High-Tech Crimes Revealed

← Back to Stories (view on slashdot.org)

Posted by timothy on Monday November 1, 2004 @09:30AM from the alex-is-behind-all-of-them-at-once dept.

Alex Moskalyuk writes "When reading about the computer crimes, we are usually told the victim's point of view. We learn about the thieves stealing thousands of credit card numbers and identity theft victims, who lost their credit history with the wallet they lost at the mall. But how do criminals ever get caught? Who performs the forensic search and participates in sting operations?" Read on for Alex's review of High-Tech Crimes Revealed, which addresses these questions. High-Tech Crimes Revealed author Steven Branigan pages 448 publisher Addison-Wesley rating 9 reviewer Alex Moskalyuk ISBN 0321218736 summary Cyberwar Stories from the Digital Front Steven Branigan is a cop, a system administrator, an Internet security consultant and network security researcher. Ex-employee of Bell Labs now is a founder of a company that "specializes in solving leading edge computer and network security issues."

The book is a collection of high-tech investigations performed by Branigan in cooperation with the police force and sometimes the Feds. Generally Branigan would be involved in forensic research of the evidence and be on the scene as the "computer expert" that cops would refer to when dealing with cybercrime.

Twelve chapters take us through some of the high-tech crimes that the Western world faces today. An attack on the telephone network (unauthorized access to the switches), backdoors left at the former employer, hacking into university networks and the well-publicized identity theft are all covered in the book. Branigan brings up anecdotal evidence from his own career, describes some of his cases in great detail, and provides advice for practitioners in the forensics field.

The author is a Linux/Unix/BSD guru, and he shares his methods for retrieving telltale data from the equipment that the criminals leave behind. He also talks about the generic problems that law enforcement faces when investigating a high-tech crime - how do you obtain a warrant, what's a proper way to conduct searches, how do you work with the confiscated computer so that all the data is left intact?

However, don't expect some secrets to pop-up in regards to data collection - Branigan uses commonly available Linux tools like grep for searching the suspect's hard drive for needed data. More often that not, the investigator, it turns out, depends on his experience, not the book knowledge - one has to recognize the network sniffer log when they see it, and be capable of recognizing the tools freely downloadable from security sites.

Thus it's not surprising that there are some chapters in the book dedicated purely to the author's experience in the field. He describes working with the hackers who have been arrested, discusses how rootkits are spread around, discusses the motivation behind the network attacks (it's not always money, to say the least), describes the structure of a hacking ring and their potential revenues and also talks about ways to unravel the networks. His motto? No crime is too small, and sometimes things so little as missing the rent can lead to more discoveries and tie-ins into bigger crimes.

If you're thinking about becoming a security consultant, a law enforcement officer or just a sysadmin with better than average knowledge of security, this book is an interesting read. It's not a textbook, nor it is technical by nature. It reads more like a detective story, except the stories are real, the culprits are real and so are the victims. One can read the book on two levels - as a forensics tutorial (however, don't expect extended technical tutorials and tools overview) or as an autobiography of a cop, who had to deal with high-tech crimes all his life. If you liked Art of Deception or Hacking: The Art of Exploitation , this title would be a perfect complement.

Chapter 3, If Only He Had Paid the Rent, is available online from Addison-Wesley.

Alex enjoys reading programming, technology and business tech books in his spare time. He also keeps a list of free books available on the Internet for tech readers on a budget. You can purchase High-Tech Crimes Revealed from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, carefully read the book review guidelines, then visit the submission page.

114 comments

Min score:

Reason:

Sort:

Double-edged? by fembots · 2004-11-01 09:31 · Score: 5, Interesting

I wonder if the author left out some "secret methods" he used in the field, since his now owns a company that specializes in solving leading edge computer and network security issues, those methods can be valuable trade secrets.

And high-tech criminals can also learn from others' mistakes and be more careful next time if the author detailed enough of how he traced a criminal.

So do slashdotters have any of these "secrets" to share?

--
Rock that crushes, Paper & Scissors that don't matter.
1. Re:Double-edged? by lukewarmfusion · 2004-11-01 09:44 · Score: 4, Insightful
  
  I'm sure he doesn't give the farm away, but like most people he isn't averse to sharing something. People tend to enjoy talking about themselves. And when there are book royalties involved, the flood gates open.
  
  As for learning from your mistakes, sometimes it's a mistake - and sometimes it's simply impossible. You leave a trace behind you on the internet, on your network, and on your computer. It's hilarious to me how many low-tech criminals get caught for crimes they thought were untraceable. A deer in headlights (or whatever your favorite cliche is).
2. Re:Double-edged? by Frymaster · 2004-11-01 09:46 · Score: 4, Funny
  
  from the article:
  Branigan uses commonly available Linux tools like grep for searching the suspect's hard drive...
  by double-edged:
  I wonder if the author left out some "secret methods" he used in the field
  yes. fgrep
  
  --
  2 1337 4 u!
3. Re:Double-edged? by weinrich · 2004-11-01 09:47 · Score: 5, Funny
  
  "...criminals can also learn from other's mistakes and be more careful next time..."
  
  We should be advocating secrecy around how these crimes are solved because the next criminal might learn, and won't make the same mistake as the last one?
  
  Why?
  
  I don't know the exact statistics, but I am certain the clear majority of criminals are caught and convicted because they made the same mistake that millions of criminals before them made. Mistakes that have been publicized, written about, memorialized in songs, even had entire TV shows made out of them (think Law & Order, COPS, CSI, etc.).
  
  You can tell criminals over and over: "Don't leave behind finger prints when you break and enter." But do they listen? NoooOOOOoo!
  
  --
  Error: .sig not found, using /etc/passwd instead
  
  --
  Error: .sig not found, using /etc/passwd instead
4. Re:Double-edged? by RazzleFrog · 2004-11-01 09:50 · Score: 1
  
  I think he is pretty safe with telling in general how things are done but there are certain things that just can't be taught. A lot of what he does is "intuition" meaning that he recognizes things subconciously based on years of experience. You can't learn to drive or even program a computer by reading a book.
5. Re:Double-edged? by Eric+Giguere · 2004-11-01 09:54 · Score: 1
  
  There's little incentive to withhold information, really, because I doubt there are any real "trade secrets" to worry about. Many tech books are written more as a way of increasing the author's (or his company's) profile in the field. If you're a consultant, it's another way to get leads and to impress potential clients. You don't do it for the money, trust me...
  Eric
  Why I hate Bell Mobility
6. Re:Double-edged? by MoralHazard · 2004-11-01 10:00 · Score: 5, Insightful
  
  Investigative work has VERY little to do with proprietary methods, for a couple of reasons:
  
  1) Every investigation, especially when dealing with computer crime, is going to be different. There aren't really any super-secret methods that ANYone who does normal work in the field (networking, programming, sysadmining) wouldn't already know.
  
  2) Most investigative work has to hew to legal standards for evidence, even if the issue probably isn't going to court, because it MIGHT go to court. Meaning that all of your methods as an investigator have to meet standards for scientific evidence, which requires (among other things) that those methods be widely accepted in the field and peer reviewed. It's hard to keep things secret when they have to be peer reviewed to be useful at all.
  
