Part I: Introduction to the High-Technology Crime Environment
Introduction
Chapter 1: What Investigators Should Know About the High-Technology-Supported Global Environment and Its Threats
- Publisher Summary
- INTRODUCTION
- THE GLOBALIZATION OF THE MARKETPLACE
- HIGH TECHNOLOGY IS RAPIDLY CHANGING THE WORLD
- THE THREE BASIC STEPS OF COMPUTER OPERATIONS
- HIGH-TECHNOLOGY THREATS
- CASE EXAMPLE: DON’T RUSH TO JUDGE
- OTHER AREAS OF INTEREST
- SUMMARY
Chapter 2: High-Technology Crime Miscreants: Profiles, Motives, and Philosophies
- Publisher Summary
- INTRODUCTION
- A BRIEF HISTORY OF HIGH-TECHNOLOGY CRIME AND ITS ASSOCIATED MISCREANTS
- REQUIREMENTS TO COMMIT A HIGH-TECHNOLOGY CRIME
- AN EXAMPLE OF A CORPORATE EMPLOYEE AND THE “CRIME TRIAD”
- INSIDER THREATS
- OUTSIDER THREATS
- WHO ARE THE HIGH-TECHNOLOGY MISCREANTS AND OTHERS ON THE INTERNET?
- HACKERS, CRACKERS, AND PHREAKERS, OH MY!
- PROFILE OF THE HIGH-TECHNOLOGY AND INTERNET FRAUDSTERS
- HIGH-TECHNOLOGY TERRORISTS
- WHY USE TERRORIST METHODS?
- WHAT IS A TERRORIST ACT?
- RESULTS OF TERRORIST ACTIONS
- TERRORIST TECHNOLOGY THREAT ENVIRONMENT
- HIGH-TECHNOLOGY ECONOMIC AND INDUSTRIAL ESPIONAGE ON THE INTERNET—NETSPIONAGE
- INDUSTRIAL AND ECONOMIC ESPIONAGE DEFINED
- TRY CATCHING THESE MISCREANTS!
- PROPRIETARY ECONOMIC INFORMATION
- ECONOMIC ESPIONAGE VULNERABILITIES
- INFORMATION WARRIORS AND CYBER WARRIORS
- SOPHISTICATED DRUG DEALER USE OF HIGH TECHNOLOGY
- SUMMARY
Chapter 3: The Basic Techniques Used by High-Technology Crime Miscreants
- Publisher Summary
- INTRODUCTION
- INTERNAL AND EXTERNAL ATTACKS
- HIGH-TECHNOLOGY MISCREANTS’ BASIC APPROACH TO ATTACKING NETWORKS*
- BASIC USE OF PHYSICAL AND HUMAN INTELLIGENCE COLLECTION METHODS: THEFT AND SOCIAL ENGINEERING
- OTHER COMPUTER-RELATED TECHNIQUES USED BY BOTH INSIDERS AND OUTSIDERS
- SYSTEM MANIPULATION
- USING THE GII, INTERNET, AND NII TO SEARCH FOR TOOLS
- ATTACK TOOLS FOUND ON THE INTERNET AND USED PRIMARILY TO ATTACK INTERNET-CONNECTED TARGETS
- SOME ADDITIONAL COMMON METHODS OF INTERNET ATTACK
- OTHER METHODS, TOOLS, AND TECHNIQUES
- EXAMPLE OF HACKER NAIVETÉ
- ELECTRONIC MAIL
- CELLULAR TELEPHONES: CLONING AND OTHER FRAUDS
- THREATS, VULNERABILITIES, AND RISKS
- CLIP-ON FRAUD
- INFORMATION OF INVESTIGATIVE INTERESTS
- COLORED BOXES AND TELECOMMUNICATIONS FRAUD
- PBX ATTACKS
- CASE EXAMPLE: AN ONLINE COMPUTER IS ALWAYS UNDER ATTACK
