Computer Fraud & Security Premium Article Archive

This Premium Article Archive offers the last 12 months of articles from Computer Fraud & Security. Each summary takes you through to our Science Direct Pay Per View service which will allow you to buy 24 hour access to the article for just $30.

NB. Subscibers to this publication can view these articles for free through the subscriber zone.

Like to subscribe? Click here for details

2005 IT security highlights - the day of the amateur hacker has gone, but there are still plenty of amateur users… - February 2006

Digital Forensics Series
By Peter Stephenson

Getting the Whole Picture' is a series relevant to anyone who is regularly or occasionally involved in cyber-investigations during their career. You could be an information security specialist, an auditor, a fraud examiner or a member of law enforcment or have an interest in cybercrime, and the use of computer forensics to detect such crimes.
This column started in the September issue of CFS and is included every month.

___________________________________

Computer Fraud & Security
Volume 2003, July

Using a Formalized Approach to Digital Investigation

Recently I was in the audience for the presentation of a case study of an investigation into the theft of a large number of credit cards from a credit card clearing house. The discussion showed clearly that the investigation was not, by any standards, a success. The clearing house had such terrible security measures in place that the attack had no barriers to prevent success and the contractor investigative team demonstrated no structured process in its investigation.

_____________back to top_____________

Computer Fraud & Security
Volume 2003, June

Manual Link Analysis and Trace Back

The concept of link analysis is fundamental in the tracing of various types of fraud. However, it also is quite useful for working out the suspected path of an attack. For link analysis to work well you will need a lot of data. The more data points you have that you know you can depend upon the better your chances of getting a reasonable back trace. In this month's column we will discuss some techniques that you can use to perform a trace back to a suspected attacker. The reader should take note that there are reasons why this won't work in some cases (we'll cover those) and why you will need corroboration in any event.

_____________back to top_____________

Computer Fraud & Security
Volume 2003, May

Issues in Back Tracing Events

We're back on track after out diversion into post mortems. This column will begin the discussion of back tracing. This is a very complex issue and space prevents us from an exhaustive review of the topic in a single column. However, this month we'll lay out the issues, look at some tools and some non-traditional approaches and set the stage for further discussions later on.

_____________back to top_____________

Computer Fraud & Security
Volume 2003, March

Using Evidence Effectively

The presentation of evidence, especially complex evidence, requires a bit of art in itself. Most experts agree that the use of graphics is usually the best way to present technical evience to a lay jury. In the past several issues, we have performed some fairly complex tasks and those tasks, difficult in some cases for practitioners, may be completely incomprehensible to a jury.

_____________back to top_____________

Computer Fraud & Security
Volume 2003, February

Data Analysis -- First Steps

This article deals with assembling the chain of evidence and what constitutes the evidence that is of significance to the relevant case.

_____________back to top_____________

Computer Fraud & Security
Volume 2003, January

Normalization and Deconfliction

In this article we will discuss normalization and deconfliction. We also introduce the concepts of correlation and data fusion.

- currently unavailable

_____________back to top_____________

Computer Fraud & Security
Volume 2002, Issue 2, December

Analysis and Correlation
By Peter Stephenson

In this article we explore the early stages of correlation, concentrating upon gathering individual bits of information and tying them together to get the whole picture. We emphasize here that our objective is to form the complete chain of evidence. That means that we must discover all involved devices as well as the path, however simple or complex, between attacker and victim.

_____________back to top_____________

Computer Fraud & Security
Volume 2002, November

Collecting Evidence of a Computer Crime
This article examines the collection of evidence along the path from attacker to victim. In some cases, this is not a trivial task, given that it may be very difficult to identify intermediate devices.

_____________back to top_____________

Computer Fraud & Security
Volume 2002, October

The Forensic Investigation Steps
In this column we will begin the process of understanding the forensics involved and dig more deeply into the end-to-end concept. There are three branches of digital forensics, which include computer forensics, network forensics and software forensics. Here we introduce a high level set of tasks to perform as part of the end-to-end process of forensic digital analysis.

_____________back to top_____________

Computer Fraud & Security
Volume 2002, September

End-to-end Digital Forensics
Every digital crime has a source point, a destination point and a path between those two points. On rare occasions, all of the points may be on a single machine, as when the attacker conducts his or her mischief from the console of the victim computer. However, more commonly, attacks occur across some type of network. The networks range from the internal local area network upon which the victim computer resides, to attacks conducted across the Internet or some other extended network external to the victim.