  3) Good investigators get that way through experience, not training. I've met people with significantly less pure technical skill than I have who can make me look like a fool on the investigative front. The difference is that these kinds of people have years or decades of experiential learning, closed cases, and lessons learned behind them. Skill and method is important, but it's far from being the whole story. And besides, you can always learn new skills by picking up a book/taking a class and then applying them, but you can only get experience from time and getting your ass kicked repeatedly.
  
  (As I've noted elsewhere, I ought to disclose that I work for Steve, so take as you will.)
7. Re:Double-edged? by Anonymous Coward · 2004-11-01 10:18 · Score: 0
  
  The difference is that these kinds of people have years or decades of experiential learning, closed cases, and lessons learned behind them.
  
  How many cases have actually gone to a trial as opposed to people just copping a plea. The thing with compcrime issues is that the forensics takes so long, and aside from an independent investigator doing the research, it is almost always going to be done by the FBI via route of their staff. This becomes rather sloppy since they don't have a grap of it all (techwise), so they're likely to make cheap threats of "30 years if you're convicted fella" forcing the perp to call it quits thereby avoiding a trial.
  
  sil @ politrix dot org
8. Re:Double-edged? by Anonymous Coward · 2004-11-01 10:30 · Score: 0
  
  Actually... I should have posted the following as well. An independent investigator outside of the federal government can actually taint a case given the fact that he/she is not an agent of the law in any capacity. It's the same when on trial and someone has an expert witness. Most of these witnesses tend to be compensated hence the term "hired guns". Logically you would want them to be truthful, but in a situation where you are paying someone, it is not in their interest to make the client look like a fool. Thus, the need for government to pretty much waltz in, snag up every piece of equipment, pretend they will do some forensics, and get back to cheap threats.
  
  sil @ politrix dot org
9. Re:Double-edged? by MoralHazard · 2004-11-01 11:19 · Score: 3, Interesting
  
  Wait a minute, though... Of ALL the criminal cases in this country that end in conviction, upwards of 90% never go to trial, period. So I don't think you can start a specific argument about computer crime based on this.
  
  And yes, I will admit, I have seen many MANY instances of Federal or local law-enforcement agencies (don't want to name names) that did absolutely stupid things in computer crime investigations--truly amatuerish, moronic, bumbling clod-like behavior. But I have also seen very good work, top-notch hero shit, from those same outfits. So I don't think you can premise an argument on failues of sophisitication in law-enforcement agencies, because you're dealing with a very diverse and mixed bag, even just within a given agency.
  
  But the REAL point is that you don't need to actually go on the stand to get investigative experience. That's trial experience, and it speaks to a different set of skills. You'd be surprised at how few cases some of the top people in the forensics field have ever actually testified in. But they still have experience, because they still performed investigations: collecting and analyzing data, preparing hypotheses and testing them until they have a provable, probable theory, and presenting those findings in a useful way.
  
  Like I said, this isn't true of every agent or officer that ever worked as an investigator, but my original point is that you can't get this experience outside of actually doing it. The fact that some of the people working in this field haven't learned very much just says that those people are idiots. And yes, there are some idiots in LE agencies, the same as every organization.
  
  And BTW, computer forensics don't take that long at all, in most cases. If you're talking about having to run keyword searches against the hard drives, network shares, and email archives (including backup tapes) for 200+ users, that will surely take a while, but it's only because of the volume of data involved. Criminal cases involving computer forensics rarely, in my experience, involve more than a handful of data sources, of which hard drives are probably the largest type. And at 25-40 MB/sec, you can search a lot of data in a day.
10. Re:Double-edged? by bloo9298 · 2004-11-01 11:33 · Score: 1
  
  Well it could be that you are ignoring the criminals that don't get caught because they have watched the TV shows... :-)
11. Re:Double-edged? by sjames · 2004-11-01 14:51 · Score: 2, Interesting
  
  We should be advocating secrecy around how these crimes are solved because the next criminal might learn, and won't make the same mistake as the last one?
  
  One might think that, but apparently most criminals just aren't all that bright. I suppose most people bright enough to stand a decent chance of getting away with it are bright enough to get a real job that will have better hours, less risk, and better pay on average than crime.
12. Re:Double-edged? by ThJ · 2004-11-01 14:51 · Score: 1
  
  The criminals you see in crime shows on TV are the sucky ones. The smart criminals don't get caught, or illude the authorities for 20-30 years.
13. Re:Double-edged? by Anonymous Coward · 2004-11-02 02:56 · Score: 0
  
  written about, memorialized in songs
  
  I know what you mean. On more than one occasion, the criminal failed to shoot the deputy, and look where it got them.
Find the expert by BWJones · 2004-11-01 09:32 · Score: 5, Interesting

So, one of the important things I hope this book demonstrates (not read the book, yet) is that for proper scientific or forensic analysis, you find the right/relevant talent or subject matter expert to examine your data. For instance, some years ago I was stunned to find out that the FBI had been shipping hard drives from Apple Macintosh systems to the Royal Canadian Mounted Police for investigation. Apparently, the RCMP had established themselves as the subject matter experts and were the right folks to send data to from Apple systems. Of course this brings up all sorts of International issues, but that is only one example.

My point is simply that forensic agencies should not always attempt to do it all themselves. Rather it would be appropriate to build a network of subject matter experts and then approach the problem by having the best "eyes" examine the problem rather than always presuming your local agency/facility has all of the tools.

--
Visit Jonesblog and say hello.
1. Re:Find the expert by Apreche · 2004-11-01 09:44 · Score: 5, Interesting
  
  A computer forensics guy came to talk to my computer crime class last year. He showed us this windows tool they use to look at confiscated drives. Pretty much first they make a bit for bit copy of a drive onto a drive of equal or greater size using a hardware device. Then they put the original drive away in the evidence box without touching it again.
  
  Then they use this software tool, which I forget the name of, which is the only tool that holds water in a court of law. It examines the whole drive one piece at a time to recreate every file on all partitions and filesystems even if the files are "deleted". His example was how he caught a bunch of kiddy porn perverts.
  
  Well that's great for catching those guys, but against someone using out of the ordinary stuff this guy is screwed. I've got serial ATA drives and reiser4 and xfs file systems. I'm willing to bet that he doesn't have a hardware drive copier that supports SATA. And his software doesn't recognize reiser4 or xfs. He would either need a different tool or he would have to send the drive someone higher up to be examined. And if the case is too small they wont bother. The real problem is that the average nerds and the hackers are so far ahead of the forensics guys in terms of knowledge about modern technology and software that they can't keep up. Hackers will always have bleeding edge tools, and police budgets can't
  
  --
  The GeekNights podcast is going strong. Listen!
2. Re:Find the expert by BWJones · 2004-11-01 09:51 · Score: 1
  
  Microscopy and electron microscopy are also used to image the surface of the hard drive platters. Patterns of data can be reconstructed this way to determine the nature of deleted data believe it or not.
  
