Slashdot Mirror

← Back to Stories (view on slashdot.org)

High-Tech Crimes Revealed

Posted by timothy on from the alex-is-behind-all-of-them-at-once dept.

Alex Moskalyuk writes "When reading about the computer crimes, we are usually told the victim's point of view. We learn about the thieves stealing thousands of credit card numbers and identity theft victims, who lost their credit history with the wallet they lost at the mall. But how do criminals ever get caught? Who performs the forensic search and participates in sting operations?" Read on for Alex's review of High-Tech Crimes Revealed, which addresses these questions. High-Tech Crimes Revealed author Steven Branigan pages 448 publisher Addison-Wesley rating 9 reviewer Alex Moskalyuk ISBN 0321218736 summary Cyberwar Stories from the Digital Front Steven Branigan is a cop, a system administrator, an Internet security consultant and network security researcher. Ex-employee of Bell Labs now is a founder of a company that "specializes in solving leading edge computer and network security issues."

The book is a collection of high-tech investigations performed by Branigan in cooperation with the police force and sometimes the Feds. Generally Branigan would be involved in forensic research of the evidence and be on the scene as the "computer expert" that cops would refer to when dealing with cybercrime.

Twelve chapters take us through some of the high-tech crimes that the Western world faces today. An attack on the telephone network (unauthorized access to the switches), backdoors left at the former employer, hacking into university networks and the well-publicized identity theft are all covered in the book. Branigan brings up anecdotal evidence from his own career, describes some of his cases in great detail, and provides advice for practitioners in the forensics field.

The author is a Linux/Unix/BSD guru, and he shares his methods for retrieving telltale data from the equipment that the criminals leave behind. He also talks about the generic problems that law enforcement faces when investigating a high-tech crime - how do you obtain a warrant, what's a proper way to conduct searches, how do you work with the confiscated computer so that all the data is left intact?

However, don't expect some secrets to pop-up in regards to data collection - Branigan uses commonly available Linux tools like grep for searching the suspect's hard drive for needed data. More often that not, the investigator, it turns out, depends on his experience, not the book knowledge - one has to recognize the network sniffer log when they see it, and be capable of recognizing the tools freely downloadable from security sites.

Thus it's not surprising that there are some chapters in the book dedicated purely to the author's experience in the field. He describes working with the hackers who have been arrested, discusses how rootkits are spread around, discusses the motivation behind the network attacks (it's not always money, to say the least), describes the structure of a hacking ring and their potential revenues and also talks about ways to unravel the networks. His motto? No crime is too small, and sometimes things so little as missing the rent can lead to more discoveries and tie-ins into bigger crimes.

If you're thinking about becoming a security consultant, a law enforcement officer or just a sysadmin with better than average knowledge of security, this book is an interesting read. It's not a textbook, nor it is technical by nature. It reads more like a detective story, except the stories are real, the culprits are real and so are the victims. One can read the book on two levels - as a forensics tutorial (however, don't expect extended technical tutorials and tools overview) or as an autobiography of a cop, who had to deal with high-tech crimes all his life. If you liked Art of Deception or Hacking: The Art of Exploitation , this title would be a perfect complement.

Chapter 3, If Only He Had Paid the Rent, is available online from Addison-Wesley.

Alex enjoys reading programming, technology and business tech books in his spare time. He also keeps a list of free books available on the Internet for tech readers on a budget. You can purchase High-Tech Crimes Revealed from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, carefully read the book review guidelines, then visit the submission page.

14 of 114 comments (clear)

  1. Double-edged? by fembots · · Score: 5, Interesting

    I wonder if the author left out some "secret methods" he used in the field, since his now owns a company that specializes in solving leading edge computer and network security issues, those methods can be valuable trade secrets.

    And high-tech criminals can also learn from others' mistakes and be more careful next time if the author detailed enough of how he traced a criminal.

    So do slashdotters have any of these "secrets" to share?

    --
    Rock that crushes, Paper & Scissors that don't matter.
    1. Re:Double-edged? by MoralHazard · · Score: 3, Interesting

      Wait a minute, though... Of ALL the criminal cases in this country that end in conviction, upwards of 90% never go to trial, period. So I don't think you can start a specific argument about computer crime based on this.

      And yes, I will admit, I have seen many MANY instances of Federal or local law-enforcement agencies (don't want to name names) that did absolutely stupid things in computer crime investigations--truly amatuerish, moronic, bumbling clod-like behavior. But I have also seen very good work, top-notch hero shit, from those same outfits. So I don't think you can premise an argument on failues of sophisitication in law-enforcement agencies, because you're dealing with a very diverse and mixed bag, even just within a given agency.

      But the REAL point is that you don't need to actually go on the stand to get investigative experience. That's trial experience, and it speaks to a different set of skills. You'd be surprised at how few cases some of the top people in the forensics field have ever actually testified in. But they still have experience, because they still performed investigations: collecting and analyzing data, preparing hypotheses and testing them until they have a provable, probable theory, and presenting those findings in a useful way.

