Case Study

Investigating a network intrusion for a potential data breach

Stroz Friedberg is a specialized risk management firm built to help clients solve the complex challenges prevalent in today’s digital, connected, and regulated business world

IT Security at a large public organization discovered a data breach when a server holding confidential medical information displayed the message that drives were full when they should not have been. Stroz Friedberg was hired to determine the method of intrusion, the motivation of the intruders, the scope of the intrusion and whether confidential data had been accessed and/or downloaded by the intruders. After obtaining network topology and security information, preserving and analyzing evidence on network logs and over 50 compromised computer systems, performing port scans, and capturing memory dumps of systems, Stroz Friedberg identified that the intruders gained access to a desktop connected to the network through weak password controls three months prior to discovery of the hack. The intruders had then used Hacker Defender files to cloak their activities. Following the cyber-trail of the hackers led to a stash of hundreds of pirated movie files stored on the compromised server and remnants of IRC chat exchanges among the intruders reflecting that use of storage capacity was the purpose of the hack. Examination of the sensitive medical information files found no evidence of access or ex-filtration of these files.


Commentary, new discoveries, and innovative ideas right to your inbox.

Stroz Friedberg

Sorry! You are using an older browser which is not supported by this website.

Please download one of these free browsers to enjoy all our website has to offer:
Firefox, Chrome or Internet Explorer.