  --
  Visit Jonesblog and say hello.
3. Re:Find the expert by Anonymous Coward · 2004-11-01 09:53 · Score: 0
  
  Well that's great for catching those guys
  
  These tools are not for cathing people but for convicting them once they are caught.
4. Re:Find the expert by Anonymous Coward · 2004-11-01 10:06 · Score: 0
  
  I believe it's called Encase; I just took a computer forensics class, and this is the software that we used. It's pretty nifty, but it does have its limitations, too.
5. Re:Find the expert by tomhudson · 2004-11-01 10:22 · Score: 2, Interesting
  It examines the whole drive one piece at a time to recreate every file on all partitions and filesystems even if the files are "deleted".
  ... which is SO lame - all it does is
  
  replace every deleted filename that begins with an "*" with a letter (file now shows up) - whoop-de-doo
  
  for unallocated or de-allocated fragments, add an entry into the table with a random string, and pointing to the first sector - voila - a new file
  
  Their "toolkit" is just a bunch of perl scripts and
  dd if=/dev/hdc1 of=hdd1
  ... and variants of the same (but we'v known that for, what, 3-4 years?)
6. Re:Find the expert by BWJones · 2004-11-01 11:22 · Score: 1
  
  These tools are not for cathing people but for convicting them once they are caught.
  
  I do not think you mean what you say........ :-)
  
  --
  Visit Jonesblog and say hello.
7. Re:Find the expert by Anonymous Coward · 2004-11-01 11:47 · Score: 0
  
  File Systems Interpreted by EnCase:
  Forensic Edition Version 4: FAT12 (Floppy), FAT16, FAT32,
  NTFS, HFS, HFS+, Sun Solaris UFS, EXT2/3, Reiser, BSD FFS, Palm, CDFS, Joliet, UDF and ISO 9660.
  
  Taken from http://www.guidancesoftware.com/products/EnCaseFor ensic/index.shtm
  
  Just use xfs for all your warez then :(
8. Re:Find the expert by TheRealMindChild · 2004-11-01 11:55 · Score: 1
  
  Not that easy. It seems you are more gearing your arguement toward FAT or some similar filesystem, Ill gear my retort torwards it. The file name is in fact marked that it is deleted, but the chain in the file system is broke. It all has to be removed from the table so the driver knows that those sectors can be used. In the case of FAT, the best you have from the filesystem entry is the first cluster.
  
  --
  
  "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
9. Re:Find the expert by Anonymous Coward · 2004-11-01 12:50 · Score: 0
  
  That tool is called Encase but you're wrong that it's the only thing that holds up in court. The reason encase is so often used is that when copying a drive, the hardware is read-only. There's absolutely no way for the hardware used by Encase to write data to the drive being copied from.
  
  It's a neat tool and for the most part anyone with some technical competency could use it.
  
  WH -- too lazy to sign on
10. Re:Find the expert by TheCabal · 2004-11-01 12:52 · Score: 1
  
  That would be EnCase from Guidance Software, and yes it does support Reiser. Even if it didn't, it can still make a bit-for-bit image copy, then its a simple matter of mounting it in Linux via loopback.
11. Re:Find the expert by TheCabal · 2004-11-01 12:59 · Score: 1
  
  Oh, and EnCase isn't the only product that "holds water in court". It's one of the only commercial products that have been tested over and over that produce secure, reliable results. You *could* do the same with TCT or TASK provided that you follow the rules of evidence, the chain of custory, and document everything you do.
12. Re:Find the expert by Anonymous Coward · 2004-11-01 13:09 · Score: 0
  
  The tool you are probably talking about is EnCase. It is probably the most common forensics tool out there today. It works really well for Windows PCs but loses effectivness the further away you get OS wise from there. It will barf with anythung not FAT/NTFS/EXT3 maybe UFS I don't recall. Fire http://fire.dmzs.com/ will cover a lot of unix filesystems. Almost all these tools where written to perform forensics on hard drives, Encase in particular is really useful for tracking down porn. I used to do this type of work for a national security co. and I was amazed that EVERYONE had porn on there drive. Encase makes it a piece of cake to find because they sell a lot to LEAs whose primary forensics work is tracking down kiddy porn. Tracking down more complex attacks requires expertise not currently available at most, if not all, Local LEAs. A good collection of stories about these more complex attacks are the "Hacker's Challenge" books. Full disclosure: I am one of the authors of both those books.
13. Re:Find the expert by Dogtanian · 2004-11-01 13:17 · Score: 1
  
  Microscopy and electron microscopy are also used to image the surface of the hard drive platters.
  
  This is, of course, true. My guess is that these techniques would be too time consuming and/or expensive to justify their use in 'everyday' cases.
  
  --
  "Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
14. Re:Find the expert by emidln · 2004-11-01 13:20 · Score: 0
  
  A couple things to add to this:
  
  1) These tools suck against encryption. loopback twofish and/or loopback aes. This alone would be enough to halt most investigations.
  
  2) Proper disposal of the filesystems. I'm not talking reformatting (that's where they get you, the reformat only erases the book keeping information and not the actual data), I'm talking about "dd dev=/dev/zero of=/dev/hda" around 10 times for good measure and using a decent filesystem to begin with (Ever tried reconstructing a reiserfs partition? You don't want to, especially one that has a fraction of its original data unchanged.)
  
  3) Well-configured security settings of the base OS to prevent attacking and breaking the running system.
15. Re:Find the expert by tomhudson · 2004-11-02 05:08 · Score: 1
  
  but the chain in the file system is broke.
  Most modern file systems don't work that way - clusters are put in a pool for re-use, but the elevator algorythms for most *modern* file systems don't use the first one available - that's why, for example, you don't have to defrag an ext2 file system, and why it's possible to recover a LOT more than you'd think, even on a drive that's got a lot of data re-written.
  ... and, of course, you can re-create the file chain based on the contents (a bit of manual work, but that's what they're getting paid for, right?
CSI:Geek by Underholdning · 2004-11-01 09:33 · Score: 5, Funny

In a related story, a new spin-off of a popular series has just been announced. We're pleased to give you CSI:Geek starring Rick Moranis as Gil "Open Source" Grissom.

--
Underholdning.info
1. Re:CSI:Geek by Anonymous Coward · 2004-11-01 09:37 · Score: 0
  
  And right after that, CSI:CSI, investigating crimes on the set of popular series CSI.
2. Re:CSI:Geek by Leroy_Brown242 · 2004-11-01 09:40 · Score: 0, Offtopic
  
  That show would be so boring, even the actors would fall asleep on the set!
  
  --
  Pretty Pictures!
3. Re:CSI:Geek by gl4ss · 2004-11-01 10:56 · Score: 1
  
  but he loves bugs!
  
  --
  world was created 5 seconds before this post as it is.
4. Re:CSI:Geek by mordors9 · 2004-11-01 10:59 · Score: 1
  
  If not CSI we could go Law and Order: cyber crimes unit. They put a former rapper that promoted cop killing as a regular in one version (ice T). Perhaps they could put known hackers on the squad. That would really draw the crowd, well at least a percentage of /.ers.
Finally, someone who has some truth to them by AcidFnTonic · 2004-11-01 09:34 · Score: 3, Interesting

I think its great to finally strip away the bull and finally get a true report of whats happened. We dont need words like malicious, evil or anything else like that in a news story. That show bias and is an obvious suggestion of whos in the right. Im not all saying hackers are good, but at least point out the other group who actually go out to bring in the bad guys.... or what about the "hackers" back from the homebrew computer club days... we owe alot to hackers and its great that finally we get an unbiased source from the neutral perspective

--
Sometimes the majority just means all the morons are on the same side.
1. Re:Finally, someone who has some truth to them by Saeed+al-Sahaf · 2004-11-01 09:50 · Score: 4, Insightful
  
  Generally speaking, when someone cracks your system and steals data or fucks things up, it tends to be for "malicious" reasons, this is how it works. And, as to this business of "white hats" breaking into my system to "teach" me something, really, I think I'll pass, unless I've hired them to do so.
  
