Friday, April 14, 2017

Catching Christian Ian Salvador

A month ago news broke out of a hacker named Christian Ian Salvador a student of Isabela State University in Philippines. According to news sources he copied bank website’s web user interface and added extra details where users were prompted to submit their sensitive information. Users who are unaware and got tricked because of the legitimate look of the phishing website got their details stolen such as their credit card information. Christian on the other end have sold this information to third party users in exchange of cash.

Christian’s gig however ended soon and got caught. Although none of the news sources and investigation have revealed how law enforces caught Christian so we will have to brain storm all the possibilities how this happened.

Case 1

One of the possibility is that Christian would have probably used a stolen credit card for purchase. Whenever we purchase anything online that needs delivery, we have to provide a valid shipping address. It is possible that the credit card would have already marked as stolen and the law enforcers are just waiting for one more transaction that has to happen to capture the next delivery address they would visit.

This probability is high because news sources said that he was able to buy a Car, Motorbike, and high end gadgets.

Case 2

In order to run a phishing website, one of the requirement is a server, a domain name, and a static IP address. In order for phishing website to trick people, they will have to use domain names that are similar to real bank website domain names. Buying a domain name is easy, however buying a static IP address requires you to talk to ISP providers and register your information to them. Assuming that this is how Christian setup his website, he would have been caught by simply tracing the IP address. Whenever we trace IP address, it gives out the ISP provider. Law enforcers would have talked to the ISP provider to get the details of the person who is registered to that static IP address.

Case 3

It is possible that Christian used a web host provider. Registering for a web hosting provider requires you to verify yourself by submitting your information such as name, billing address, picture, and so on to the web hosting provider before you can avail their service. If this is how Christian did it, law enforcers can still trace through IP address which web host provider is running it and would be able to get Christian’s information from them.

The probability of this case however is low if Christian was able to find web host providers which law enforcers cannot cooperate with (e.g. China). Moreover, there are Virtual Private Network (VPN) services that can be used to hide server IP addresses.

Case 4

News sources stated that he admitted selling the information to third party people in exchange of cash. Even though Christian can hide his tracks well, those people who got the information and used it for illegal purposes were caught by the law enforcement and eventually gave up Christian’s identity. It would been that easy for law enforcement to get hold of Christian’s identity if he sold it face to face physically with people who knows a lot about him.

However, assuming that Christian only sold the information online then it would have been difficult for law enforcement to extract Christian’s information since his clients does not know anything about him (similar to Case 3). Law enforcement can use social engineering to act as a “potential buyer” by getting Christian’s contact from one of his clients whom they got identified using stolen credit card (of course the law enforcement would not reveal their identity to Christian’s client so they can get hold of Christian’s contact information). Once they got Christian’s contact information, they do a buy-bust operation.

Case 5

What about you? Do you have any ideas how he got caught? Share your thoughts on the comment below.