High-Tech Crimes Revealed 114
| High-Tech Crimes Revealed | |
| author | Steven Branigan |
| pages | 448 |
| publisher | Addison-Wesley |
| rating | 9 |
| reviewer | Alex Moskalyuk |
| ISBN | 0321218736 |
| summary | Cyberwar Stories from the Digital Front |
The book is a collection of high-tech investigations performed by Branigan in cooperation with the police force and sometimes the Feds. Generally Branigan would be involved in forensic research of the evidence and be on the scene as the "computer expert" that cops would refer to when dealing with cybercrime.
Twelve chapters take us through some of the high-tech crimes that the Western world faces today. An attack on the telephone network (unauthorized access to the switches), backdoors left at the former employer, hacking into university networks and the well-publicized identity theft are all covered in the book. Branigan brings up anecdotal evidence from his own career, describes some of his cases in great detail, and provides advice for practitioners in the forensics field.
The author is a Linux/Unix/BSD guru, and he shares his methods for retrieving telltale data from the equipment that the criminals leave behind. He also talks about the generic problems that law enforcement faces when investigating a high-tech crime - how do you obtain a warrant, what's a proper way to conduct searches, how do you work with the confiscated computer so that all the data is left intact?
However, don't expect some secrets to pop-up in regards to data collection - Branigan uses commonly available Linux tools like grep for searching the suspect's hard drive for needed data. More often that not, the investigator, it turns out, depends on his experience, not the book knowledge - one has to recognize the network sniffer log when they see it, and be capable of recognizing the tools freely downloadable from security sites.
Thus it's not surprising that there are some chapters in the book dedicated purely to the author's experience in the field. He describes working with the hackers who have been arrested, discusses how rootkits are spread around, discusses the motivation behind the network attacks (it's not always money, to say the least), describes the structure of a hacking ring and their potential revenues and also talks about ways to unravel the networks. His motto? No crime is too small, and sometimes things so little as missing the rent can lead to more discoveries and tie-ins into bigger crimes.
If you're thinking about becoming a security consultant, a law enforcement officer or just a sysadmin with better than average knowledge of security, this book is an interesting read. It's not a textbook, nor it is technical by nature. It reads more like a detective story, except the stories are real, the culprits are real and so are the victims. One can read the book on two levels - as a forensics tutorial (however, don't expect extended technical tutorials and tools overview) or as an autobiography of a cop, who had to deal with high-tech crimes all his life. If you liked Art of Deception or Hacking: The Art of Exploitation , this title would be a perfect complement.
Chapter 3, If Only He Had Paid the Rent, is available online from Addison-Wesley.
Alex enjoys reading programming, technology and business tech books in his spare time. He also keeps a list of free books available on the Internet for tech readers on a budget. You can purchase High-Tech Crimes Revealed from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, carefully read the book review guidelines, then visit the submission page.
Double-edged? (Score:5, Interesting)
And high-tech criminals can also learn from others' mistakes and be more careful next time if the author detailed enough of how he traced a criminal.
So do slashdotters have any of these "secrets" to share?
Re:Double-edged? (Score:5, Insightful)
As for learning from your mistakes, sometimes it's a mistake - and sometimes it's simply impossible. You leave a trace behind you on the internet, on your network, and on your computer. It's hilarious to me how many low-tech criminals get caught for crimes they thought were untraceable. A deer in headlights (or whatever your favorite cliche is).
Re:Double-edged? (Score:5, Funny)
Branigan uses commonly available Linux tools like grep for searching the suspect's hard drive...
by double-edged:
I wonder if the author left out some "secret methods" he used in the field
yes. fgrep [opengroup.org]
This just in ... (Score:1)
into the 1st edition of the book is:
"Google Desktop Search". Doh!
Re:Double-edged? (Score:5, Funny)
We should be advocating secrecy around how these crimes are solved because the next criminal might learn, and won't make the same mistake as the last one?
Why?
I don't know the exact statistics, but I am certain the clear majority of criminals are caught and convicted because they made the same mistake that millions of criminals before them made. Mistakes that have been publicized, written about, memorialized in songs, even had entire TV shows made out of them (think Law & Order, COPS, CSI, etc.).
You can tell criminals over and over: "Don't leave behind finger prints when you break and enter." But do they listen? NoooOOOOoo!