_____________back to top_____________

____________End-to-end Digital Forensics_____________

Computer Fraud & Security
Volume 2005, March

How much information do organizations throw away?

More than 100 disposed disks, that were released from random organizations for reuse or recycling were analysed by University of Glamorgan for sensitive data. The disks were scrutinised to reveal if there was any important information left on the disks that could link the discarded equipment to an organization, reveal usernames or financial data. The researchers managed to link more than half of the disks easily to the organization's of origin. These included a pharmaceutical company, a major leisure services company, a university and a school. The findings were alarming and potentially devastating to an organization or individual. Some of the disks contained enough valuable information to enable industrial espionage, identity theft, fraud, blackmail or network intrusion. A disk from a major leisure service company came from the finance department and gave a very accurate financial forecast, which would be of great interest to a competitor or financial analyst.

The newspapers123 have been warning us for some time of the dangers and costs of identity theft and the problems that it causes for individuals that are affected by it. At the same time, the UK Government is publicising initiatives such as Warning, Advice and Reporting Point (WARP)4 and IT Security Awareness For Everyone (ITsafe)5 aimed at improving information security awareness. It is therefore somewhat disturbing that recent research from universities in the UK and Australia has revealed that organizations that are entrusted with personal and corporate information seem to be failing to take adequate measures to protect it.

Computer Fraud & Security
Volume 2004, July

Using formal modeling to untangle security incidents
Peter Stephenson

Over the past several months we have been discussing a couple of cutting edge approaches to digital investigation and post mortems. Something that has surprised me lately as I've been speaking on these topics at mainstream information security conferences is the enthusiasm with which the notion of formal modeling is being met. With that in mind, I thought that we'd take the next two or three columns to discuss this technique and then wrap up with a couple of examples including some model templates for your own use. Although we have introduced this concept in earlier articles, we have not spent much time on exactly how to build models.

Computer Fraud & Security
Volume 2004, July

Cisco source code stolen – but should we care?
Philip Hunter

It was clearly bad news for Cisco itself when a portion of its IOS software surfaced for a few days in May on a Russian website. But it was difficult to obtain a consensus within the security industry over the potential threat posed by the breach to the Internet as a whole or to the countless private IP networks. Given that IOS drives most of the world's routers that direct traffic both through the Internet and private networks, theft of some of its source code clearly gives hackers the potential to exploit vulnerabilities that would be hard to identify otherwise. Naturally the Open Source community pounced on the issue, as they did earlier in the year when some Microsoft Windows source code was stolen, with the argument that any system relying on secrecy for security is fundamentally flawed and by definition insecure. Kerckhoff's law that "a system should be designed to be secure if everything is known about it except the key information" was trotted out as an argument that closed source software such as IOS and Windows would soon be extinct, ushering in the golden age of open source.

Computer Fraud & Security
Volume 2004, June

The question of organizational forensic policy
Hank Wolfe and Dr. Henry B. Wolfe

The objectives of an organization in combination with the formal policy together underpin the strategic direction that any organization will take. We all know that security begins with policy – in other words the rules of play. If policy is sound then the appropriate security measures can be implemented to protect the activities required to achieve the stated objectives as well as maintain the information assurance requirements – availability, integrity, authentication, confidentiality and non-repudiation.

Computer Fraud & Security
Volume 2004, May

Chip and PIN – biggest UK retail project since decimalisation, but not enough on its own to defeat card fraud
Philip Hunter

The credit card industry's big idea for tackling fraud, chip and PIN, is being rolled out in earnest within the UK, but security experts warn that on its own it will merely divert criminals to other channels. Chip and PIN does nothing to address cardholder not present (CNP) fraud, notably for online purchases over the Internet, and still leaves the door open for fraudulent transactions from identify theft.

Computer Fraud & Security
Volume 2004, April

Computer security for fun and profit
Hank Wolfe and Dr. Henry B. Wolfe

For years we have been trying to sell the importance of computer security. As a security evangelist, I have addressed audience after audience talking about the importance of security hoping that one day I would hear someone stand up and shout "Halleluiah!! I believe!!." As you might imagine, it has never happened and probably never will – for me or for anyone else.

