Feature

How Online Criminals Make Themselves Tough to Find, Near Impossible to Nab

The rise of new, easy-to-use antiforensic tools threatens to render computer forensics investigations cost-prohibitive and digital evidence-gathering unreliable in court.

May 31, 2007 — CSO — Forensic investigations start at the end. Think of it: You wouldn’t start using science and technology to establish facts (that’s the dictionary definition of forensics) unless you had some reason to establish facts in the first place. But by that time, the crime has already happened. So while requisite, forensics is ultimately unrewarding.

A clear illustration of this fact comes from the field investigations manager for a major credit services company. Sometime last year, he noticed a clutch of fraudulent purchases on cards that all traced back to the same aquarium. He learned quite a bit through forensics. He learned, for example, that an aquarium employee had downloaded an audio file while eating a sandwich on her lunch break. He learned that when she played the song, a rootkit hidden inside the song installed itself on her computer. That rootkit allowed the hacker who’d planted it to establish a secure tunnel so he could work undetected and “get root”—administrator’s access to the aquarium network.

Sounds like a successful investigation. But the investigator was underwhelmed by the results. Why? Because he hadn’t caught the perpetrator and he knew he never would. What’s worse, that lunch break with the sandwich and the song download had occurred some time before he got there. In fact, the hacker had captured every card transaction at the aquarium for two years.

The investigator (who could only speak anonymously) wonders aloud what other networks are right now being controlled by criminal enterprises whose presence is entirely concealed. Computer crime has shifted from a game of disruption to one of access. The hacker’s focus has shifted too, from developing destructive payloads to circumventing detection. Now, for every tool forensic investigators have come to rely on to discover and prosecute electronic crimes, criminals have a corresponding tool to baffle the investigation.

This is antiforensics. It is more than technology. It is an approach to criminal hacking that can be summed up like this: Make it hard for them to find you and impossible for them to prove they found you.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |next page »

Comments

Share [+]

TOOLS

Comments

Digg This

SlashDot

CENTER OF EXCELLENCE

Security

» Prudential Financial Protects its Brand with Symantec Data Loss Prevention Solutions
FORTUNE 100 insurance leaders rely on the Symantec Data Loss Prevention solution to protect sensitive customer data.

» Information Security: Data Drains and How to Prevent Loss
Do you know where your confidential data is, where it is going, and how to prevent it from leaving your organization.

» Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands
Learn what the thought-leaders at PricewaterhouseCoopers have to say on the risks associated with data security.

» 7 Requirements of Data Loss Prevention
Incorporate best practices from many companies using DLP solutions as you establish your organization's requirements and safeguard confidential data.

» Ponemon Study: How Much Does a Data Breach "Cost"?
35 U.S. organizations that lost confidential information and had a regulatory requirement to publicly notify affected individuals are studied in this report.

Center sponsored by