--
Error:
Re:Double-edged? (Score:2)
Well it could be that you are ignoring the criminals that don't get caught because they have watched the TV shows... :-)
Re:Double-edged? (Score:1)
Re:Double-edged? (Score:3, Interesting)
We should be advocating secrecy around how these crimes are solved because the next criminal might learn, and won't make the same mistake as the last one?
One might think that, but apparently most criminals just aren't all that bright. I suppose most people bright enough to stand a decent chance of getting away with it are bright enough to get a real job that will have better hours, less risk, and better pay on average than crime.
Re:Double-edged? (Score:1)
Re:Double-edged? (Score:1)
There's little incentive to withhold information, really, because I doubt there are any real "trade secrets" to worry about. Many tech books are written more as a way of increasing the author's (or his company's) profile in the field. If you're a consultant, it's another way to get leads and to impress potential clients. You don't do it for the money, trust me...
Eric
Why I hate Bell Mobility [ericgiguere.com]
Re:Double-edged? (Score:5, Insightful)
1) Every investigation, especially when dealing with computer crime, is going to be different. There aren't really any super-secret methods that ANYone who does normal work in the field (networking, programming, sysadmining) wouldn't already know.
2) Most investigative work has to hew to legal standards for evidence, even if the issue probably isn't going to court, because it MIGHT go to court. Meaning that all of your methods as an investigator have to meet standards for scientific evidence, which requires (among other things) that those methods be widely accepted in the field and peer reviewed. It's hard to keep things secret when they have to be peer reviewed to be useful at all.
3) Good investigators get that way through experience, not training. I've met people with significantly less pure technical skill than I have who can make me look like a fool on the investigative front. The difference is that these kinds of people have years or decades of experiential learning, closed cases, and lessons learned behind them. Skill and method is important, but it's far from being the whole story. And besides, you can always learn new skills by picking up a book/taking a class and then applying them, but you can only get experience from time and getting your ass kicked repeatedly.
(As I've noted elsewhere, I ought to disclose that I work for Steve, so take as you will.)
Re:Double-edged? (Score:4, Interesting)
And yes, I will admit, I have seen many MANY instances of Federal or local law-enforcement agencies (don't want to name names) that did absolutely stupid things in computer crime investigations--truly amatuerish, moronic, bumbling clod-like behavior. But I have also seen very good work, top-notch hero shit, from those same outfits. So I don't think you can premise an argument on failues of sophisitication in law-enforcement agencies, because you're dealing with a very diverse and mixed bag, even just within a given agency.
But the REAL point is that you don't need to actually go on the stand to get investigative experience. That's trial experience, and it speaks to a different set of skills. You'd be surprised at how few cases some of the top people in the forensics field have ever actually testified in. But they still have experience, because they still performed investigations: collecting and analyzing data, preparing hypotheses and testing them until they have a provable, probable theory, and presenting those findings in a useful way.
Like I said, this isn't true of every agent or officer that ever worked as an investigator, but my original point is that you can't get this experience outside of actually doing it. The fact that some of the people working in this field haven't learned very much just says that those people are idiots. And yes, there are some idiots in LE agencies, the same as every organization.
And BTW, computer forensics don't take that long at all, in most cases. If you're talking about having to run keyword searches against the hard drives, network shares, and email archives (including backup tapes) for 200+ users, that will surely take a while, but it's only because of the volume of data involved. Criminal cases involving computer forensics rarely, in my experience, involve more than a handful of data sources, of which hard drives are probably the largest type. And at 25-40 MB/sec, you can search a lot of data in a day.
Grep?! (Score:1)
The first time I saw it was on a Unix system - a very big box with about 50 serial terminals and the brains of a Palm Pilot (a 68020 or 030) that predated Linux by almost a decade. I am not aware of any previous incarnations of it, but I am not old enough to remember any.
And, most probably, we are talking about GNU grep, which is as much Linux as it's Hurd or Cygwin
Find the expert (Score:5, Interesting)
My point is simply that forensic agencies should not always attempt to do it all themselves. Rather it would be appropriate to build a network of subject matter experts and then approach the problem by having the best "eyes" examine the problem rather than always presuming your local agency/facility has all of the tools.
Re:Find the expert (Score:5, Interesting)
Then they use this software tool, which I forget the name of, which is the only tool that holds water in a court of law. It examines the whole drive one piece at a time to recreate every file on all partitions and filesystems even if the files are "deleted". His example was how he caught a bunch of kiddy porn perverts.
