A new book, High-Tech Crimes Revealed, takes a look at what happens when the bad guys win. Stolen identities, viruses unleashed into the wild, industrial sabotage... Steven Branigan touches on the crimes and the criminals behind them in his first book.
Branigan, the president of CyanLine LLC., a high-tech security consultancy based in New Jersey, is a founding member of the N.Y. Electronic Crimes Task Force and formerly was a senior manager with Bell Labs Computing and Network Research.
In a one-on-one interview with eSecurityPlanet, Branigan discusses separating hype from actual crimes, the insider threat and the need for better high-tech forensics.
Q: Security and IT administrators worry about hackers and intruders
every day. How could a book detailing break-ins help them?
I wanted to help people become more aware of what can happen when someone gets into a system. It's very important to know about this so they can separate the reality from the hype. It's not as bad as everyone says and it's not nothing. It's somewhere in between. Remember all the hype around the millennium issue? When nothing happened, it looked like hype. Sometimes the talk of cyber terrorism is a bit larger than life. Some things are overstated.
Q: Then what should administrators be worrying about?
It's the more traditional crimes that are really affecting people. Identity theft is one of the biggest problems.
Q: Are you seeing different types of crimes? How are they
I'm seeing more insider crimes. I think companies are starting to become more aware that most employees are good, but if you have one person trying to get to payroll data or trying to get to contracts, then there's a big problem. Some people try to get themselves hired so they can hack that company. I have a story in the book of one person who was interested in getting into a telephone network, but it was too hard to get to from the outside. So he got himself hired... He stole information and manipulated phone numbers... He really wanted to play around. Q: Were there warning signs the company's executives could have looked for?
He came across with a resume for the time that looked too good to be true and he was willing to take a pay rate lower than anyone else. He was motivated to get the job for the benefits that were in his mind... We trust the insiders more than anyone else and they have less restrictions. The firewalls keep outsiders out but they're not used to sectioning off pieces of the company.
Q: Did you find that the infiltrated companies had good security or were they lax? Where did security break down?
The companies were always surprised. They couldn't believe this person could do this. He was a part of their family. How could he do this?... I found that most had done reasonable jobs at security, but they had underestimated the lengths that a rogue employee would go to. They dismissed warning signs. Something was unusual but they thought he must be working on something... or they thought it wasn't their place to ask. People don't want to be seen as tattle tales.
Q: You talk in your book about some basic rules that administrators
should adopt. What's your top rule?
I think the rules are based on how to investigate the cases. Imagine that a problem you're looking at might be more than carelessness or a broken system. Maybe the system is running slowly because a hacker is using it. Don't just jump in there and mess up evidence. Methodically look at the system and make sure you've kept a good written record of the anomalies. That's the type of thinking that people need. Go a little bit slower. Take notes.