  --
  "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
2. Re:Finally, someone who has some truth to them by tsm_sf · 2004-11-01 10:23 · Score: 1
  
  I always "saw" the "white hat" ethos as an attempt to "learn" rather than "teach". The whole "helping to improve your security" thing seems like kind of a "dodge". If you will.
  
  --
  Literalism isn't a form of humor, it's you being irritating.
3. Re:Finally, someone who has some truth to them by Saeed+al-Sahaf · 2004-11-01 10:25 · Score: 1
  
  Love those quotes! I was tempted to use bold and italic, but restrained myself.
  
  --
  "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
4. Re:Finally, someone who has some truth to them by Anonymous Coward · 2004-11-01 13:28 · Score: 0
  
  : " Love those quotes! I was tempted to use
  : bold and italic, but restrained myself."
  
  On the other hand, some people would use the 'blink' tag like it was going out of fashion if Slashdot supported it....
  
  Not to mention using it to create animated troll-art (I don't know what they'd do with goatse man, but I imagine it'd be pretty horrific, even in ASCII form).
5. Re:Finally, someone who has some truth to them by Anonymous Coward · 2004-11-01 17:04 · Score: 0
  
  Hey, I hate to be the one to tell you (ok, I lie, I relish being the one to tell you): your sig is incorrect. "Quoth" is most certainly a word, and "boxen" properly refers to something made out of boxwood. An arguement could be made for "umm", since it's about as valid as most other interjections, but I'll settle for dinging two out of three.
False positives? by Anonymous Coward · 2004-11-01 09:37 · Score: 4, Interesting

If someone being suspected of a software security crime, can the defendent ever be convicted? After all, there were a couple of cases in UK that child porn possessors become free because they claimed the offending files come from 'self-destruct trojans'. Wouldn't criminals get away with that as well?
While we're on the subject... by Andr0s · 2004-11-01 09:38 · Score: 4, Interesting

Seems like a rather interesting subject - sure to give it a shot. Though it does make me wonder a certain something: Considering the rate of cybercrime is growing at astronomical rate, and causing stellar amounts of damage on a daily basis, how come there are no private cybercop agencies?

You know, companies you could hire to protect your bank clients from fraud or track already committed frauds, with proverbial cyberspace license to kill? After all, as so many net-renegades and rebels love to point out, cyberspace is free, and refuses to conform to laws of individual countries. That means a cyber-protection company stationed in some of more lawless countries, such as parts of Asia or former USSR could 'execute' ISPs who tollerate fraud originating from their servers or users or companies who actively engage in fraud and spam through well tested methods of DDoSing, server hacking etc?

I know, not completely on-topic... that's why I waited for someone else's first post :)

--
'...computers in the future may have only 1000 vacuum tubes and perhaps weigh 1.5 tons...' Popular Mechanics, 03/49'
1. Re:While we're on the subject... by gcaseye6677 · 2004-11-01 10:49 · Score: 1
  
  Not only is this a good idea, but I don't think the threat of hackers suing the attack company is a big one. The hacker would have to make their identity known in order to file suit, therefore admitting responsibility for dozens of felonies. As for an ISP that gets attacked for permitting fraud or spam, they could face a countersuit if they tried to sue. They could be sued for facilitating fraud and theft of bandwidth. At the very least, they wouldn't have the resources to fight in court, given what these types of suits cost to litigate and the profit margins of the ISP industry. It will no doubt be controversial, but overall a good idea.
2. Re:While we're on the subject... by blether · 2004-11-01 11:00 · Score: 0
  
  In the UK any reverse hacking attempt would be a criminal offense under the 1990 Computer Misuse Act.
3. Re:While we're on the subject... by Anonymous Coward · 2004-11-01 11:05 · Score: 0
  
  That would be quite appropriate, considering the UK has outlawed any type of physical self defense. Why stop there? Why not take the next logical step and outlaw any type of cyber defense as well. Before you know it, they'll outlaw doorlocks.
4. Re:While we're on the subject... by Dogers · 2004-11-01 11:10 · Score: 1
  
  Very interesting, but probably not entirely passable in a court..
  
  Who knows! Could well be a cool career to get into :)
  
  --
  I am a viral sig. Please copy me and help me spread. Thank you.
5. Re:While we're on the subject... by Anonymous Coward · 2004-11-01 12:37 · Score: 0
  
  In my country, Price Waterhouse run private IT investigations. Their clients are major financial and insurance firms, and the cases rarely see the light of day - certainly not in a criminal court. PW's employees for this work are mostly ex-cops. It's a problem - almost every cop who gains the experience necessary to do criminal case work gets head hunted by Price Waterhouse on ten times the salary. The cops really don't have enough people to do the case work that's stacking up daily.
Missing rent? try 75 cents! by kc8jhs · 2004-11-01 09:42 · Score: 4, Interesting

That's not that big of a deal, we all know that Clifford Stoll started his famous chase after a mere 75 cent discrepency in the accounting system of Lawrence Berkley Laboratories.

-Mikey P
Going Phishing... by gandell · 2004-11-01 09:43 · Score: 2, Interesting

I can't say what the answer is in all cases, but in some security violations such as phishing, there's an easy to follow audit trail. Setup of servers, tracable IP addresses, etc. Yes, most hackers worth their salt spoof their IP, but that doesn't mean that they don't make mistakes. The ones who get caught and pay a stiff penalty usually have larger targets (as in NYtimes.com). And when they do get caught, sometimes the book is thrown to make an example (Mitnick). Claiming self-destructing trojans is a hard case to make if your case gets the attention of the government.

--
Mercy was given to me by Christ...I must give the same to others.
Read the Sample Chapter by Marxist+Hacker+42 · 2004-11-01 09:43 · Score: 5, Interesting

At the end- this guy pled guilty just two months before all the evidence was destroyed in the 9-11 attacks....what a trippy ending!

--
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
1. Re:Read the Sample Chapter by allism · 2004-11-01 11:43 · Score: 2, Funny
  
  I especially liked the part in the sample chapter where he says "after all, why would the police ever arrest an innocent person?" What a great attitude!
  
  --
  Denver Isuzu Suzuki
2. Re:Read the Sample Chapter by Marxist+Hacker+42 · 2004-11-01 12:50 · Score: 1
  
  What I learned most from that chapter- ALWAYS encrypt your hard drives. Of course- I learned this way back in the Hacker Crackdown of '92- even had a friend who wrote me a great virus for this (one of these days, if I ever need it again, I'll pull out that boot sector virus and recode it for XP- but I haven't needed it since DOS days).
  
