NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 Advice and Opinion

 CIO Consumer IT

 CIO Leader

 CIO Enterprise

 CIO Insider

More Newsletters | Edit Profile
 

RSS Feeds »

 
 
LEADERSHIP
 

CIO Executive Programs

The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 

CIO Executive Council

Public Teleconferences

Join CIO Executive Council members and participate in the following live teleconferences:

* Planning for Succession:
Models for IT Leadership Development, June 23
 * Youth in IT: How CIOs Can Engage the Next Generation
 June 10
 * Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 

Are you involved in setting the direction for your company's IT budget or strategy?


Apply today for a FREE subscription to CIO Magazine!

Subscription Services »

Reprints »

 
 

Feature

 

How Online Criminals Make Themselves Tough to Find, Near Impossible to Nab

The rise of new, easy-to-use antiforensic tools threatens to render computer forensics investigations cost-prohibitive and digital evidence-gathering unreliable in court.
 

By Scott Berinato

May 31, 2007CSO — Forensic investigations start at the end. Think of it: You wouldn’t start using science and technology to establish facts (that’s the dictionary definition of forensics) unless you had some reason to establish facts in the first place. But by that time, the crime has already happened. So while requisite, forensics is ultimately unrewarding.

A clear illustration of this fact comes from the field investigations manager for a major credit services company. Sometime last year, he noticed a clutch of fraudulent purchases on cards that all traced back to the same aquarium. He learned quite a bit through forensics. He learned, for example, that an aquarium employee had downloaded an audio file while eating a sandwich on her lunch break. He learned that when she played the song, a rootkit hidden inside the song installed itself on her computer. That rootkit allowed the hacker who’d planted it to establish a secure tunnel so he could work undetected and “get root”—administrator’s access to the aquarium network.

Sounds like a successful investigation. But the investigator was underwhelmed by the results. Why? Because he hadn’t caught the perpetrator and he knew he never would. What’s worse, that lunch break with the sandwich and the song download had occurred some time before he got there. In fact, the hacker had captured every card transaction at the aquarium for two years.

The investigator (who could only speak anonymously) wonders aloud what other networks are right now being controlled by criminal enterprises whose presence is entirely concealed. Computer crime has shifted from a game of disruption to one of access. The hacker’s focus has shifted too, from developing destructive payloads to circumventing detection. Now, for every tool forensic investigators have come to rely on to discover and prosecute electronic crimes, criminals have a corresponding tool to baffle the investigation.

This is antiforensics. It is more than technology. It is an approach to criminal hacking that can be summed up like this: Make it hard for them to find you and impossible for them to prove they found you.

 
 
 
 
 
 
Loading...
 
 
ABCs
 

How To Do Nearly Anything

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Evolve your data center on proven technology. The Brocade DCX.

Secure your virtual and physical environments with the same software.

Get Control of Mobile Data (and More)

The Business Value of Symantec Data Center Foundation Solutions

How Plug-in Integration with Global Suppliers Quickly Multiplies the Value of SAP Investments

Mitigating Risk with Security Assessments

Rethinking the Corporate Help Desk: Learn how to deliver anywhere, anytime incident response

Business Value of Performance IDC Whitepaper

Foxwoods Resort & Casino dramatically reduced both backup and recovery times

Top 10 Questions to Ask when Choosing a Secure File Transfer Solution

Webcast: The Keys to Enhancing and Securing your Enterprise Network

An Executive Guide to Understanding Hosted and Managed Messaging

Configuration Audit and Control for Virtualized Environments

Enterprise Business Security: Protect Data, Accelerate Growth

The Case and Criteria for Combining Application Acceleration and Security

Q4 2007 Email Threats Trend Report from Proofpoint and Commtouch

Survival of the Fittest: Disaster Recovery Design for the Data Center

Windows Server 2008: To Upgrade or Not to Upgrade?

Data Loss Prevention Starts at the Endpoint

Performance Brief: Mobile Application Acceleration

Strategies for centralizing data backup

Green IT: Reducing Your Carbon Footprint with Citrix

The Best IT Strategy for a Company with Global Operations

Speed, agility, flexibility - The HP BladeSystem c-Class

Webcast: Why standardizing your ECM platform is so critical to your success

Eliminate network threats and downtime with Juniper Networks. View demo.

Choose a mobile device platform with familiar programs and simplified management

How to simplify mobility and reduce the cost of supporting mobile workers

Getting the Most from your Data Protection Solution

Webcast: A look at the increasing sophistication of attacks

Gene Kim's Practical Steps to Mitigate Virtualization Security Risks

Riverbed RiOS 4.0: Raising the Bar in Wide Area Data Services

Case Study: Auto insurer accelerates backup and recovery

Case Study: Bay State Health reduced the timeframe for recovering critical patient data

Webcast: Build secure, scalable enterprise networks.

2008 Annual Google Communications Intelligence Report

Comparing Google and Other Leading Messaging Security Solutions

Webcast: Best practices in application security: How do you stack up?

IT productivity challenges: Google surveyed IT professionals

Regulations Shift Focus on Outbound Email Security

A CIO's View of Server Virtualization

Let's Get Virtual: A Look at Today's Server Virtualization Architectures

Increase conversions on your site with the help of EV SSL.

Extending PCI Compliance to the Mobile Workforce

A proven approach to WAN optimization

Wireless Vulnerability Management: What It Means for Your Enterprise

Wide-area data services enable todays global enterprise

Discover PMI's credentials and career path tools

Symantec State of the Data Center Report

Tripwire PCI DSS Solutions: Automated, Continuous Compliance