      Like I said, this isn't true of every agent or officer that ever worked as an investigator, but my original point is that you can't get this experience outside of actually doing it. The fact that some of the people working in this field haven't learned very much just says that those people are idiots. And yes, there are some idiots in LE agencies, the same as every organization.

      And BTW, computer forensics don't take that long at all, in most cases. If you're talking about having to run keyword searches against the hard drives, network shares, and email archives (including backup tapes) for 200+ users, that will surely take a while, but it's only because of the volume of data involved. Criminal cases involving computer forensics rarely, in my experience, involve more than a handful of data sources, of which hard drives are probably the largest type. And at 25-40 MB/sec, you can search a lot of data in a day.

    2. Re:Double-edged? by sjames · · Score: 2, Interesting

      We should be advocating secrecy around how these crimes are solved because the next criminal might learn, and won't make the same mistake as the last one?

      One might think that, but apparently most criminals just aren't all that bright. I suppose most people bright enough to stand a decent chance of getting away with it are bright enough to get a real job that will have better hours, less risk, and better pay on average than crime.

  2. Find the expert by BWJones · · Score: 5, Interesting

    So, one of the important things I hope this book demonstrates (not read the book, yet) is that for proper scientific or forensic analysis, you find the right/relevant talent or subject matter expert to examine your data. For instance, some years ago I was stunned to find out that the FBI had been shipping hard drives from Apple Macintosh systems to the Royal Canadian Mounted Police for investigation. Apparently, the RCMP had established themselves as the subject matter experts and were the right folks to send data to from Apple systems. Of course this brings up all sorts of International issues, but that is only one example.

    My point is simply that forensic agencies should not always attempt to do it all themselves. Rather it would be appropriate to build a network of subject matter experts and then approach the problem by having the best "eyes" examine the problem rather than always presuming your local agency/facility has all of the tools.

    --
    Visit Jonesblog and say hello.
    1. Re:Find the expert by Apreche · · Score: 5, Interesting

      A computer forensics guy came to talk to my computer crime class last year. He showed us this windows tool they use to look at confiscated drives. Pretty much first they make a bit for bit copy of a drive onto a drive of equal or greater size using a hardware device. Then they put the original drive away in the evidence box without touching it again.

      Then they use this software tool, which I forget the name of, which is the only tool that holds water in a court of law. It examines the whole drive one piece at a time to recreate every file on all partitions and filesystems even if the files are "deleted". His example was how he caught a bunch of kiddy porn perverts.

      Well that's great for catching those guys, but against someone using out of the ordinary stuff this guy is screwed. I've got serial ATA drives and reiser4 and xfs file systems. I'm willing to bet that he doesn't have a hardware drive copier that supports SATA. And his software doesn't recognize reiser4 or xfs. He would either need a different tool or he would have to send the drive someone higher up to be examined. And if the case is too small they wont bother. The real problem is that the average nerds and the hackers are so far ahead of the forensics guys in terms of knowledge about modern technology and software that they can't keep up. Hackers will always have bleeding edge tools, and police budgets can't

      --
      The GeekNights podcast is going strong. Listen!
    2. Re:Find the expert by tomhudson · · Score: 2, Interesting
      It examines the whole drive one piece at a time to recreate every file on all partitions and filesystems even if the files are "deleted".
      ... which is SO lame - all it does is
      1. replace every deleted filename that begins with an "*" with a letter (file now shows up) - whoop-de-doo
      2. for unallocated or de-allocated fragments, add an entry into the table with a random string, and pointing to the first sector - voila - a new file
      Their "toolkit" is just a bunch of perl scripts and
      dd if=/dev/hdc1 of=hdd1
      ... and variants of the same (but we'v known that for, what, 3-4 years?)
  3. Finally, someone who has some truth to them by AcidFnTonic · · Score: 3, Interesting

    I think its great to finally strip away the bull and finally get a true report of whats happened. We dont need words like malicious, evil or anything else like that in a news story. That show bias and is an obvious suggestion of whos in the right. Im not all saying hackers are good, but at least point out the other group who actually go out to bring in the bad guys.... or what about the "hackers" back from the homebrew computer club days... we owe alot to hackers and its great that finally we get an unbiased source from the neutral perspective

    --
    Sometimes the majority just means all the morons are on the same side.
  4. False positives? by Anonymous Coward · · Score: 4, Interesting

    If someone being suspected of a software security crime, can the defendent ever be convicted? After all, there were a couple of cases in UK that child porn possessors become free because they claimed the offending files come from 'self-destruct trojans'. Wouldn't criminals get away with that as well?