- SUMMARY
Chapter 4: The Basic Information Systems Security Techniques Used to Defend Against High-Technology Crime Miscreants
- Publisher Summary
- INTRODUCTION
- BASIC INFOSEC CONCEPTS
- INFOSEC PROCESSES OR FUNCTIONS
- THE INFORMATION SYSTEMS SECURITY OFFICER (ISSO)
- INFOSEC AND ISSO GOALS AND OBJECTIVES
- RISK MANAGEMENT
- OTHER ASPECTS OF AN INFOSEC PROGRAM
- INFOSEC ORGANIZATION
- PREVENTIVE CELLULAR PHONE FRAUD MEASURES
- SECURITY REQUIREMENTS FOR VOICE MESSAGING OPERATIONS
- PBX PROTECTION
- E-MAIL PROTECTION
- NEW MISCREANT TECHNIQUES BRINGS NEW DEFENSIVE METHODS
- PROTECTING SEMICONDUCTORS—MICROCARVING
- SUMMARY
Part II: Introduction to High-Technology Crime Incidents and Crime Investigations
Introduction
Chapter 5: Investigating High-Technology Crimes
- Publisher Summary
- INTRODUCTION
- SIGNIFICANCE OF COMPUTERS IN CRIME AND INVESTIGATIONS
- VIOLATIONS OF ORGANIZATION POLICIES
- SEARCHING A COMPUTER: WARRANTS AND POLICY ISSUES
- OPERATIONS PLAN
- THE SEARCH PROCEDURES
- A HIGH-TECHNOLOGY CRIME SCENE
- SUMMARY
Chapter 6: Responding to High-Technology Incidents and Crimes
- Publisher Summary
- INTRODUCTION
- PREINCIDENT PREPARATIONS
- RESPONSIBILITIES AND DUTIES
- TRAINING
- THE INCIDENT HANDLING PLAN
- IDENTIFICATION OF AN ATTACK
- CONTAINMENT
- ESCALATION
- BRIEFINGS BEFORE THE INVESTIGATION STARTS
- EQUIPMENT AND TOOLS
- DEFINE AND DOCUMENT THE CASE
- SECURING THE SCENE OF THE INCIDENT
- THE FIRST RESPONDER
- THE INVESTIGATIVE PROCESS
- SUMMARY
Chapter 7: The Collection of Evidence
- Publisher Summary
- INTRODUCTION
- HOW DO YOU GO ABOUT SEIZING THE EVIDENCE?
- THE LAW
- THE FIRST RESPONDER
- HEALTH AND SAFETY
- A GUIDE TO SEIZING EVIDENCE
- PROCEDURES FOR SEIZING A STANDALONE COMPUTER
- PROCEDURES FOR COLLECTING EVIDENCE FROM A NETWORK
- OTHER ELECTRONIC DEVICES THAT MAY CONTAIN RELEVANT INFORMATION
- SUMMARY
Chapter 8: Interviews and Interrogations
- Publisher Summary
- INTRODUCTION
- WHO, HOW, WHERE, WHEN, WHY, WHAT
- DEALING WITH VICTIMS
- DEALING WITH WITNESSES
- PERSONAL DESCRIPTIONS
- DEALING WITH SUSPECTS
- CASE STUDY: COMPELLING SUSPECTS TO PROVIDE ACCESS INFORMATION
- SUMMARY
- APPENDIX 8-1 INVESTIGATIVE DESCRIPTIVE AID TO ASSIST IN PERSONAL DESCRIPTIONS
Chapter 9: An Introduction to Computer Forensics
- Publisher Summary
- INTRODUCTION
- THE STAGES THAT MAKE UP THE FORENSIC PROCESS
- WHO WILL DIRECT THE COMPUTER FORENSICS EFFORTS?
