High-Tech Crimes Revealed

Alex Moskalyuk writes "When reading about the computer crimes, we are usually told the victim's point of view. We learn about the thieves stealing thousands of credit card numbers and identity theft victims, who lost their credit history with the wallet they lost at the mall. But how do criminals ever get caught? Who performs the forensic search and participates in sting operations?" Read on for Alex's review of High-Tech Crimes Revealed, which addresses these questions. High-Tech Crimes Revealed author Steven Branigan pages 448 publisher Addison-Wesley rating 9 reviewer Alex Moskalyuk ISBN 0321218736 summary Cyberwar Stories from the Digital Front Steven Branigan is a cop, a system administrator, an Internet security consultant and network security researcher. Ex-employee of Bell Labs now is a founder of a company that "specializes in solving leading edge computer and network security issues."

The book is a collection of high-tech investigations performed by Branigan in cooperation with the police force and sometimes the Feds. Generally Branigan would be involved in forensic research of the evidence and be on the scene as the "computer expert" that cops would refer to when dealing with cybercrime.

Twelve chapters take us through some of the high-tech crimes that the Western world faces today. An attack on the telephone network (unauthorized access to the switches), backdoors left at the former employer, hacking into university networks and the well-publicized identity theft are all covered in the book. Branigan brings up anecdotal evidence from his own career, describes some of his cases in great detail, and provides advice for practitioners in the forensics field.

The author is a Linux/Unix/BSD guru, and he shares his methods for retrieving telltale data from the equipment that the criminals leave behind. He also talks about the generic problems that law enforcement faces when investigating a high-tech crime - how do you obtain a warrant, what's a proper way to conduct searches, how do you work with the confiscated computer so that all the data is left intact?

However, don't expect some secrets to pop-up in regards to data collection - Branigan uses commonly available Linux tools like grep for searching the suspect's hard drive for needed data. More often that not, the investigator, it turns out, depends on his experience, not the book knowledge - one has to recognize the network sniffer log when they see it, and be capable of recognizing the tools freely downloadable from security sites.

Thus it's not surprising that there are some chapters in the book dedicated purely to the author's experience in the field. He describes working with the hackers who have been arrested, discusses how rootkits are spread around, discusses the motivation behind the network attacks (it's not always money, to say the least), describes the structure of a hacking ring and their potential revenues and also talks about ways to unravel the networks. His motto? No crime is too small, and sometimes things so little as missing the rent can lead to more discoveries and tie-ins into bigger crimes.

If you're thinking about becoming a security consultant, a law enforcement officer or just a sysadmin with better than average knowledge of security, this book is an interesting read. It's not a textbook, nor it is technical by nature. It reads more like a detective story, except the stories are real, the culprits are real and so are the victims. One can read the book on two levels - as a forensics tutorial (however, don't expect extended technical tutorials and tools overview) or as an autobiography of a cop, who had to deal with high-tech crimes all his life. If you liked Art of Deception or Hacking: The Art of Exploitation , this title would be a perfect complement.

Chapter 3, If Only He Had Paid the Rent, is available online from Addison-Wesley.

Alex enjoys reading programming, technology and business tech books in his spare time. He also keeps a list of free books available on the Internet for tech readers on a budget. You can purchase High-Tech Crimes Revealed from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, carefully read the book review guidelines, then visit the submission page.

NYLUG meeting

[MoralHazard]

Steve also gave a presentation a couple of weeks ago to the NYLUG, which any of you New Yorkers might have caught. I think they have video footage of the talk on the website, www.nylug.org. The talk was better-than-average for this kind of thing.

The book has some great war stories, too. The entertainment value is worth something. ...Although I should disclose that I work with him, so you'll probably want to judge for yourself.

Re:What is the best way to increase security?

[AndroidCat]

Make damned sure you have permission, in writing, for all the computers and networks that you run these tools against. (And make sure the tools aren't trojans themselves.)

Re:What is the best way to increase security?

[Spellunk]

Absolutely not. Every single "hacker" I have seen is pretty much just running scripts they found elsewhere.

I was in an IRC channel one night, and some of the kids couldn't even figure out how to compile the code they had using Visual Studio.

The only problem is that most of these kids had no fear in commiting any crime, and it appears to me that they make up the majority of computer criminals.

So, preparing to be attacked by common methods is probably the best defense.

Re:What is the best way to increase security?

[zaffir]

I started typing out a 100% complete answer to this, and it's way too big. Or at least i can't think of a simple way of getting all of my points across. So i hope this will suffice:

The point of using the open source tools is to probe the network for possible vulnerabilities. Look at nmap for example. It's a port scanner, and a damn good one. Unless some cracker is really, REALLY good he won't be able to improve on it. It'll be what he's using. Not to mention it's the best that your friend has available - he can't get ahold of those custom-made tools if they're any better.

As far as finding non-published vulerabilities in the applications you use, the biggest factor is your brain.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Not ID theft, but Child Porn in chapter

[Pyperkub]

Actually, in the sample chapter, the author speaks of arresting someone who was running what appears to be a child porn ISP out of his apartment, in addition to having stolen workstations and passwords from local universities. Not ID theft at all in this case.

Re:Not ID theft, but Child Porn in chapter

And the reason he got arrested was because he didn't pay his rent.

augment this book by reading:

[museumpeace]

the standards the feds will use to crack your hard drive if you are ever investigated: from my trove of rejected articles:
2004.10.11: "the standard for getting evidence from a computer"
Most of us love, or have at least grown highly dependent upon our computer[s] and PDAs, some of us keep very personal stuff in our computer. So here is a sobering little page on how your government plans to interrogate your hard drive if you ever fall afoul of the law. NIST is asking for comments by November 1 on a draft proposal of ways and standards to prove that a disk imaging tool is accurately dredging up your dirty little secrets. NIST also has a brief article about how it is looking into ways to recover forensic data from PDAs. The most interesting link there pointed to a PDF describing some tools you may not be aware of. The DOJ and Homeland Security put NIST up to this task.
"....Counsel for the defense my now cross examine the FAT."