As a child, I loved playing cops and robbers. I also enjoyed playing a good game of hide-and-seek. I would have never imagined that I would still be playing these games today. Although these games were harmless when I was a child, today they are real.
Each day on the Internet, black hats and white hats engage in a game of cat and mouse. The hackers’ goals vary.
Some attack for power; some attack for money, prestige, or just because they can. My goal is specific: hunt them down and bring them in. By now you might have figured it out; I’m a cyber crime detective.
Welcome to my world.
Have you ever served in a cyber crimes unit? Have you ever suffered a denial-of-service attack? Have you ever connected your laptop to an unsecured wireless network or ever had to allow some stranger to connect his laptop to your wireless network?
I sit on a firewall 30 hops away from a script kiddy ready to launch a tribal flood against me. I use words like ping and trace route, while you browse the Internet based on the comfort that I provide for you.
You want me on that firewall; you need me on that firewall. If I don’t analyze computer logs, systems die; that’s a fact. Code Red. Sure, I caught Code Red. I caught the Alisa and Klez viruses also. Call me a geek or a nerd, but I prefer the title of cyber crime detective. Oh, by the way, I’m not alone; there are many like me.
Over the years, the use of the Internet has exploded.
The Internet provides myriad beneficial opportunities, but it also is rife with opportunities for misuse. Scammers, fraudsters, sexual predators, and others seek to use this invaluable tool for evil purposes. They believe the Internet provides them anonymity.
They believe they can hide behind the mask of the Internet by changing their identities at a moment’s notice and hiding behind their proxies, hacked computers, and the compromised identities of their unsuspecting victims.
Well, they’re wrong! Everything you do on the computer leaves a trace. This trace applies to not only the Matrix but also the real world. I pose this question to those who live on the dark side: Is there really no trace you’ve left behind?
For cyber criminals, every day has to be a lucky day for them not to get caught.
The cyber detective requires only one lucky day to catch them. Hiding from the police on the Internet can be a daunting task. It requires the ability to morph like a chameleon and the steal thinness of a snake. Fortunately, law enforcement officers have been able to expose many of the scams and techniques that this new breed of criminal uses.
Some methods that the cyber criminal uses to hide in plain sight include the use of anonymous Internet connections, or Web proxies. These proxies pro- vide a connection that hides the originating source IP address of the hacker.
When a trace of this IP address is done, the investigator is led to a different computer, hence, a possible dead end. This is a popular method used by cyber criminals to cover their tracks.
A second technique used by those who seek to hide from the law is to compromise or gain unauthorized access to another’s computer or network.
Using the computer or network of an unsuspecting victim provides another avenue to remain anonymous in the cyber world.
After gaining illegal access to these systems, hackers use them as gateways from which they can surface or hop from to reach their targets, thereby leading law enforcement officers to the unsuspecting victim’s location and hiding their real locations.
Last, hackers may decide to take your identity altogether. Your Internet, e-mail, bank, and any other accounts that they can steal are fair game.
The more identities they can compromise, the easier it becomes for them to remain anonymous. Hackers use various methods, including constantly changing names, transferring money, and logging on to the Web, to keep law enforcement officers and others off their track. Kevin Mitnick used human flaws to do this.
He called it social engineering. Social engineering is the ability to gain information about someone by using a ruse. Kevin Mitnick can pick up a phone and extract personal information voluntarily from the person on the other end. I’m amazed that this deception still goes on today.
A modern version of social engineering is a technique called phishing.
Phishing involves the use of some cyber ruse to gain information about you.
Have you ever wondered why your bank or Internet service provider keeps sending you e-mails about your account? Do you even have an account from the company sending you the e-mail? P.T. Barnum said it best, “There’s a sucker born every minute.” If he only knew it’s every millisecond on the Internet.
In response to this wave of cyber crime, law enforcement officers are arming themselves with the knowledge and skill sets necessary to properly investigate these crimes.
Although a gap exists between the skills of law enforcement officers and those of the cyber criminal, it is slowly closing.
On the technology side, law enforcement officers are receiving training in information technology, computer programming, computer forensics, intrusion detection, and other areas within the technology arena. Regarding investigations, police officers know people.
They possess an uncanny gift for gleaning details and putting them together. They are patient and thorough with their investigations. Sooner or later they’ll figure out a case. This is where law enforcement officers excel, and the gap is reversed.
This book and the Stealing the Network series provide great insight into the cyber criminal’s world. The book offers a snapshot of what goes on in the minds of cyber criminals who commit these types of crimes.
It also offers an opportunity to understand the methodology behind hacking. In The Art of War, Sun Tzu states that you must “know your enemy” if you are to be successful in defeating him. Knowing your enemy is exactly what this book and this series are about.
The chilling accuracy of the book’s descriptions of how accounts are created and identities are stolen is sobering. Additionally, the technical details of the exploits are phenomenal. It’s hard to believe that this is a fictional book.
The awareness raised in this book will further help the efforts in fighting cyber crimes. Law enforcement officers, as well as the information security community, will benefit from reading this book. It is a pleasant read full of technical tidbits. The thrill and suspense of the plot will keep you on the edge of your seat. Happy hunting!
I add one note to the hacker. I ask you to ponder the following as you traverse down your dark path: Do you really know with whom you’re talking online? I love IRC, X-sets mode. Did you really hack into that computer, or was that my honeypot? Wasn’t it odd that the administrator password for that computer was password? Hey, I know which byte sets the Syn flag in a packet.
By the way, I agree that Net-cat is a Swiss Army knife, and I love N-map. Hey, would you like to know why your buffer overflow didn’t work? See you in the Matrix. The Arc Angel.
