A new book, High-Tech Crimes Revealed, takes a look at whathappens when the bad guys win. Stolen identities, viruses unleashed intothe wild, industrial sabotage... Steven Branigan touches on the crimesand the criminals behind them in his first book.
Branigan, the president of CyanLine LLC., a high-tech securityconsultancy based in New Jersey, is a founding member of the N.Y.Electronic Crimes Task Force and formerly was a senior manager with BellLabs Computing and Network Research.
In a one-on-one interview with eSecurityPlanet, Branigandiscusses separating hype from actual crimes, the insider threat and theneed for better high-tech forensics.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i Q: Security and IT administrators worry about hackers and intrudersevery day. How could a book detailing break-ins help them?
I wanted to help people become more aware of what can happen whensomeone gets into a system. It's very important to know about this sothey can separate the reality from the hype. It's not as bad as everyonesays and it's not nothing. It's somewhere in between. Remember all thehype around the millennium issue? When nothing happened, it looked likehype. Sometimes the talk of cyber terrorism is a bit larger than life.Some things are overstated.
Q: Then what should administrators be worrying about?
It's the more traditional crimes that are really affecting people.Identity theft is one of the biggest problems.
Q: Are you seeing different types of crimes? How are theyevolving?
I'm seeing more insider crimes. I think companies are starting to becomemore aware that most employees are good, but if you have one persontrying to get to payroll data or trying to get to contracts, thenthere's a big problem. Some people try to get themselves hired so theycan hack that company. I have a story in the book of one person who wasinterested in getting into a telephone network, but it was too hard toget to from the outside. So he got himself hired... He stole informationand manipulated phone numbers... He really wanted to play around. Q: Were there warning signs the company's executives could havelooked for?
He came across with a resume for the time that looked too good to betrue and he was willing to take a pay rate lower than anyone else. Hewas motivated to get the job for the benefits that were in his mind...We trust the insiders more than anyone else and they have lessrestrictions. The firewalls keep outsiders out but they're not used tosectioning off pieces of the company.
Q: Did you find that the infiltrated companies had good security orwere they lax? Where did security break down?
The companies were always surprised. They couldn't believe this personcould do this. He was a part of their family. How could he do this?... I found that most had done reasonable jobs at security, but they hadunderestimated the lengths that a rogue employee would go to. Theydismissed warning signs. Something was unusual but they thought he mustbe working on something... or they thought it wasn't their place to ask.People don't want to be seen as tattle tales.
Q: You talk in your book about some basic rules that administratorsshould adopt. What's your top rule?
I think the rules are based on how to investigate the cases. Imaginethat a problem you're looking at might be more than carelessness or abroken system. Maybe the system is running slowly because a hacker isusing it. Don't just jump in there and mess up evidence. Methodicallylook at the system and make sure you've kept a good written record ofthe anomalies. That's the type of thinking that people need. Go a littlebit slower. Take notes.