Chapter 19: Investigating Computer Intrusions


Overview

... the safecracker has been portrayed as a masked, bewhiskered, burly individual whose daring was matched only by his ruthlessness in disposing of interference. This legend undoubtedly had its origin in the facility with which the safecracker could be caricatured by cartoonists. His safe, mask, blackjack, and flashlight have come to be the picturesque symbols of the professional criminal. By this intimate association, the safe burglar has acquired in fiction the attributes of character corresponding to the physical properties of the safe itself - steely toughness of fiber and impregnability to moral suasion. Historically, this picture may have been true, but modern criminal society is far more democratic. The safecracker category, for example, includes all races, colors, and creeds: the skilled craftsman and the burglar; the timid and the bold; the lone wolf and the pack member; the professional criminal and the young amateur trying his wings; the local thug and the strong boy from a distant city. The occupation of safecracker has proved so remunerative to some practitioners, that its membership has swollen beyond the limits imposed by any of the restrictions of qualifications in the form of skill.

(O'Hara, 1970)

New ways to interfere with and break into computers seem to be developed every day. Although it takes a certain degree of skill to find new ways to implement these attacks, once a new method of attack is developed, it is often made available on the Internet. Programs that automatically exploit a vulnerability are commonly called exploits, and many of them are freely available at sites like SecurityFocus.[1] With a little knowledge of computer networks, almost anyone can obtain and use the necessary tools to be a nuisance - or even dangerous (e.g. breaking into a computer and erasing its contents). It takes skill and experience, however, to break into a computer system, commit a crime, and cover one's tracks.

Individuals break into computers for a wide range of purposes, including stealing valuable information, eavesdropping on users' communication's, harassing administrators or users, launching attacks against other systems, storing toolkits and stolen data, and defacing Web sites. Some individuals view computer intrusions as victimless crimes. However, whether a computer intruder purloins proprietary information from an organization, misuses a computer system, or deletes the contents of an individual's hard drive, people are affected in a very real way. If, for example, a computer intruder changes prescription information in a pharmacy database, tampers with critical systems at an airport, disables an emergency telephone service, or damages other critical systems, the ramifications can be fatal.

In many cases, only people who are intimately familiar with a specific computer system possess the skills required to break into or tamper with it. As a result, individuals inside an organization commit a significant percentage of computer crimes (CSI 2003). However, the number of attacks from the Internet is increasing. Computer intrusions have become such a problem that it is considered to be a national security risk by many developing countries. Despite the seriousness of this problem, many organizations are reluctant to report intrusions to law enforcement for a variety of reasons.

Given the growing threat, it is important to track down the perpetrators of these crimes, bring them to justice, and discourage others from following in their footsteps. Even if an organization decides not to prosecute an individual who targets their systems, a thorough investigation can help determine the extent of the damage, prevent future attacks, and mitigate any associated liability to shareholders, customers, or other organizations that were attacked. This chapter discusses how to investigate computer intruders and presents ways to determine an intruder's intent, motivations, and skill level.

[1]http://www.securityfocus.com




Digital Evidence and Computer Crime
Digital Evidence and Computer Crime, Second Edition
ISBN: 0121631044
EAN: 2147483647
Year: 2003
Pages: 279

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net