  --
  SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
What is the best way to increase security? by Anonymous Coward · 2004-11-01 09:46 · Score: 0

I had a friend I used to take the train with each day a number of years ago who was working on a PHD related to Computer Security. He used to work for the local stock exchange and basically told me that he felt the best way to beat hackers was to get the latest hacking tools and do runs against the security of his networks. He apparently did this once a week and if anything came up he'd then work on fixing the problem. Is this realistic? Won't the true hackers be using their own special tools or modifications of open source hacking tools to get into systems? Does this book cover this kind of topic?
1. Re:What is the best way to increase security? by AndroidCat · 2004-11-01 10:08 · Score: 2, Informative
  
  Make damned sure you have permission, in writing, for all the computers and networks that you run these tools against. (And make sure the tools aren't trojans themselves.)
  
  --
  One line blog. I hear that they're called Twitters now.
2. Re:What is the best way to increase security? by Spellunk · 2004-11-01 10:19 · Score: 2, Informative
  
  Absolutely not. Every single "hacker" I have seen is pretty much just running scripts they found elsewhere.
  I was in an IRC channel one night, and some of the kids couldn't even figure out how to compile the code they had using Visual Studio.
  The only problem is that most of these kids had no fear in commiting any crime, and it appears to me that they make up the majority of computer criminals.
  So, preparing to be attacked by common methods is probably the best defense.
  
  --
  Quidquid latine dictum sit, altum viditur.
3. Re:What is the best way to increase security? by zaffir · 2004-11-01 10:35 · Score: 4, Informative
  
  I started typing out a 100% complete answer to this, and it's way too big. Or at least i can't think of a simple way of getting all of my points across. So i hope this will suffice:
  
  The point of using the open source tools is to probe the network for possible vulnerabilities. Look at nmap for example. It's a port scanner, and a damn good one. Unless some cracker is really, REALLY good he won't be able to improve on it. It'll be what he's using. Not to mention it's the best that your friend has available - he can't get ahold of those custom-made tools if they're any better.
  
  As far as finding non-published vulerabilities in the applications you use, the biggest factor is your brain.
  
  --
  "Upon attaching the waterblock to my penis, I began to notice that I know nothing about computers." -- JRockway
4. Re:What is the best way to increase security? by Anonymous Coward · 2004-11-01 10:55 · Score: 0
  
  Actually, there are open sourced, network scanning tools that are MUCH better than nmap. Check out unicornscan for example here
5. Re:What is the best way to increase security? by Anonymous Coward · 2004-11-01 11:06 · Score: 0
  
  unplug from network, turn off, insert computer into led lined box, insert this box into several other gradualy increasing boxes making sure to lock the key inside previous boxes. but really common sense keeps most things from hapening. encrypt data, double check identity, so on and so forth. I am interested in how these guys launder their money. From the sample chapter the guy gets 6 months back rent (at $2000 a month) from where? Now in some crypto anarchy circle you might be able to bouce software dls through a few free or cheap servers proxies in data havens, but how can you legitimatly get that money so you can spend it in cash? Also why was the data not copied earlier?
6. Re:What is the best way to increase security? by smharr4 · 2004-11-01 12:03 · Score: 1
  
  In my experience, if there's one thing you can do, then do this:
  
  Educate.
  
  Educating users is the best and (probably?) cheapest thing you can do to improve the security of any enterprise.
7. Re:What is the best way to increase security? by Wanker · 2004-11-01 13:03 · Score: 1
  
  A good format for the permission in writing you need is here:
  
  http://www.counterhack.net/permission_memo.html
  
  Don't end up with a massive legal bill, and multiple felonies on your record like noted Perl author Randal Schwartz did:
  
  http://www.lightlink.com/spacenka/fors/ (Cache: http://www.lightlink.com.nyud.net:8090/spacenka/fo rs/)
8. Re:What is the best way to increase security? by rahard · 2004-11-01 22:45 · Score: 1
  
  ... was to get the latest hacking tools and do runs against the security of his networks. He apparently did this once a week and if anything came up he'd then work on fixing the problem. Is this realistic? Won't the true hackers be using their own special tools or modifications of open source hacking tools to get into systems?
  
  yes, it is common to test the latest hacking tools and run it against own network. there is not that many new ground-breaking tools. nmap, nessus, dsniff, hping, ... what else? (the rest are usually assorted tools or [perl] scripts for specific situation.) newer programs we tested tend to be exploits, specific for certain devices / systems.
  is it realistic? yes/no. we have limitted hardware and software (os, the exact version, config) to test the tools / exploits on. we tend to test with environment we are dealing with (what we have). in this limited environment, yes, perhaps it is realistic. but, in the broader sense, i'd say: no.
  do crackers use his own crafted tools? mostly, no! usually, they use canned-rootkit, or ready to use scripts. from the log / trail, you can see that they are usually couldnot even fix a simple mistake in the script. gave up, downloaded another script, ran it.
  true hackers? well, you can't catch 'em anyway! :) so leave 'em alone ...
I'll sum up his methods in one line... by Phixxr · 2004-11-01 09:48 · Score: 1

cat * | grep 'hack'

:) - Phixxr

--
ungggghhhh
1. Re:I'll sum up his methods in one line... by Elgon · 2004-11-01 10:50 · Score: 1
  
  Ummmm...
  
  How about plain old...
  
  grep hack * ...???
  
  Elgon
NYLUG meeting by MoralHazard · 2004-11-01 09:50 · Score: 4, Informative

Steve also gave a presentation a couple of weeks ago to the NYLUG, which any of you New Yorkers might have caught. I think they have video footage of the talk on the website, www.nylug.org. The talk was better-than-average for this kind of thing.

The book has some great war stories, too. The entertainment value is worth something. ...Although I should disclose that I work with him, so you'll probably want to judge for yourself.
1. Re:NYLUG meeting by Kyrka · 2004-11-01 11:03 · Score: 1
  
  The parent story says, "The author is a Linux/Unix/BSD guru...", which makes one wonder why the website for his company is written with Microsoft Front Page.
  meta name="GENERATOR" content="Microsoft FrontPage 6.0"
  meta name="ProgId" content="FrontPage.Editor.Document"
  /me shrugs... Guess I should write a book too, since I've been doing this for a while.
2. Re:NYLUG meeting by MoralHazard · 2004-11-01 11:29 · Score: 1
  
  Somebody else put the website together. Yes, we know it needs work. There is a "feedback" link, if you're interested.
This is nothing more than a promo by revery · 2004-11-01 10:03 · Score: 4, Funny

This is nothing more than a promo for CBS's new CSI spinoff: CSI: Silicon Valley

From the make-believe press release:
Almost all of the shows will take place in chat rooms and virtual reality environments. There, the cast will be represented by their chosen avatars, ranging from a hulking Atlas mech to Yuna from FFX to a beatifully rendered Ulala look-alike avatar. "It's not just about the crimes either" says Berny Phillips, one of the lead produces, "there's a lot of character development, too. There is one particular espisode where a characters avatar is threatened and the Atlas mech nearly sacrifices himself to save her. It's very sweet."

Of course, in real-life, all of the cast members are males.

--
I am joking. This is a joke. You have been joked with.
Few cybercriminals get caught by serutan · 2004-11-01 10:18 · Score: 5, Insightful

The computer crimes this guy talks about seem to be mainly the identity theft type. But when people inside companies skim off rounding errors, create phony accounts, that type of thing (e.g. Office Space), I have read that the crime itself usually goes undetected. They get caught when they do stupid things like associating with bookies and drug dealers, getting involved in some unrelated investigation where their mysterious wealth gets noticed.

