Scribd
Upload
44 views

Assignment 1

The document discusses Mohammad Reza Espargham, an Iranian cybercriminal wanted by the FBI. Espargham committed various cybercrimes including computer intrusions, identity theft, and wire fraud targeting American aerospace and satellite companies at the direction of Iran's IRGC. He was indicted for offenses including computer hacking and fraud. The document also outlines security laws around cybercrime and how social engineering tactics like phishing emails were used in Espargham's attacks to steal credentials from victims. It recommends precautions like spam filtering, firewall updates, blocking known spammers, and employee training to help prevent similar incidents.

Uploaded by

daniel
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
44 views

Assignment 1

The document discusses Mohammad Reza Espargham, an Iranian cybercriminal wanted by the FBI. Espargham committed various cybercrimes including computer intrusions, identity theft, and wire fraud targeting American aerospace and satellite companies at the direction of Iran's IRGC. He was indicted for offenses including computer hacking and fraud. The document also outlines security laws around cybercrime and how social engineering tactics like phishing emails were used in Espargham's attacks to steal credentials from victims. It recommends precautions like spam filtering, firewall updates, blocking known spammers, and employee training to help prevent similar incidents.

Uploaded by

daniel
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

FBI's Most Wanted

Introduction

The introduction of information technology and internet technology has improved the way

humans communicate, how organizations conduct their business activities, social and almost all

aspect of human lives have been affected. In as much as internet comes with numerous benefits,

there are challenges and harms faced by users. Of these challenges is the issue of attacks on

internet users. Hacking, identity theft and other malicious acts has become recurring event on the

internet. Federal bureue of investigation has been active in apprehending some cyber criminals

while some are on the most wanted list. One of the cyber criminals on the FBI wanted list to be

discussed in this paper is Mohammad Reza Espargham. Mohammad Reza Espargham. Is an Iranian

cybercriminal wanted for Conspiracy to Commit Computer Intrusions; Obtaining Information by

Unauthorized Access to Protected Computers; Intentional Damage to Protected Computers; Conspiracy

to Commit Wire Fraud.

Security Laws

There are various laws that protect the use of computer and also govern the use of computer as

well as the misuse or abuse of computer to commit crime. These laws are generally known as

cyber crime laws of ACT. These laws differ per country, region or jurisdiction. However, they

serve similar purpose. In the case of Mohammad Reza Espargham, the security law applicable are

computer hacking which involves the unauthorized access into a computer. In the united states,

the Act of Mohammad Reza Espargham Violates the computer fraud and abuse Act (18 U.S.C.

§1030). Secondly, the security law applicable to the case of Mohammad Reza Espargham is the

identity theft and Assumption deterrence Act. Also, the identification fraud (18 U.S.C. §1028), wire

fraud (18 U.S.C. §1343). These security laws are applicable to prosecute suspects of cyber

criminals according to the US cybercrime law.


Crimes Committed

Mohammad Reza Espargham, Said Pourkarim Arabi, and Mohammad Bayati committed various crimes

including computer intrusions, identity theft, and wire fraud. The major targets of Mohammed and co

are American companies in the aerospace and satellite industries. The carry put identity theft of

sensitive commercial information using social engineering. The malicious acts were done at the

direction of Iran’s Islamic Revolutionary Guard Corps (IRGC). After which they were indicted for

Computer Intrusions, Obtaining Information by Unauthorized Access to Protected Computers,

Intentional Damage to Protected Computers, and Conspiracy to Commit Wire Fraud, and a federal arrest

warrant was issued.

Security Vulnerabilities

The social engineering tactic and SPAM were used that targeted the most victims.

Mirkarimi developed a campaign email that bypasses the SPAM filters and sends it to all staff.

The email ended in the inbox upon opening the link, asking to provide their credentials for

verifications. Once the employees provided their credentials, Mirkarimi profited from this

vulnerability.

Incident Precautions

There are multiple actions that we can take to deter this incident. First, it is essential that

institutions and companies must assess how SPAM mail is filtered. The IT team must update

firewall rules to ensure unauthorized information is stopped entering into the network. We can

protect the email with two different options. The first option is to deny the listed spammers and

prevent any mail from these senders. The second option is checking the IP addresses of incoming

mail against the existing list to ensure the incoming request is valet email. The SPAM email,
coupled with social engineering tricking the recipients into opening the provided link, once the

victims opened the link and provide the information, this information will pass straight to the

hacker. The best option to deter and stop these attacks from happening is to properly train

employees. The management must schedule mandatory training weekly and monthly and ensure

to covers all the new tricks of hackers in this training. Organizations can only prevent social

engineering attacks by educating and training employees.

You might also like