1300 222 547
Internet Forensics recipes
Hackers: Barbarians at Your Corporate Gate
The risk of hackers penetrating your company’s database and exposing your commercial secrets – if not some dirty linen as well – was brought home recently when the internal musings of Britain’s leading climate science research centre were laid bare. Thousands of private emails between top climate change scientists were made public, revealing the bitter disagreements over the cause of this contentious phenomenon. It’s like a paper trail from hell. Whether or not your company is involved in a controversial industry, make sure that hackers don’t plant malware in your system that allows them to monitor what you’re doing until they feel the time is right for a massive exposé. Computer forensics and a host of other state-of-the-art technology can save you from such an ignominious fate.
The climactic downpour in the UK, which included some 2,000 emails and 3,000 related documents, first appeared online on November 20, courtesy of an anonymous Russian server. While there’s nothing surprising about that, there is in the degree of spite that some of the communications display. One top man at the Climate Research Unit, based at the University of East Anglia, wrote in 2004 that he was “cheered” by the news that a prominent climate change sceptic in Australia had suddenly died of a heart attack. Another says he would like to meet his adversaries in a dark alley one night. Other experts refer to their colleagues in highly unflattering terms.
Scientists who support the theory of man-made climate change are lined up against their heretical opponents, each side armed to the teeth and ready to fight the War of Roses all over again. One rues the fact that his team can’t account for the lack of warming at the moment, which he sees as a travesty. He cites data published only a few months ago that shows that there should be even more warming. The data must surely be wrong, he suggests. The sceptics hurl missiles back, claiming that the emails are evidence of a conspiracy to bully into submission those who challenge the man-made hypothesis. With Copenhagen just around the corner, something is clearly rotten in the State of Denmark.
The Cyberspace Explosion: Five Tips for Survival
The new digital world of easy communications and social networking is so surprisingly open that many no longer see the problem as one of Big Brother watching us. It’s more a matter of us being obsessed with watching each other. And sharing, too. As The New York Times put it in September, “Your parents probably told you that sharing was simply the right thing to do. But on the Web, inducing people to share links has become big business, all about driving traffic back to a site and increasing revenue.”1 This is music to the ears of cyber-crooks and hackers.
The notion of being open and passing everything on is bolstered by stories like the following, which suggest that because everyone’s participating in one way or another, we can easily sit back and enjoy the freedoms that come with this ‘global electronic community’.
Until recently, the wife of the new head of the British Secret Intelligence Service – the country’s external spy agency, commonly known as MI6 – had a Facebook page. It had no privacy protection so details of the family’s London home, daily transport arrangements, vacations and friendships with other senior British officials were freely available to some 200 million users around the globe. The page was speedily removed when its contents were published in the media, raising more than a few eyebrows in the intelligence world in London and beyond. You see, Sir John Sawers, who was Britain’s ambassador to the United Nations when his appointment was announced in mid-2009, was once an MI6 officer himself and should have been aware of the implications of his family’s networking profile well before his new job was broached. After all, he had worked in places like Yemen, Syria, Egypt and Iraq, and also been closely involved at the policy level with Iran, Iraq and Afghanistan.
FBI Operation Catches Online Bank Fraudsters
In what the FBI is calling Operation Phish Phry, it has arrested 53 people on charges of conducting a vast financial fraud based on phishing. Numerous Internet users have been tricked into revealing vital information, according to an 86-page indictment filed in the US District Court in Los Angeles. The New York Times reported on October 7 that the arrests took place in Southern California, Nevada and North Carolina, while the authorities in Egypt have sought to arrest 47 people whom the FBI says were co-conspirators.
The FBI has revealed that this is the largest number of defendants ever charged in a cybercrime case, and that they had stolen at least $US2 million from 2007 until last month. The scams victimised people with accounts at Bank of America and Wells Fargo, two of the largest banks in the United States. The online component of the fraud was perpetrated in Egypt, with the defendants there sending mass email messages that appeared to be authentic communications from the banks. The people who clicked on these messages were sent to fake websites made to look identical to the real banking sites. There they were asked to enter personal information like their bank account numbers, passwords, social security numbers and drivers’ license numbers.