There was one guy at Microsoft who made a couple $million selling software that he ordered internally for his department. His mistake was that he put up a website full of photos showing off his lavish house and collection of cars and expensive motorcycles. If the idiot had just kept his big mouth shut and retired he probably would have gotten away with it.
1. Re:Few cybercriminals get caught by serutan · 2004-11-01 15:56 · Score: 1
  
  Right, what I should have said was crimes of the hacking-other-people's-computers type, which seem to be law enforcement's main focus nowadays. The "original" computer crimes, the inside jobs, seem to be at the same time the most profitable and the ones with the greatest chance of success.
This just in ... by quarkscat · 2004-11-01 10:27 · Score: 1

another newer tool that didn't make it
into the 1st edition of the book is:
"Google Desktop Search". Doh!
The problem is isn't the hackers. by John+Sokol · 2004-11-01 10:29 · Score: 4, Interesting

The problem is isn't the hackers stealing people identity. There have always been unscrupulous people and there aways will be.

Most peopel that do ID theft I'd hardly qualify as a hacker. There is nothing high tech required, none ever need a computer to do it. A computer can't even really help to commit these illegal acts.

What the problem is, is that a simple 16 digit Credit Card number can be used as cash by anyone who knows those numbers. There is no protection what so ever! None, nada, nill, nothing what so ever! I it's almost like leaving a wallet full of cash on the sidewalk. Can you blame the person who finds it and doesn't turn it in?

Same thing for Identity theft anyone who knows your address, birthdate and SSN# , Mother maden name, birth place can be you! They can empty your checking account, buy a house, or a car and you have to pay the price. These several facts are totaly unacceptable on the part of those who accept this totaly unprotectable data as proof positive evidence of your ID.

Currently you can get a credit card is some one else's name easier then you can get a job in there name. When getting a job they require at least 2 to 3 forms of ID and make copys of it for verification of work elegablity and Fine a company heavily for failing to do so.

The Credit origanization are happy to give you credit without checking it's really you. Then can take a Guilty until proven innocent stance with almost no recourse what so ever! Any you stay punished until proven otherwise. Meaning your cash is seized, credit runied, house lost etc...

As a matter of fact it so easy for them to go after you, even when it wasn't you who they made the loan with, that they have little incentive to fix the problem! Why should they?

The burden should be put on those who are lending or providing money. If they said they had loaned me money, the burden to prove that they gave it to me should be them. If they couldn't produce adaquate proof and whould have to eat that lost money, I'm sure they would fix the ID theft problem overnight.

There is a real need to come up with more secure form of identification. Something that requires more then a 3rd Grade Education to crack.

The reason that I don't point at the goverment is that it against the LAW to use a SSN as a form of ID, although almost all Credit/Banks do use it as such. This needs to be enforced! Maybe if you want a Credit card or a Bank loan, you need to get a specialy issued ID card from some consortium of banks, where they finger print of you, take a photo and meet you in person, it's harder lie to someones face! This ID Card could use a DES/AES or some other harder to break system that required more then a pen and paper of photo copy machine to break.

At least that's my humble opinion.

--
I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
1. Re:The problem is isn't the hackers. by gcaseye6677 · 2004-11-01 10:54 · Score: 1
  
  One solution that would greatly reduce the amount of fraudulent credit card use, and this may be in the works at the moment, is to assign a PIN to each credit card, just like ATM cards. When you pay by card in the store, you enter your PIN into a keypad, like you currently do to pay with a debit card. Assuming you don't do something stupid like write it down on the back of your card, someone who steals your wallet can't use the card. This is much better protection than the non-protection you get with a signature. Even if the minimum wage register grunt bothers to look at a signature, it's not too hard to forge someone else's signature, especially when you have the copy on the back of the card to practice with. Store employees are never trained in handwriting recognition, so they could not possibly be expected to catch this.
2. Re:The problem is isn't the hackers. by John+Sokol · 2004-11-01 12:27 · Score: 1
  
  A pin still isn't good enough.
  
  I have DeCash a scheme where I don't use encryption but unguessable one time pads of sorts to secure cash.
  
  I think of it as limited exposure. Right now I get your card and I have you for $5K or what ever your limit is.
  
  Same thing if I get your ATM and Pin I can get you for $20,000 or more at $450 per day or what ever the daily limit is.
  
  I had a taxi take me to an ATM in Tijuana Mexico once. Well the ATM looked real but wasn't. I must have been a phony machine with a person on the other side! It returned some one elses Well Fargo ATM Card that had been stolen a months before. I whould have thought to check the name on the card after the machine returned it to me. I just couldn't get money out put the card back in my wallet and went somewhere else and used a different card at a different bank.
  
  So I went home with this ATM card in my pocket that looked just like mine and for almost a month never used it or gave it a second thought.
  Mean while I was loosing $300 Per day, they had the PIN from my typing it in at the bogus machine.
  No one was near me while I was at the ATM so no one could have seen me type it in.
  
  A month went to use the card and it still didn't work and the ATM ate it.
  I ran inside and complained to the manager who retrieved the card from the ATM only so see it was someone elses card that I had and would do nothing more! I couldn't even stop them for another day from continuing to widthdraw money!
  
  I lost over $9000 and Wells Fargo refused to refund the money.
  
  I ate it. It hurt! And I will never bank at WF again even though I had worked there in the past.
  
  Anyhow,
  At least if I use cash and loose my wallet I lose what ever was in there, but nothing more. DeCash would provide the same limited exposure.
  
  --
  I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
3. Re:The problem is isn't the hackers. by RadagastTheMagician · 2004-11-01 12:38 · Score: 1
  
  is this a scam? the website you linked has only a mailto link to your email address. there's no description of the business, location of business, or anything that might make me think it was a legitimate business. I call scam.
4. Re:The problem is isn't the hackers. by RadagastTheMagician · 2004-11-01 12:41 · Score: 1
  
  Yep, it's a scam. If you click through enough of the sites you can see that "John Sokol" also takes credit for some of the amazing video compression scams and somehow creating a CPU with 1/1000th the transistors of an Intel CPU but twice the computing power.
  
  In fact I doubt your Mexican story altogether.
5. Re:The problem is isn't the hackers. by John+Sokol · 2004-11-01 13:22 · Score: 1
  
  Wouldn't I need to make some kind of profit or be asking for or tryin to get something for this to be a scam!
  
  I have a patent in the filling process on DeCash, not that it's all that complicated.
  
  It's not a bussiness yet never said it was, I call it a project. I need to get some bussiness people for that project to become a bussiness. Hell maybe I'll try to opensource that too. Since it was really about doing cash on Cell Phones with Harex/Zoop.
  
  Since I already have several startups in the pipe I can't afford to start this one up yet.
  
  www.nisvara.com 2 Year - Partners with Nasa Ames
  www.zboxdvd.com
  www.overcell.com
  www.video technology.com - more like a blog or sorts.
  www.orovalle.com - self explanatory.
  www.exsentrikenterprizes.com
  
  As for the CPU that was with Chuck Moore the Author of FORTH.
  www.enumera.com & www.colorforth.com And I can assure you he and the claims extrapolated from working silicon are quite legitamate.
  