- GUIDELINES
- STRATEGY FOR AN INVESTIGATION
- PROCEDURE FOR A FORENSIC INVESTIGATION
- PURPOSE OF THE INVESTIGATION
- BUSINESS DECISIONS
- THE FULL INVESTIGATION
- THE CHASE
- RESTORATION
- THE ANALYSIS
- EXAMINATION OF PDAS
- EXAMINATION OF MOBILE PHONES
- EXAMINATION OF FLASH MEMORY MEDIA
- CASE STUDY 1
- CASE STUDY 2
- SUMMARY
Chapter 10: Establishing and Managing a Computer Forensics Laboratory
- Publisher Summary
- INTRODUCTION
- ESTABLISHING THE LABORATORY
- COMPUTER FORENSICS LABORATORY MANAGEMENT AND STAFF
- COMPUTER FORENSICS LABORATORY: PHYSICAL SIZE
- AN EXAMPLE OF A COMPUTER FORENSICS LABORATORY
- WHO WILL BE YOUR CUSTOMERS?
- CASE PRIORITY
- ALLOCATION OF DUTIES
- STAFF TRAINING AND EXPERIENCE
- STAFF AND LABORATORY PRODUCTIVITY
- PROCEDURES FOR QUALITY REVIEW
- EQUIPMENT TESTING
- STANDARDS
- POLICY ON OUTSOURCING
- POLICY ON USE OF EXTERNAL EXPERTS
- COUNSELING
- EQUIPMENT AND SOFTWARE
- INFORMATION RESOURCES
- HEALTH AND SAFETY
- DATA RETENTION POLICY
- REPORTING OF FINDINGS
- COMMUNICATIONS
- SUMMARY
Chapter 11: High-Technology Crimes: Case Summaries
- Publisher Summary
- INTRODUCTION
- THE DRINKORDIE GROUP
- OLDIE BUT GOODIE HACKER CASE
- MILITARY HACKER FREED ON BAIL
- WORM STRIKES DOWN WINDOWS 2000 SYSTEMS
- FBI AGENTS BUST “BOTMASTER”: LOS ANGELES, CALIFORNIA (REUTERS)
- RESEARCHERS SNOOP ON KEYBOARD SOUNDS
- SPAMMERS FACE JAIL IN NIGERIA
- STOLEN UC-BERKELEY LAPTOP RECOVERED
- THREE JAILED IN GLOBAL EBAY SCAM
- BLOGGERS LEARN THE PRICE OF TELLING TOO MUCH
- TWENTY ARRESTED IN CRACKDOWN ON INTERNET PHARMACIES
- ALLEGED HACKER IS MICROSOFT EMPLOYEE
- ANTIIDENTITY THEFT FREEZE GAINING MOMENTUM
- E-MAIL RECEIVED BY ONE OF THE AUTHORS
- BARRED NO MORE
- PERSON USING AN ALIAS AND REPRESENTING A FICTITIOUS ISP INSTALLED SIX TOLL-FREE 800 NUMBERS FOR A TELEMARKETING COMPANY
- A NETWORK SECURITY OPERATIONS CENTER RECEIVED A CATASTROPHIC OUTAGE NOTIFICATION FROM THEIR NETWORK MANAGEMENT CENTER INDICATING A FIBER OUTAGE HAD OCCURRED
- TELECOMMUNICATIONS CABLES VULNERABLE TO TERRORISTS’ ATTACKS
- SO YOUR EMPLOYER “LOST” YOUR INFORMATION
- CALIFORNIA TO BAN HUNTING OVER INTERNET
- E-MAIL RECEIVED BY ONE OF THE AUTHORS
- NINE OF ISRAEL’S TOP BUSINESS EXECUTIVES AND 11 HEADS OF 3 LEADING INQUIRY COMPANIES—INCLUDING MODIIN EZRAHI— ARE IN CUSTODY SUSPECTED OF COMPLICITY IN A MASSIVE COMPUTERIZED COMMERCIAL ESPIONAGE CONSPIRACY