The co-conspirators in the US took over from there, transferring funds into their own accounts and remitting some money back to their accomplices in Egypt. The FBI has said that it was a very well organised crime and that everyone involved got paid. Now the 53 named in the indictment might also get 20 years in prison.
If Fake Anti-Virus Software Doesn’t Get You, Something Else Will.
A Russian security researcher who heads Canada’s virus lab, Sophos, has recently shown how most spam on email, search engines and social networking sites originates with ‘affiliate networks’. These networks pay generous commissions to geeks who refer unsuspecting web users to their illegal products. Not only are they selling fake anti-virus software but also illegal penis pills, fake watches and other counterfeit luxury products. Whatever it is that might take your fancy, if you get caught out by these people they can do a lot of damage. Good computer forensic work is the only thing that can help you detect their presence and grapple with it.
In a paper for the Virus Bulletin Conference September 2009, Dmitry Samosseiko outlines how scareware, ‘Canadian Pharmacy’ spam, adult sites, and comment spam on forums and blogs have plagued the web and email world of most people in the past few years. But what, he asks, links these things together? What makes them grow in volume and complexity? Who is behind them? What business model drives the perpetrators’ profits to millions of dollars annually?
The answer is hundreds of well-organised Russian affiliate networks known as “partnerka”, which have coalesced to form a booming business industry. Thousands of affiliates, each calling themselves ‘webmasters’, work day and night to drive as much user traffic to their partners’ stores as possible, raking in thousands of dollars in the process.
One in Eight UK Internet Users Victims of Fraud
A recent survey of 2,000 Internet users in Britain, commissioned by VeriSign UK – part of the American network infrastructure firm – has revealed how prevalent this form of online crime is. The monetary loss in Britain in the past year alone has been put at £2.61 billion. Of the UK’s population, not only has 12 per cent been a victim of online ID fraud, with an average of £463 stolen, but 14 per cent are still waiting to be reimbursed. Many victims say they have been extra careful when buying online, but with so many fraudsters lurking in the shadows it is clear that much more education on how to protect yourself is required.
The survey found that in general British web users are conscientious when it comes to online shopping. Of the respondents, 82 per cent claimed to buy only from sites with enhanced security settings, with 3 per cent more women saying they checked security before making a purchase. People aged between 45-54 are defrauded most often, with Londoners the most careless online buyers and the Welsh the biggest victims. Interestingly, Scots are the least likely to fall victim.
Richard Hurley, communications manager at CIFAS, the UK’s Fraud Prevention Service, comments that, “Increasing numbers of cost-conscious consumers are now shopping online, and whilst the rise in online spending is great for online retailers, it opens up a Pandora’s Box of security threats. Cyber criminals are undoubtedly getting more devious, but consumers can easily lessen the likelihood of online fraud by stepping up their own awareness of how they can protect themselves.”
Internet Forensics: Six Ways to Make Yourself Bullet-Proof
Most people are aware that dangers lurk on the Internet, but they are often amazed when they discover just how destructive attacks can be. And threats tend to come from the most unexpected quarter. In Australia, for example, the federal taxation commissioner recently warned that identity theft and the rorting of online tax refunds were a particular problem. Blatant and increasingly sophisticated scams, he said, were causing havoc in the lives of those innocent people targeted, adding that, “If your identity is stolen it can take years to put things right.” The commissioner’s worry, of course, isn’t just the loss of revenue but also a national loss of confidence in the tax system itself. What if you, as an individual or as a company chief, had your reputation destroyed? That of your company would go with it as well.
So how do you fight back against those who use the anonymity of the Internet to commit such crimes and to cause harm and distress? That’s where Internet forensics come in. Here are six areas in which professionals experienced in this state-of-the-art field of investigation can help you retrieve what you’ve lost.
1. Tracing Anonymous Emails.