  5. While we're on the subject... by Andr0s · · Score: 4, Interesting

    Seems like a rather interesting subject - sure to give it a shot. Though it does make me wonder a certain something: Considering the rate of cybercrime is growing at astronomical rate, and causing stellar amounts of damage on a daily basis, how come there are no private cybercop agencies?

    You know, companies you could hire to protect your bank clients from fraud or track already committed frauds, with proverbial cyberspace license to kill? After all, as so many net-renegades and rebels love to point out, cyberspace is free, and refuses to conform to laws of individual countries. That means a cyber-protection company stationed in some of more lawless countries, such as parts of Asia or former USSR could 'execute' ISPs who tollerate fraud originating from their servers or users or companies who actively engage in fraud and spam through well tested methods of DDoSing, server hacking etc?

    I know, not completely on-topic... that's why I waited for someone else's first post :)

    --
    '...computers in the future may have only 1000 vacuum tubes and perhaps weigh 1.5 tons...' Popular Mechanics, 03/49'
  6. Missing rent? try 75 cents! by kc8jhs · · Score: 4, Interesting

    That's not that big of a deal, we all know that Clifford Stoll started his famous chase after a mere 75 cent discrepency in the accounting system of Lawrence Berkley Laboratories.

    -Mikey P

  7. Going Phishing... by gandell · · Score: 2, Interesting

    I can't say what the answer is in all cases, but in some security violations such as phishing, there's an easy to follow audit trail. Setup of servers, tracable IP addresses, etc. Yes, most hackers worth their salt spoof their IP, but that doesn't mean that they don't make mistakes. The ones who get caught and pay a stiff penalty usually have larger targets (as in NYtimes.com). And when they do get caught, sometimes the book is thrown to make an example (Mitnick). Claiming self-destructing trojans is a hard case to make if your case gets the attention of the government.

    --
    Mercy was given to me by Christ...I must give the same to others.
  8. Read the Sample Chapter by Marxist+Hacker+42 · · Score: 5, Interesting

    At the end- this guy pled guilty just two months before all the evidence was destroyed in the 9-11 attacks....what a trippy ending!

    --
    SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
  9. The problem is isn't the hackers. by John+Sokol · · Score: 4, Interesting

    The problem is isn't the hackers stealing people identity. There have always been unscrupulous people and there aways will be.

    Most peopel that do ID theft I'd hardly qualify as a hacker. There is nothing high tech required, none ever need a computer to do it. A computer can't even really help to commit these illegal acts.

    What the problem is, is that a simple 16 digit Credit Card number can be used as cash by anyone who knows those numbers. There is no protection what so ever! None, nada, nill, nothing what so ever! I it's almost like leaving a wallet full of cash on the sidewalk. Can you blame the person who finds it and doesn't turn it in?

    Same thing for Identity theft anyone who knows your address, birthdate and SSN# , Mother maden name, birth place can be you! They can empty your checking account, buy a house, or a car and you have to pay the price. These several facts are totaly unacceptable on the part of those who accept this totaly unprotectable data as proof positive evidence of your ID.

    Currently you can get a credit card is some one else's name easier then you can get a job in there name. When getting a job they require at least 2 to 3 forms of ID and make copys of it for verification of work elegablity and Fine a company heavily for failing to do so.

    The Credit origanization are happy to give you credit without checking it's really you. Then can take a Guilty until proven innocent stance with almost no recourse what so ever! Any you stay punished until proven otherwise. Meaning your cash is seized, credit runied, house lost etc...

    As a matter of fact it so easy for them to go after you, even when it wasn't you who they made the loan with, that they have little incentive to fix the problem! Why should they?

    The burden should be put on those who are lending or providing money. If they said they had loaned me money, the burden to prove that they gave it to me should be them. If they couldn't produce adaquate proof and whould have to eat that lost money, I'm sure they would fix the ID theft problem overnight.

    There is a real need to come up with more secure form of identification. Something that requires more then a 3rd Grade Education to crack.

    The reason that I don't point at the goverment is that it against the LAW to use a SSN as a form of ID, although almost all Credit/Banks do use it as such. This needs to be enforced! Maybe if you want a Credit card or a Bank loan, you need to get a specialy issued ID card from some consortium of banks, where they finger print of you, take a photo and meet you in person, it's harder lie to someones face! This ID Card could use a DES/AES or some other harder to break system that required more then a pen and paper of photo copy machine to break.

    At least that's my humble opinion.

    --
    I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
  10. Re:augment this book by reading: by serutan · · Score: 2, Interesting

    Not sure how it's sobering that criminologists want tools to search computer data. They have tools to identify fingerprints, DNA, hair samples, shoes, clothing fiber, sperm, you name it. If the documents you reference were standards for scanning everybody's hard drive over the Internet, I would understand your reaction, but they aren't.

    If your car got stolen, and the cops found your engine block in somebody's garage along with a pile of other car parts, you might want them to search the guy's computer for names and addresses of people he's sold cars to. At least I would.