- “BLASTER” TEEN SENTENCED TO 1½ YEARS
- INFO ON 3.9M CITIGROUP CUSTOMERS LOST
- WORLDPAY STRUGGLES UNDER DDOS ATTACK (AGAIN)
- DENIAL-OF-SERVICE ATTACK VICTIM SPEAKS OUT
- NEW VIRUS USES SONY BMG SOFTWARE
- DUMPSTER DIVING FOR IDS
- FIVE ARRESTED OVER PHISHING FRAUD
- GEEKFATHERS: CYBER CRIME MOBS REVEALED
- HACKER HELPS WANNABE BIZ STUDENTS
- HACKERS BATTER CRITICAL UK INFRASTRUCTURE
- HACKER INFILTRATED GOVERNMENT COMPUTERS, US MILITARY INSTALLATIONS, LABORATORIES, AND NASA
- HACKERS TAKE A CRACK AT CISCO FLAW
- HOME PCS HARNESSED TO SOLVE GLOBAL PROBLEMS
- INTERNET CRASHES IN PAKISTAN
- IPOD BLAMED FOR SPIKE IN SUBWAY CRIME
- “MEDICA IGNORED WARNINGS,” SAYS EX-EMPLOYEE
- WEB SITE OWNER DEFIES JUDGE’S ORDERS
- PHISHERS ADOPT SCAM TRICKS FROM VIRUS WRITERS
- LEXISNEXIS: HACKERS ACCESSED 32,000 IDS
- TELEPHONE SCAM
- E-MAIL RECEIVED BY ONE OF THE AUTHORS
- E-MAIL MESSAGE RECEIVED BY ONE OF THE AUTHORS: ANOTHER VARIATION ON THE THEME
- TIME WARNER ALERTS STAFF TO LOST DATA FILES FOR 600,000 WORKERS
- FEDERAL AGENTS HAVE CARRIED OUT SEARCHES IN AT LEAST TWO STATES AS PART OF THE INVESTIGATION INTO THE THEFT OF SOCIAL SECURITY NUMBERS AND OTHER PERSONAL INFORMATION FROM DATABASE GIANT LEXISNEXIS INC.
- HACKERS TARGET ITUNES, ANTIVIRUS WARE
- JUDGE DISMISSES SPAM CONVICTION
- MASTERCARD SECURITY ALERT—MORE THAN 40 MILLION CREDIT CARDS MAY HAVE BEEN BREACHED; WARNING TO MEMBER BANKS ISSUED
- SASSER AUTHOR GETS SUSPENDED TERM
- A FEDERAL JUDGE HAS AWARDED AN INTERNET SERVICE PROVIDER MORE THAN $1 BILLION IN WHAT IS BELIEVED TO BE THE LARGEST JUDGMENT EVER AGAINST SPAMMERS
- TEEN SENTENCED FOR “BLASTER” WORM VARIANT
- SUMMARY
Part III: Introduction to Overview of the High-Technology Crime Investigation Profession and Unit
Introduction
Chapter 12: The Global Enterprise Corporation
- Publisher Summary
- INTRODUCTION
- GEC BACKGROUND INFORMATION
- KEY ELEMENTS FOR THE HIGH-TECHNOLOGY CRIME INVESTIGATOR TO CONSIDER
- GETTING TO KNOW GEC
- GEC’S STRATEGIC BUSINESS PLAN
- GEC’S TACTICAL BUSINESS PLAN
- GEC’S ANNUAL BUSINESS PLAN
- HIGH-TECHNOLOGY CRIME PREVENTION PROGRAM PLANNING
- SUMMARY
Chapter 13: Understanding the Role of the High-Technology Crime Investigator and a Crime Prevention Unit in the Business and Management Environment
- Publisher Summary
- INTRODUCTION
- WHAT IS EXPECTED OF YOU?
