, or did what is called IP masking to make it look like the hack came from two different places and failed.
What significance do you attribute to the fact that the defendant was at one point using his desktop, but was also connected remotely from his work laptop?
I found it odd that the defendant’s work laptop, meant for working remotely, was sitting next to the desktop in his cubicle, and that his worktop was still connected. This is a method of coverup that cybercriminals use to make it seem like they were working at the time of the crime, when in fact, they were not working on these devices.