Computer Fraud & Security
Volume 2004, March

Is there a future for Internet voting?
Stephen Mason

Technology has long been used in the process of voting, and the use of electronic machines was introduced in the United States of America in the 1970s. More recently, vendors have encouraged the use of remote electronic voting methods, and politicians have begun to consider such options, including the use of the Internet, telephone, text messaging and interactive digital television. This paper considers some of the practical and security issues that affect remote electronic voting.

Computer Fraud & Security
Volume 2003, November

The trend toward non-real-time attacks
By Gerald D. Hill III (Jerry)

A shift in the methodology of attacking networks is occurring. The shift is from real-time attacks via hacking into systems directly to non-real-time attacks through the use of viruses, worms and Trojans that can invade tens of thousands of systems over time. They perform all manner of mischief, including the collection and forwarding of information such as credit card data to the perpetrator to use at their convenience.

Computer Fraud & Security
Volume 2003, November

Vulnerability exploitation: the problem of protecting our weakest links
By Steven M. Furnell

A security issue that has become very prominent in recent years is the exploitation of vulnerabilities in operating systems and application programs. Many attacks against systems, by both hackers and malicious software, now begin with a foothold being established through a known vulnerability in the target system and the software that it is running. Although the problem of vulnerabilities has always been with us, evidence suggests that the scale has significantly increased in recent years. For example, figures from the Computer Emergency Response Team Coordination Center (CERT/CC) suggest that 4129 vulnerabilities were reported during 2002 – representing almost a tenfold increase when compared to 1999[1].

Computer Fraud & Security
Volume 2003, September

IP Theft & Corporate Espionage: Remedies
By Steven Philippsohn and Samantha Thomas

This article examines the threat of intellectual property (IP) theft and recommends ways to counteract and restrict losses.

Computer Fraud & Security
Volume 2003, July

Arson, Archaeology, and Computer Crime Investigation
By Eoghan Casey

Crimes of this kind [arson] are usually carried out to leave few, if any, direct clues, and proof of criminality is far from easy to establish by circumstantial evidence[1].

Computer Fraud & Security
Volume 2003, April

Conducting Incident Post Mortems
By Eoghan Casey

Within the last couple of months we saw yet another massive worm infection on the Internet. Organizations that should have been prepared weren't and the effects on some were, however temporarily, catastrophic. Many of those organizations had suffered under Code Red, Nimda, Love Letter and other global infections.

Computer Fraud & Security
Volume 2003, April

Determining Intent – Opportunistic vs Targeted Attacks
By Eoghan Casey

To assess the importance and potential impact of an incident accurately computer security professionals need to understand an offender's criminal skill, knowledge of targets, and intent. A thief who selects targets of opportunity based on insecure systems presents a significantly different threat than an individual who targets a specific organization to obtain specific information. This article compares two intellectual property theft cases to provide readers with practical investigative insights, noting costly mistakes and pointing out behaviour reflected in digital evidence. Although these cases are based on actual investigations, they have been modified to protect the innocent.

Computer Fraud & Security
Volume 2003, March

Recovering Fraud Losses
By Steven Philippsohn

It is increasingly vital that companies implement a policy and procedure, which allows
non-executive directors and other employees to report fraud and take the appropriate steps to deal with a fraud once it has occured. The civil court is one route open to a company in order to stop the fraudster, locate the assets and to freeze them once judgement has been obtained.

Computer Fraud & Security
Volume 2003, February

International Terrorism Response Ignores Privacy
By Marie A Wright

Since the attacks in New York and Washington, DC on 11 September 2001, anti-terrorism laws have been passed, and their provisions enacted, with unprecedented haste. In most cases, the laws are controversial, calling for further search and seizure powers and increased communications surveillance, while simultaneously undermining individual rights to privacy.

Computer Fraud & Security
Volume 2003, February

Monitoring Employees to Prevent and Detect Fraud
By Steven Philippsohn

This article concentrates on the methods available to a company to monitor employees and other third parties' use of different methods of telecommunications, in order to detect and prevent fraud.In this article we explore the early stages of correlation, concentrating upon gathering individual bits of information and tying them together to get the whole picture. We emphasize here that our objective is to form the complete chain of evidence. That means that we must discover all involved devices as well as the path, however simple or complex, between attacker and victim.

Computer Fraud & Security
Volume 2002, November

Options in Computer Forensic Tools
By Rod Morris, KPMG

In common with many other professions, the field of computer forensic investigation makes use of tools to allow practitioners to carry out their tasks effectively and efficiently. This article describes some of the most commonly used software "tools" and explains how and why they are used. .