Full Report
Xiaofeng Wang, a longtime computer science professor at Indiana University, has disappeared along with his wife, and their profiles on the school's website were wiped ahead of recent FBI raids.
Analysis Summary
# Incident Report: Disappearance of Cybersecurity Professor Following FBI Raids
## Executive Summary
A prominent computer science professor, Xiaofeng Wang of Indiana University, has disappeared along with his wife following raids conducted by the FBI at their homes. Prior to the disappearance, all official university affiliations, including his profile and email, were purged by the institution. The current status, underlying cause, and scope of compromise remain unknown, as the case involves significant law enforcement activity targeting an individual specialized in cryptography, privacy, and cybersecurity research.
## Incident Details
- **Discovery Date:** Recent weeks leading up to reports concerning his disappearance and profile removal.
- **Incident Date:** Specific date of the FBI raids and disappearance is not explicitly stated, but noted as "recent weeks."
- **Affected Organization:** Indiana University (IU), specifically the Luddy School of Informatics, Computing and Engineering.
- **Sector:** Academia / Research (Computer Science, Cybersecurity).
- **Geography:** Bloomington, Indiana (based on IU affiliation).
## Timeline of Events
### Initial Access
- Date/Time: Undetermined when any potential malicious activities began.
- Vector: Unknown. The context focuses on the legal/investigative action (FBI raids) rather than a traditional cyber intrusion.
- Details: Multiple homes associated with the professor were raided by the FBI.
### Lateral Movement
- **Status:** Not applicable in the context of a traditional cyber incident or criminal network intrusion; the focus is on the disappearance and investigation.
### Data Exfiltration/Impact
- **Impact:** Professor Xiaofeng Wang and his wife are incommunicado. His professional identity (profile, email) has been scrubbed from IU's public records.
- **Scope of Compromise:** Unknown. The nature of the investigation is confidential.
### Detection & Response
- **Detection:** The disappearance and subsequent removal of his profile/email by IU seems to be the trigger for the news coverage.
- **Response actions taken:** FBI raids were conducted. Indiana University removed Wang’s profile, email account, and phone number from public listings.
## Attack Methodology
*Note: As the context describes a law enforcement investigation and disappearance rather than a standard cyber attack, the ATTC&CK mapping below is based on inferring potential information security aspects related to the subject's profile, which remains speculative.*
- **Initial Access:** Unknown (Law enforcement action suspected, not external threat actor access).
- **Persistence:** Unknown.
- **Privilege Escalation:** Unknown.
- **Defense Evasion:** Unknown.
- **Credential Access:** Unknown.
- **Discovery:** Wang's research includes cryptography, system security, and data privacy, suggesting potential knowledge relevant to highly sensitive systems.
- **Lateral Movement:** Unknown.
- **Collection:** Unknown, but his research portfolio included work on privacy protection, including genomic data.
- **Exfiltration:** Unknown.
- **Impact:** Loss of a key university research figure, potential legal implications.
## Impact Assessment
- **Financial:** Not disclosed. Wang was a PI on nearly \$23 million worth of research projects over 21 years.
- **Data Breach:** Unknown. His research specialization included sensitive areas like genomic data privacy.
- **Operational:** Moderate impact on the Luddy School due to the loss of a tenured professor and associate dean for research.
- **Reputational:** Significant, as the incident involves federal law enforcement action against a high-profile academic specializing in core security topics.
## Indicators of Compromise
*No network or file IOCs were provided in the summary context.*
- **Network indicators:** N/A
- **File indicators:** N/A
- **Behavioral indicators:** Sudden and coordinated removal of professional profile information concurrent with legal action.
## Response Actions
- **Containment measures:** Federal law enforcement (FBI) actions appear to be the primary containment mechanism.
- **Eradication steps:** Unknown.
- **Recovery actions:** Indiana University has purged the professor’s identifying contact information from its public-facing materials.
## Lessons Learned
- The investigation highlights the high-stakes nature of research conducted by academics in sensitive fields like cryptography and data privacy.
- The immediate scrubbing of a professor's digital profile by a university suggests rapid internal response to unfolding legal/security events.
## Recommendations
- Universities housing researchers with high-level security clearances or working on sensitive data (e.g., genomic data) should review internal protocols for handling personnel subject to federal investigations.
- Establish clearer communication protocols between university administration and affected departments when high-profile personnel become subject to law enforcement scrutiny.