Information technology security fundamentals and practices

IT Security

Lang, David. "A Graphic Picture of Crime." ASIS. Sept 2002.

The article "A Graphic Picture of Crime" begins with a tale of an 'everyman' or 'every person' wireless Internet user named John whose computer is hacked from a distance by a criminal named Frank. Frank uses his laptop to mimic John's wireless network and the wireless router's Dynamic Host Configuration Protocol (DHCP), the protocol that assigns Internet protocols. Not only does the article explain how this newest twist in intellectual property theft, that of robbing a user of his or her digital footprints and using the protocol for criminal purposes, is accomplished, it also shows the legal difficulties in tracing such a crime and outlines what one can do to prevent such a crime from being committed against one's self in the first place.

The investigation of such crimes remains difficult from a legal perspective, although less so than it used to be. Traditionally, investigators of intellectual property theft had to prove that the alleged criminals had stolen, intellectual property in the form of direct observation or sworn testimony from direct witnesses. Now, for Internet crimes of intellectual property, by law, investigators need only to obtain a court order to require the Internet service provider (ISP) make subscriber information available to law enforcement so that the investigators can contact the private homeowners whose connection has been hijacked.

Then, they investigators can obtain consent for a search from the individual whose accounted was hacked into and gather information about any unauthorized computers that used the owners' wireless network via a router. A router collects data on every computer that sends information through the network, including the computer's address on the Internet and each computer's unique identifier from the factory, called the MediaAccess Controller (MAC) address. A MAC address that does not correspond to any computer in the home indicates an outside has exploited the wireless network connection.

Later, after Frank is 'captured' and the investigators can obtain a warrant search the working memory of the alleged offender's computer, the random access memory (RAM) or primary storage area where calculations and data manipulation occur. The forensic examiners are most concerned with the section of slack space known as RAM slack, swap files, and deleted information from slack space and swap files. Examiners can thus create a timeline and confirm that Frank downloaded and decrypted the instructions from the Internet before using stenography software to hide his progress. Forensic investigators use password-cracking techniques to recover encrypted instructions to be decrypted as well as the stenography tool password needed to extract Frank's report the graphic file. This gives the investigators now have probable cause to obtain search warrants for several ISPs hosting the various Web sites used by the gang for transferring information, and finally the gigabytes of logs and transaction records retrieved via the investigator's data mining and visualization software can construct a link analysis of the seized information. This makes it easier for investigators to identify connections by clicking on a particular item in the three-dimensional link.

The difficulties of this process of proving such a chain indicates the importance of creating steps that can help companies simplify the task of conducting a computer forensic investigation, should one ever be required. The article stresses that the most important step is to ensure that network logging devices are turned on, even though these devices use disk space and processor time. If they are turned off, investigations can become impossible. Closing any unneeded ports on the company firewall and patching systems regularly, are also helpful.

This article paints an overall benign portrait of law enforcement, zealously protecting user privacy and safety. It demonstrates how an apparently invisible crime can be rendered visible through the use of technology, and both the law and law enforcement's attempts to stay one step ahead of potential hackers. Of course, when the proofs needed to obtain search warrants can be given without observable evidence, as is traditional with intellectual property cases, some legal scholars may grow antsy. But ultimately, one must agree with the author that the Internet's ability to facilitate identity theft, and the nature of identity theft as a computer-based crime requires new law, such as the allowance for a search warrant based on unobserved evidence, so an Internet provider may give access to an owner whose computer has been hijacked without his or her awareness, as transpired in the article.

As noted by legal scholar of intellectual property Daniel Burke in his article "Transborder Intellectual Property Issues on the Electronic Frontier, the fluid electronic environment of the Internet "magnifies and intensifies" the dangers and abuses associated with identity and intellectual property theft. (Burke, 1994)