- GEC HIGH-TECHNOLOGY CRIME INVESTIGATOR RESPONSIBILITIES
- GOALS AND OBJECTIVES
- LEADERSHIP POSITION
- PROVIDING HIGH-TECHNOLOGY CRIME PREVENTION SERVICE AND SUPPORT
- USE TEAM CONCEPTS
- VISION, MISSION, AND QUALITY STATEMENTS
- HIGH-TECHNOLOGY CRIME PREVENTION PRINCIPLES
- PROJECT AND RISK MANAGEMENT PROCESSES
- HIGH-TECHNOLOGY CRIME PREVENTION ORGANIZATIONAL RESPONSIBILITIES
- GEC HIGH-TECHNOLOGY CRIME INVESTIGATOR FORMAL DUTIES AND RESPONSIBILITIES
- SUMMARY
Chapter 14: The High-Technology Crime Investigation Unit’s Strategic, Tactical, and Annual Plans
- Publisher Summary
- INTRODUCTION
- GEC’S HIGH-TECHNOLOGY CRIME PREVENTION TACTICAL PLAN
- GEC’S HIGH-TECHNOLOGY CRIME PREVENTION ANNUAL PLAN
- SUMMARY
Chapter 15: High-Technology Crime Investigation Program and Organization
- Publisher Summary
- INTRODUCTION
- HIGH-TECHNOTLOGY CRIME INVESTIGATION UNIT DRIVERS
- HIGH-TECHNOLOGY CRIME INVESTIGATOR MANAGER THOUGHT PROCESS IN ESTABLISHING THE HTCPP AND INVESTIGATION ORGANIZATION
- SECURITY FUNCTIONAL PROCESS SUMMARY
- HIGH-TECHNOLOGY CRIME INVESTIGATIVE ORGANIZATION
- DETERMINING THE NEED FOR HIGH-TECHNOLOGY CRIME INVESTIGATION SUBORDINATE ORGANIZATIONS
- HIGH-TECHNOLOGY CRIME INVESTIGATION JOB DESCRIPTIONS FOR THE UNIT
- RECRUITING HIGH-TECHNOLOGY CRIME PREVENTION PROFESSIONALS
- IDENTIFYING IN-HOUSE HIGH-TECHNOLOGY CRIME INVESTIGATOR CANDIDATES
- IDENTIFYING OUTSIDE HIGH-TECHNOLOGY CRIME INVESTIGATOR CANDIDATES
- SUMMARY
Chapter 16: High-Technology Crime Investigative Functions
- Publisher Summary
- INTRODUCION
- DETERMINING MAJOR HIGH-TECHNOLOGY CRIME INVESTIGATIVE FUNCTIONS
- HIGH-TECHNOLOGY CRIME INVESTIGATION POLICY
- GEC’S HIGH-TECHNOLOGY CRIME INVESTIGATION REQUIREMENTS AND POLICY DIRECTIVE (IRPD)
- HIGH-TECHNOLOGY CRIME INVESTIGATION PROCEDURES
- AWARENESS PROGRAM
- PROACTIVE HIGH-TECHNOLOGY CRIME PREVENTION SURVEYS AND RISK MANAGEMENT
- WHAT IS RISK MANAGEMENT?
- RECOMMENDATIONS TO MANAGEMENT
- RISK MANAGEMENT REPORTS
- HIGH-TECHNOLOGY CRIME PREVENTION SURVEYS
- SUMMARY
- EXCERPTS FROM A SAMPLE SURVEY ACTIVITY LOG
Chapter 17: Sources, Networking, and Liaison
- Publisher Summary
- INTRODUCTION
- COLLECTING INFORMATION
- SOURCES
- “CARDING” SOURCES
- CLASSIFYING THE RELIABILITY OF SOURCES AND THE ACCURACY OF THEIR INFORMATION
- NETWORKING
- LIAISON
- SUMMARY
Chapter 18: High-Technology Crime Investigation Unit Metrics Management System
- Publisher Summary
- INTRODUCTION
- INVESTIGATIONS
- INVESTIGATION CASE STUDY
- SUMMARY
Chapter 19: Outsource or Proprietary?
