Computer Fraud & Security
Pay Per View & Free Articles - Summaries

News & Features Articles

Volume 2004, July

Using formal modeling to untangle security incidents
Peter Stephenson

Over the past several months we have been discussing a couple of cutting edge approaches to digital investigation and post mortems. Something that has surprised me lately as I've been speaking on these topics at mainstream information security conferences is the enthusiasm with which the notion of formal modeling is being met. With that in mind, I thought that we'd take the next two or three columns to discuss this technique and then wrap up with a couple of examples including some model templates for your own use. Although we have introduced this concept in earlier articles, we have not spent much time on exactly how to build models.

Volume 2004, July

Cisco source code stolen – but should we care?
Philip Hunter

It was clearly bad news for Cisco itself when a portion of its IOS software surfaced for a few days in May on a Russian website. But it was difficult to obtain a consensus within the security industry over the potential threat posed by the breach to the Internet as a whole or to the countless private IP networks. Given that IOS drives most of the world's routers that direct traffic both through the Internet and private networks, theft of some of its source code clearly gives hackers the potential to exploit vulnerabilities that would be hard to identify otherwise. Naturally the Open Source community pounced on the issue, as they did earlier in the year when some Microsoft Windows source code was stolen, with the argument that any system relying on secrecy for security is fundamentally flawed and by definition insecure. Kerckhoff's law that "a system should be designed to be secure if everything is known about it except the key information" was trotted out as an argument that closed source software such as IOS and Windows would soon be extinct, ushering in the golden age of open source.

Volume 2004, June

The question of organizational forensic policy
Hank Wolfe and Dr. Henry B. Wolfe

The objectives of an organization in combination with the formal policy together underpin the strategic direction that any organization will take. We all know that security begins with policy – in other words the rules of play. If policy is sound then the appropriate security measures can be implemented to protect the activities required to achieve the stated objectives as well as maintain the information assurance requirements – availability, integrity, authentication, confidentiality and non-repudiation.

Chip and PIN – biggest UK retail project since decimalisation, but not enough on its own to defeat card fraud - May
Philip Hunter

The credit card industry's big idea for tackling fraud, chip and PIN, is being rolled out in earnest within the UK, but security experts warn that on its own it will merely divert criminals to other channels. Chip and PIN does nothing to address cardholder not present (CNP) fraud, notably for online purchases over the Internet, and still leaves the door open for fraudulent transactions from identify theft.

Computer security for fun and profit - April
Hank Wolfe and Dr. Henry B. Wolfe

For years we have been trying to sell the importance of computer security. As a security evangelist, I have addressed audience after audience talking about the importance of security hoping that one day I would hear someone stand up and shout "Halleluiah!! I believe!!." As you might imagine, it has never happened and probably never will – for me or for anyone else.

Is there a future for Internet voting? - March
Stephen Mason

Technology has long been used in the process of voting, and the use of electronic machines was introduced in the United States of America in the 1970s. More recently, vendors have encouraged the use of remote electronic voting methods, and politicians have begun to consider such options, including the use of the Internet, telephone, text messaging and interactive digital television. This paper considers some of the practical and security issues that affect remote electronic voting.

The trend toward non-real-time attacks - November
By Gerald D. Hill III (Jerry)

A shift in the methodology of attacking networks is occurring. The shift is from real-time attacks via hacking into systems directly to non-real-time attacks through the use of viruses, worms and Trojans that can invade tens of thousands of systems over time. They perform all manner of mischief, including the collection and forwarding of information such as credit card data to the perpetrator to use at their convenience.

Vulnerability exploitation: the problem of protecting our weakest links - November
By Steven M. Furnell

A security issue that has become very prominent in recent years is the exploitation of vulnerabilities in operating systems and application programs. Many attacks against systems, by both hackers and malicious software, now begin with a foothold being established through a known vulnerability in the target system and the software that it is running. Although the problem of vulnerabilities has always been with us, evidence suggests that the scale has significantly increased in recent years. For example, figures from the Computer Emergency Response Team Coordination Center (CERT/CC) suggest that 4129 vulnerabilities were reported during 2002 – representing almost a tenfold increase when compared to 1999[1].

IP Theft & Corporate Espionage: Remedies - September
By Steven Philippsohn and Samantha Thomas

This article examines the threat of intellectual property (IP) theft and recommends ways to counteract and restrict losses.

Arson, Archaeology, and Computer Crime Investigation - July
By Eoghan Casey

Crimes of this kind [arson] are usually carried out to leave few, if any, direct clues, and proof of criminality is far from easy to establish by circumstantial evidence[1].

Conducting Incident Post Mortems - April
By Eoghan Casey

Within the last couple of months we saw yet another massive worm infection on the Internet. Organizations that should have been prepared weren't and the effects on some were, however temporarily, catastrophic. Many of those organizations had suffered under Code Red, Nimda, Love Letter and other global infections.

Determining Intent – Opportunistic vs Targeted Attacks - April
By Eoghan Casey

To assess the importance and potential impact of an incident accurately computer security professionals need to understand an offender's criminal skill, knowledge of targets, and intent. A thief who selects targets of opportunity based on insecure systems presents a significantly different threat than an individual who targets a specific organization to obtain specific information. This article compares two intellectual property theft cases to provide readers with practical investigative insights, noting costly mistakes and pointing out behaviour reflected in digital evidence. Although these cases are based on actual investigations, they have been modified to protect the innocent.

Recovering Fraud Losses - March
By Steven Philippsohn

It is increasingly vital that companies implement a policy and procedure, which allows
non-executive directors and other employees to report fraud and take the appropriate steps to deal with a fraud once it has occured. The civil court is one route open to a company in order to stop the fraudster, locate the assets and to freeze them once judgement has been obtained.

International Terrorism Response Ignores Privacy - February
By Marie A Wright

Since the attacks in New York and Washington, DC on 11 September 2001, anti-terrorism laws have been passed, and their provisions enacted, with unprecedented haste. In most cases, the laws are controversial, calling for further search and seizure powers and increased communications surveillance, while simultaneously undermining individual rights to privacy.

Monitoring Employees to Prevent and Detect Fraud - February
By Steven Philippsohn

This article concentrates on the methods available to a company to monitor employees and other third parties' use of different methods of telecommunications, in order to detect and prevent fraud.In this article we explore the early stages of correlation, concentrating upon gathering individual bits of information and tying them together to get the whole picture. We emphasize here that our objective is to form the complete chain of evidence. That means that we must discover all involved devices as well as the path, however simple or complex, between attacker and victim.

Options in Computer Forensic Tools - November
By Rod Morris, KPMG

In common with many other professions, the field of computer forensic investigation makes use of tools to allow practitioners to carry out their tasks effectively and efficiently. This article describes some of the most commonly used software "tools" and explains how and why they are used. .