Well that's great for catching those guys, but against someone using out of the ordinary stuff this guy is screwed. I've got serial ATA drives and reiser4 and xfs file systems. I'm willing to bet that he doesn't have a hardware drive copier that supports SATA. And his software doesn't recognize reiser4 or xfs. He would either need a different tool or he would have to send the drive someone higher up to be examined. And if the case is too small they wont bother. The real problem is that the average nerds and the hackers are so far ahead of the forensics guys in terms of knowledge about modern technology and software that they can't keep up. Hackers will always have bleeding edge tools, and police budgets can't
Re:Find the expert (Score:2)
Re:Find the expert (Score:2)
This is, of course, true. My guess is that these techniques would be too time consuming and/or expensive to justify their use in 'everyday' cases.
Re:Find the expert (Score:2)
I do not think you mean what you say........
Re:Find the expert (Score:3, Interesting)
... which is SO lame - all it does is
Their "toolkit" is just a bunch of perl scripts and
... a
Re:Find the expert (Score:2)
Re:Find the expert (Score:2)
Most modern file systems don't work that way - clusters are put in a pool for re-use, but the elevator algorythms for most *modern* file systems don't use the first one available - that's why, for example, you don't have to defrag an ext2 file system, and why it's possible to recover a LOT more than you'd think, even on a drive that's got a lot of data re-written.
... and, of course, you can re-create the file chain based on the contents (a bit of manual work, but
Re:Find the expert (Score:2)
Re:Find the expert (Score:2)
The Tools (Score:2)
Some common tools:
SANS [sans.org] offers a really nice class on computer forensics (track 8), if you have about $
CSI:Geek (Score:5, Funny)
Re:CSI:Geek (Score:2)
Re:CSI:Geek (Score:1)
Finally, someone who has some truth to them (Score:3, Interesting)
Re:Finally, someone who has some truth to them (Score:5, Insightful)
Re:Finally, someone who has some truth to them (Score:2)
Re:Finally, someone who has some truth to them (Score:2)
False positives? (Score:4, Interesting)
Going Phishing... (Score:2, Interesting)
While we're on the subject... (Score:4, Interesting)
You know, companies you could hire to protect your bank clients from fraud or track already committed frauds, with proverbial cyberspace license to kill? After all, as so many net-renegades and rebels love to point out, cyberspace is free, and refuses to conform to laws of individual countries. That means a cyber-protection company stationed in some of more lawless countries, such as parts of Asia or former USSR could 'execute' ISPs who tollerate fraud originating from their servers or users or companies who actively engage in fraud and spam through well tested methods of DDoSing, server hacking etc?
I know, not completely on-topic... that's why I waited for someone else's first post
Re:While we're on the subject... (Score:2)
Re:While we're on the subject... (Score:1)
Who knows! Could well be a cool career to get into
Missing rent? try 75 cents! (Score:4, Interesting)
-Mikey P
Read the Sample Chapter (Score:5, Interesting)
Re:Read the Sample Chapter (Score:3, Funny)
Re:Read the Sample Chapter (Score:2)
Re:What is the best way to increase security? (Score:2, Informative)
Re:What is the best way to increase security? (Score:2)
http://www.counterhack.net/permission_memo.html [counterhack.net]
Don't end up with a massive legal bill, and multiple felonies on your record like noted Perl author Randal Schwartz did:
http://www.lightlink.com/spacenka/fors/ [lightlink.com] (Cache: http://www.lightlink.com.nyud.net:8090/spacenka/fo rs/ [nyud.net])
Re:What is the best way to increase security? (Score:2, Informative)
I was in an IRC channel one night, and some of the kids couldn't even figure out how to compile the code they had using Visual Studio.
The only problem is that most of these kids had no fear in commiting any crime, and it appears to me that they make up the majority of computer criminals.
So, preparing to be attacked by common methods is probably the best defense.
Re:What is the best way to increase security? (Score:4, Informative)
The point of using the open source tools is to probe the network for possible vulnerabilities. Look at nmap for example. It's a port scanner, and a damn good one. Unless some cracker is really, REALLY good he won't be able to improve on it. It'll be what he's using. Not to mention it's the best that your friend has available - he can't get ahold of those custom-made tools if they're any better.
As far as finding non-published vulerabilities in the applications you use, the biggest factor is your brain.
Re:What is the best way to increase security? (Score:1)
Educate.
Educating users is the best and (probably?) cheapest thing you can do to improve the security of any enterprise.