- Publisher Summary
- INTRODUCTION
- OUTSOURCING: A DEFINITION
- THE ADVANTAGES AND DISADVANTAGES OF A PROPRIETARY HIGH-TECHNOLOGY CRIME INVESTIGATIVE UNIT
- THE ADVANTAGES AND DISADVANTAGES OF AN OUTSOURCED HIGH-TECHNOLOGY CRIME INVESTIGATIVE UNIT
- CANDIDATE SECURITY FUNCTIONS FOR OUTSOURCING: HIGH-TECHNOLOGY CRIME INVESTIGATION
- SAMPLE OUTSOURCING ANALYSIS
- PROBABILITY OF FAILURE
- CONSEQUENCE OF FAILURE
- FINAL OUTSOURCING DECISION
- SUMMARY
Part IV: Introduction to High-Technology Crime Investigation Challenges of the 21st Century
Introduction
Chapter 20: The Future of High Technology and Its Impact on Working in a Global Information Environment
- Publisher Summary
- INTRODUCTION
- MICROPROCESSORS
- PESSIMISM VERSUS OPTIMISM
- ELECTRICALLY CHARGED AMOEBAE?
- HIGH-TECHNOLOGY DEVICE INTEGRATIONS AND TRENDS TOWARD THE FUTURE
- POWER TO THE PEOPLE?
- SUMMARY
Chapter 21: The Future of High-Technology Crimes, Security, and the Criminal Justice System
- Publisher Summary
- INTRODUCTION
- HIGH-TECHNOLOGY SECURITY
- INFORMATION SYSTEM SECURITY
- CRIMINAL JUSTICE SYSTEMS
- SUMMARY
Chapter 22: Terrorism—Crime or War? Its Impact on the High-Technology Crime Investigator and the Profession
- Publisher Summary
- INTRODUCTION
- THE CURRENT ENVIRONMENT
- CURRENT TERRORIST USE
- INTELLIGENCE GATHERING
- DIRECT ATTACKS
- SUMMARY
Chapter 23: The Future of the High-Technology Crime Investigator Profession
- Publisher Summary
- INTRODUCTION
- LACK OF TRAINING, MANAGEMENT SUPPORT, AND SOMETIMES EVEN INTEREST
- HIGH-TECHNOLOGY CRIME INVESTIGATION UNITS AND LAW ENFORCEMENT
- TRAINING
- HIGH-TECHNOLOGY CRIME INVESTIGATIONS
- THE BEST TOOLS TO ASSIST IN CONDUCTING HIGH-TECHNOLOGY CRIME INVESTIGATIONS
- THE BEST TOOLS TO ASSIST IN COMMITTING HIGH-TECHNOLOGY CRIMES
- HIGH-TECHNOLOGY CRIMES INCREASING OR DECREASING?
- CONFIGURATIONS AND SECURITY OF LAW ENFORCEMENT SYSTEMS
- SYSTEMS SECURE?
- CONCLUSIONS
- SUMMARY
Chapter 24: Developing a Career as a High-Technology Crime Investigator
- Publisher Summary
- INTRODUCTION
- QUALIFICATIONS
- CERTIFICATION
- EXPERIENCE
- KNOWLEDGE
- RANGE OF CASES
- TECHNOLOGIES
- ASSOCIATIONS
- SUMMARY
Chapter 25: Marketing Yourself as a Successful High-Technology Crime Investigator
- Publisher Summary
- INTRODUCTION
- MARKETING SUPPORT: TRAINING, EXPERIENCE, CERTIFICATIONS, ASSOCIATIONS, AND CONTACTS
- APPLYING FOR THE POSITION OF HIGH-TECHNOLOGY CRIME INVESTIGATOR, SUPERVISOR, OR MANAGER
- YOUR RESUME MADE IT PAST THE INITIAL SCREENING-NEXT STEP: THE INTERVIEW
- THE PORTFOLIO
- SUMMARY
Chapter 26: So, Are You Ready to Become a High-Technology Crime Investigative Consultant?
- Publisher Summary
- INTRODUCTION
- HAVE A PLAN
- GETTING STARTED
- QUESTIONS TO CONSIDER
- SUMMARY
Chapter 27: Conclusions and Final Thoughts
- Publisher Summary
- INTRODUCTION
- WHAT IS THE PROFILE OF A SUCCESSFUL HIGH-TECHNOLOGY CRIME INVESTIGATOR?
- “LOVE IT OR LEAVE IT!”
- HOPES FOR THE FUTURE