  Someone please moderate these guys for the trolls they are. It's crap like this that got me to walk away from my public involvment in BSD Unix.
  
  John L. Sokol
  
  --
  I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
6. Re:The problem is isn't the hackers. by mollymoo · 2004-11-01 17:22 · Score: 1
  
  One solution that would greatly reduce the amount of fraudulent credit card use, and this may be in the works at the moment, is to assign a PIN to each credit card, just like ATM cards.
  
  This is currently being rolled-out across the UK. Magnetics strips and signatures are being replaced by smart-cards and PINs. Card readers with keypads on the customer side of the till are appearing all over the place.
  There is a website as part of the campaign letting people know about the new system.
  I'm not all that convinved. At least a signature can be hard to forge (they do check properly sometimes at least), but it's all too easy to watch someone type in their PIN then mug them outside for their card, then buy stuff in the few minutes before they ring and get the card cancelled.
  
  --
  Chernobyl 'not a wildlife haven' - BBC News
7. Re:The problem is isn't the hackers. by cduffy · 2004-11-02 10:22 · Score: 1
  
  Back when I was in school I got a small (summer project) research grant for "Design and Implementation of a Secure Credit Card Replacement". The system it described was a small embedded device with a keypad (for entering both prices and PINs), a private key, a public identifier, a counter and a one-way hash mechanism.
  
  The end result is that you'd tell it how much you wanted to pay and put in your PIN, and it's give back a string that could be given to the credit company to process a transaction -- but only for that exact amount, and only once. 'Twas an interesting project, but it would require a lot of hardware and software expendature to implement, and so was never likely to go anywhere in practice.
Interesting by cuteseal · 2004-11-01 10:38 · Score: 0

Sounds interesting, a new angle on the popular CSI stories that are in fashion at the moment. I can't quite pick up whether this is more textbook reading or has entertainment value. The last book I read on cybercrime bored me to tears so much that I almost hacked into the author's bank accounts and donated his wealth to starving children in Africa.

--
The friendliest digital photography forums on the net!
1. Re:Interesting by Anonymous Coward · 2004-11-01 10:54 · Score: 0
  
  ...this book is an interesting read. It's not a textbook, nor it is technical by nature.
Comment removed by account_deleted · 2004-11-01 10:38 · Score: 2, Informative

Comment removed based on user account deletion
Grep?! by rbanffy · 2004-11-01 10:46 · Score: 1

If I remember correctly, grep can hardly be called a Linux tool.

The first time I saw it was on a Unix system - a very big box with about 50 serial terminals and the brains of a Palm Pilot (a 68020 or 030) that predated Linux by almost a decade. I am not aware of any previous incarnations of it, but I am not old enough to remember any.

And, most probably, we are talking about GNU grep, which is as much Linux as it's Hurd or Cygwin

--
http://www.dieblinkenlights.com
While we're still not completely on the subject... by E+IS+mC(Square) · 2004-11-01 10:50 · Score: 0

Intersting loop: What if an employee of a company protecting your data leaves the security firm and also leaves some backdoor access? After all, he/she has the inside information of the security of the security firm!

I mean, I am not able to find ^C, and it seems to be looping on and on.
Not ID theft, but Child Porn in chapter by Pyperkub · 2004-11-01 10:51 · Score: 2, Informative

Actually, in the sample chapter, the author speaks of arresting someone who was running what appears to be a child porn ISP out of his apartment, in addition to having stolen workstations and passwords from local universities. Not ID theft at all in this case.
1. Re:Not ID theft, but Child Porn in chapter by Anonymous Coward · 2004-11-01 14:37 · Score: 1, Informative
  
  And the reason he got arrested was because he didn't pay his rent.
simple answer by BorgCopyeditor · 2004-11-01 10:54 · Score: 1

Who performs the forensic search and participates in sting operations?
That's simple. The agents hire film noir detectives to hunt down hackers like Trinity.

--
Shop as usual. And avoid panic buying.
But does it tell me what I really need to know? by Anonymous Coward · 2004-11-01 11:11 · Score: 0

That is, does it tell me how to commit high-tech crimes and cover up my tracks so that I can get away with it? Is the target audience of this book those people trying to stop high-tech criminals, or is it the high-tech criminals themselves?
Re:The problem is isn't the PINs by beanluc · 2004-11-01 11:30 · Score: 2, Insightful

This might help with stolen CC's but that's not what identity theft is.

If I apply for and receive a brand new CC in your name, you'll never know what my PIN will be :)

actually it will be 1234. OK?

--
Say it right: "Nuc-le-ah Powah".
(Network+Residence) - Rent = Probable Cause!?! by Anonymous Coward · 2004-11-01 11:31 · Score: 0

...The NYPD cops arrived quickly to inspect the apartment. They immediately determined that the "TVs" in the room were actually computer monitors. The "other electrical stuff" was computer and networking equipment. With that mystery solved, a new one arose. What were all of these devices being used for? This was a residential apartment, not an office, so this equipment seemed very out of place. The cops were unsure as to how the equipment was being utilized and decided to play it safe. They posted a couple of officers to guard the place and left...

Holy crap! I have a number of computers networked in my residence, and I'm behind on my rent, too!! I wonder what I've been up to...!?!
Re:The problem is isn't the PINs by Anonymous Coward · 2004-11-01 11:57 · Score: 1, Funny

Wow... That's the same number as on my luggage...
How does this rate a 9? by Kyrka · 2004-11-01 12:07 · Score: 1, Flamebait

I don't post on /. frequently... but this one caught my attention. I posted earlier, and shortly thereafter decided to take a look at the freely available Chapter 3 on the Addison-Wesley site, after having lurked across the author's website.
Based merely on the contents of the free chapter I am appalled... to think that a BA from Rutgers, a Masters from Rutgers, and an MBA anticipated in May of 2005 from Columbia University... produces such drivel. I don't mean to insult Mr. Branigan, but the whole tone of his writing style smacks of back-woods self-aggrandizement more than that of a professional. It further solidifies my belief that a college degree, while looking great hanging on the wall in the den, is only useful when trolling for a job. (Required to pay for said degrees, etc.)
Either that, or he (and Addison Wesley) have assumed this book is written solely for the entertainment of a 6th grade reader. If you're looking for a book you can really sink your teeth into on a subject such as this, skip the anecdotes and go for the "Cybersecurity Operations Handbook" by John W. Rittinghouse and William M. Hancock. You can find it here. Or better yet, hop out to The SANS Institute and get yourself some tolp-quality training.
On a ten-scale, I'd have to give this one a 5 folks.
1. Re:How does this rate a 9? by ralphcringely · 2004-11-01 19:42 · Score: 1
  
  Agree. A five. Childish. Talks down to his readers.
  In the sample chapter, we never learn what Wrongheaded Wesley was doing with those T1 lines. The chapter would have had a satisfying conclusion if Branigan had described the perps businesses, at least in outline.
  
  --
  Tell me again, who knew Mary was a virgin, and how did they know?
Spot the cliche... by Dogtanian · 2004-11-01 12:15 · Score: 1

Let's ignore the awful title which sounds like a cross between a formulaic "how-to" computer book and a lazy cash-in.... what I really disliked was the picture on the cover.