Re:What is the best way to increase security? (Score:1)
yes, it is common to test the latest hacking tools and run it against own network. there is not that many new ground-breaking tools. nmap, nessus, dsniff, hping, ... what else? (t
I'll sum up his methods in one line... (Score:1)
Re:I'll sum up his methods in one line... (Score:1)
How about plain old...
grep hack *
Elgon
dont trust the file system (Score:1)
NYLUG meeting (Score:5, Informative)
The book has some great war stories, too. The entertainment value is worth something.
Re:NYLUG meeting (Score:1)
meta name="GENERATOR" content="Microsoft FrontPage 6.0"
meta name="ProgId" content="FrontPage.Editor.Document"
Re:NYLUG meeting (Score:2)
This is nothing more than a promo (Score:5, Funny)
From the make-believe press release:
Almost all of the shows will take place in chat rooms and virtual reality environments. There, the cast will be represented by their chosen avatars, ranging from a hulking Atlas mech to Yuna from FFX to a beatifully rendered Ulala look-alike avatar. "It's not just about the crimes either" says Berny Phillips, one of the lead produces, "there's a lot of character development, too. There is one particular espisode where a characters avatar is threatened and the Atlas mech nearly sacrifices himself to save her. It's very sweet."
Of course, in real-life, all of the cast members are males.
--
I am joking. This is a joke. You have been joked with.
Few cybercriminals get caught (Score:5, Insightful)
There was one guy at Microsoft who made a couple $million selling software that he ordered internally for his department. His mistake was that he put up a website full of photos showing off his lavish house and collection of cars and expensive motorcycles. If the idiot had just kept his big mouth shut and retired he probably would have gotten away with it.
Not ID theft, but Child Porn in chapter (Score:2, Informative)
Re:Not ID theft, but Child Porn in chapter (Score:1, Informative)
Re:Few cybercriminals get caught (Score:2)
The problem is isn't the hackers. (Score:5, Interesting)
Most peopel that do ID theft I'd hardly qualify as a hacker. There is nothing high tech required, none ever need a computer to do it. A computer can't even really help to commit these illegal acts.
What the problem is, is that a simple 16 digit Credit Card number can be used as cash by anyone who knows those numbers. There is no protection what so ever! None, nada, nill, nothing what so ever! I it's almost like leaving a wallet full of cash on the sidewalk. Can you blame the person who finds it and doesn't turn it in?
Same thing for Identity theft anyone who knows your address, birthdate and SSN# , Mother maden name, birth place can be you! They can empty your checking account, buy a house, or a car and you have to pay the price. These several facts are totaly unacceptable on the part of those who accept this totaly unprotectable data as proof positive evidence of your ID.
Currently you can get a credit card is some one else's name easier then you can get a job in there name. When getting a job they require at least 2 to 3 forms of ID and make copys of it for verification of work elegablity and Fine a company heavily for failing to do so.
The Credit origanization are happy to give you credit without checking it's really you. Then can take a Guilty until proven innocent stance with almost no recourse what so ever! Any you stay punished until proven otherwise. Meaning your cash is seized, credit runied, house lost etc...
As a matter of fact it so easy for them to go after you, even when it wasn't you who they made the loan with, that they have little incentive to fix the problem! Why should they?
The burden should be put on those who are lending or providing money. If they said they had loaned me money, the burden to prove that they gave it to me should be them. If they couldn't produce adaquate proof and whould have to eat that lost money, I'm sure they would fix the ID theft problem overnight.
There is a real need to come up with more secure form of identification. Something that requires more then a 3rd Grade Education to crack.
The reason that I don't point at the goverment is that it against the LAW to use a SSN as a form of ID, although almost all Credit/Banks do use it as such. This needs to be enforced! Maybe if you want a Credit card or a Bank loan, you need to get a specialy issued ID card from some consortium of banks, where they finger print of you, take a photo and meet you in person, it's harder lie to someones face! This ID Card could use a DES/AES or some other harder to break system that required more then a pen and paper of photo copy machine to break.
At least that's my humble opinion.
Re:The problem is isn't the hackers. (Score:2)
Re:The problem is isn't the PINs (Score:2, Insightful)
If I apply for and receive a brand new CC in your name, you'll never know what my PIN will be
actually it will be 1234. OK?
Re:The problem is isn't the PINs (Score:1, Funny)
Re:The problem is isn't the PINs (Score:2)
Re:The problem is isn't the hackers. (Score:2)
I have DeCash [decash.com] a scheme where I don't use encryption but unguessable one time pads of sorts to secure cash.
I think of it as limited exposure. Right now I get your card and I have you for $5K or what ever your limit is.
Same thing if I get your ATM and Pin I can get you for $20,000 or more at $450 per day or what ever the daily limit is.
I had a taxi take me to an ATM in Tijuana Mexico once. Well the ATM looked real but wasn't. I must have been a phony machine with a person o
Re:The problem is isn't the hackers. (Score:1)
Re:The problem is isn't the hackers. (Score:2)
I have a patent in the filling process on DeCash, not that it's all that complicated.
It's not a bussiness yet never said it was, I call it a project. I need to get some bussiness people for that project to become a bussiness. Hell maybe I'll try to opensource that too. Since it was really about doing cash on Cell Phones with Harex/Zoop.
Since I already have several startups in the pipe I can't a
Re:The problem is isn't the hackers. (Score:1)
In fact I doubt your Mexican story altogether.
Here's one for ya, (Score:2)
http://www.videotechnology.com/about.html Just so you can see the above link is wrong.
Re:The problem is isn't the hackers. (Score:1)
This is currently being rolled-out across the UK. Magnetics strips and signatures are being replaced by smart-cards and PINs. Card readers with keypads on the customer side of the till are appearing all over the place.
There is a website [chipandpin.co.uk] as part of the campaign letting people know about the new system.
I'm not all that
Re:The problem is isn't the hackers. (Score:2)
The end result is that you'd tell it how much you wanted to pay and put in your PIN, and it's give back a string that could be given to the credit company to process a transaction -- but only
Re: (Score:2, Informative)
Re:Better yet... (Score:2)
Unlike Amazon, they don't hold any stupid "one-click" patents, and I've received EXCELLENT service every time I've ordered from them.
simple answer (Score:2)
That's simple. The agents hire film noir detectives to hunt down hackers like Trinity.
How does this rate a 9? (Score:1, Flamebait)
Based merely on the contents of the free chapter I am appalled... to think that a BA from Rutgers, a Masters from Rutgers, and an MBA anticipated in May of 2005 from Columbia University... produces such drivel. I don't mean to insult Mr. Branigan, but the whole tone
Re:How does this rate a 9? (Score:1)
In the sample chapter, we never learn what Wrongheaded Wesley was doing with those T1 lines. The chapter would have had a satisfying conclusion if Branigan had described the perps businesses, at least in outline.
Spot the cliche... (Score:2)
Numerals and/or ASCII projected onto someone's face has got to be one of *the* most overused (and, now that I think about it, dated) effects in computer magazine and book illustration.
Sure, it was cool when the Internet was becoming big news and it spelled instant hacker-cred (in a 'Hackers'- the movie- type of way); it was probably
Forensics is only cool... (Score:1)
when (0) other people are doing all of the boring detail work and (1) you are actually allowed to take someone to court (and win). And for you net.security wannabees out there, forensics == boring, painstaking, CYA detail work and internal politics == VIPs surfing kiddie pr0n don't get hauled off to jail. Very, very frustrating.
But then again, who here watches CSI and thinks it's an accurate representation of an exciting career in criminal forensics?
augment this book by reading: (Score:5, Informative)
2004.10.11: "the standard for getting evidence from a computer"
Most of us love, or have at least grown highly dependent upon our computer[s] and PDAs, some of us keep very personal stuff in our computer. So here is a sobering little page [nist.gov] on how your government plans to interrogate your hard drive if you ever fall afoul of the law. NIST [nist.gov] is asking for comments by November 1 on a draft proposal of ways and standards [nist.gov] to prove that a disk imaging tool is accurately dredging up your dirty little secrets. NIST also has a brief article about how it is looking into ways to recover forensic data from PDAs [nist.gov]. The most interesting link there pointed to a PDF describing some tools you may not be aware of [nist.gov]. The DOJ and Homeland Security put NIST up to this task.
"....Counsel for the defense my now cross examine the FAT."
Re:augment this book by reading: (Score:3, Interesting)
If your car got stolen, and the cops found your engine block in somebody's garage along with a pile of other car parts, you might want them to search the guy's computer for
mitnick... (Score:1)
If only he hadn't weighed the same as a duck... (Score:2)
shadowcrew (Score:1)