Numerals and/or ASCII projected onto someone's face has got to be one of *the* most overused (and, now that I think about it, dated) effects in computer magazine and book illustration.

Sure, it was cool when the Internet was becoming big news and it spelled instant hacker-cred (in a 'Hackers'- the movie- type of way); it was probably dated and overdue for retirement (*) by the time of the dotcom boom.

At any rate, the cover screams "bandwagon-jumping computer book circa 1997" to me. But that's just my opinion... :)

(*) The original meaning of retirement would work here, but it might be more fun to think of it in the "Blade Runner" sense.

--
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
Forensics is only cool... by Xenophon+Fenderson, · 2004-11-01 12:24 · Score: 1

when (0) other people are doing all of the boring detail work and (1) you are actually allowed to take someone to court (and win). And for you net.security wannabees out there, forensics == boring, painstaking, CYA detail work and internal politics == VIPs surfing kiddie pr0n don't get hauled off to jail. Very, very frustrating.

But then again, who here watches CSI and thinks it's an accurate representation of an exciting career in criminal forensics?

--
I'm proud of my Northern Tibetian Heritage
augment this book by reading: by museumpeace · 2004-11-01 12:26 · Score: 4, Informative

the standards the feds will use to crack your hard drive if you are ever investigated: from my trove of rejected articles:
2004.10.11: "the standard for getting evidence from a computer"
Most of us love, or have at least grown highly dependent upon our computer[s] and PDAs, some of us keep very personal stuff in our computer. So here is a sobering little page on how your government plans to interrogate your hard drive if you ever fall afoul of the law. NIST is asking for comments by November 1 on a draft proposal of ways and standards to prove that a disk imaging tool is accurately dredging up your dirty little secrets. NIST also has a brief article about how it is looking into ways to recover forensic data from PDAs. The most interesting link there pointed to a PDF describing some tools you may not be aware of. The DOJ and Homeland Security put NIST up to this task.
"....Counsel for the defense my now cross examine the FAT."

--
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
1. Re:augment this book by reading: by Anonymous Coward · 2004-11-01 13:27 · Score: 0
  
  I see why the article wasn't accepted: It links to a lot of pages specifying common sense requirements for data integrity when using forensic tools. They're bureaucratic requirements so that police officers can't be (legally) conned into buying Joe's Discount Forensic Toolkit and lose a bunch of cases due to evidence handling errors. Big deal.
  
  You do have to love the PDA document that gives an overview of dd, though. I wonder why they didn't just include the man page?
2. Re:augment this book by reading: by Anonymous Coward · 2004-11-01 14:44 · Score: 0
  
  An aquaintance of mine had his hard drive "voulintarily" searched by law-enforcement. They were told his computer (with no internet connection) contained "kiddie-porn" and asked his permission to search it. He did not feel he had much choice in the matter and let them take a look.
  
  They inserted a self-booting CD and soon images of documents and pictures were presented on screen as thumbnails. They just sort of streamed by. There were a few files that the program could not read and he had to demonstrate (open them) to the deputy or his computer would have been siezed. I think they were simple zip files that it would not open...
  
  He was off the hook, there was nothing remotely suspicious on the computer. The problem that I saw with this was that this was a Win 9x machine with a FAT file system and only basic commercial programs on the machine.
  
  If they had looked at my computer, I wondered if they wouldn't have siezed it because of protected files on an ecrypted, compressed file system? And I'm only running NTFS and password protect some files to keep the kids from snooping (nothing I want anyone but me to see, but nothing illegal).
3. Re:augment this book by reading: by serutan · 2004-11-01 16:16 · Score: 2, Interesting
  
  Not sure how it's sobering that criminologists want tools to search computer data. They have tools to identify fingerprints, DNA, hair samples, shoes, clothing fiber, sperm, you name it. If the documents you reference were standards for scanning everybody's hard drive over the Internet, I would understand your reaction, but they aren't.
  
  If your car got stolen, and the cops found your engine block in somebody's garage along with a pile of other car parts, you might want them to search the guy's computer for names and addresses of people he's sold cars to. At least I would.
Summary: Linux good for kiddy porn by Anonymous Coward · 2004-11-01 13:15 · Score: 0

All the other replies seem to be anectodal stories about how the common tools don't work so well on non-PC platforms.
That's just what they want you to think!
Here's one for ya, by John+Sokol · 2004-11-01 13:29 · Score: 1

http://www.dnull.com/~sokol/unix/article1.txt

http://www.videotechnology.com/about.html Just so you can see the above link is wrong.

--
I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
The Tools by Wanker · 2004-11-01 13:47 · Score: 1
The tools are nothing particularly complicated, generally a boot CD, a spare hard drive slightly larger than the original, and any reasonably modern PC are all you need. I've never seen anyone use a hardware-based disk copier, they all just use PCs with linux boot disks and "dd". Maybe I'm just seeing people with a lower budget...

Some common tools:
- The Coroner's Toolkit (getting a bit dated)
- The Sleuth Kit
- Helix
SANS offers a really nice class on computer forensics (track 8), if you have about $3000.00US lying around.

These tools work nicely on Linux, reiserfs, xfs, etc. in addition to the ubiquitous Win32 filesystems.
Re:Better yet... by symbolic · 2004-11-01 14:49 · Score: 1

Buy it for the same price at Nerdbooks.com

Unlike Amazon, they don't hold any stupid "one-click" patents, and I've received EXCELLENT service every time I've ordered from them.
Re:The problem is isn't the PINs by SlimFastForYou · 2004-11-01 22:43 · Score: 1

Holy toledo that's my Slashdot password!
mitnick... by zxflash · 2004-11-01 23:14 · Score: 1

the art of deception (by kevin mitnick) was a great read if you're interested in the perspective of the "offender"

--

All the torrents you could want.
If only he hadn't weighed the same as a duck... by Shoten · 2004-11-02 02:06 · Score: 1

I just read the sample chapter, and I'm not entirely impressed. What disturbed me was how it played out; this guy (the criminal) goes for six months without paying his rent...okay, so far, so good, he's a scumbag. The landlord finally, after much effort, is able to evict him. So far so good there too. But then the landlord and the cop see......a home network! Oh my god! He must be dealing in stolen goods! Seal the room as evidence! And the author is called in, with the sole basis of suspicion being that this guy had a bunch of computers running in his home. I wonder how many of us would have our homes sealed and systems seized as potential evidence if these buffoons happened to visit our homes instead of this guys.

Now, of course, in this case it turned out the guy was a thorough scumbag and a crook, and in the course of things he also proceeded to do dumbass thing after dumbass thing, which helped the police. But finding a real witch here and there doesn't make a witch-hunt acceptable.

--

For your security, this post has been encrypted with ROT-13, twice.
dont trust the file system by dwhite20899 · 2004-11-02 02:35 · Score: 1

dd | strings | grep -i hack
shadowcrew by torrents · 2004-11-02 03:24 · Score: 1

if you're looking to buy books as howto giudes you'd best pay cash... what happened to shadowcrew should serve as a reminder that "they" may be watching you.

--
Get your torrents...