IT and security administrators are fighting every day to keep hackers at
bay. But what happens when the hackers win?
A new book, High-Tech Crimes Revealed, takes a look at what
happens when the bad guys win. Stolen identities, viruses unleashed into
the wild, industrial sabotage… Steven Branigan touches on the crimes
and the criminals behind them in his first book.
Branigan, the president of CyanLine LLC., a high-tech security
consultancy based in New Jersey, is a founding member of the N.Y.
Electronic Crimes Task Force and formerly was a senior manager with Bell
Labs Computing and Network Research.
In a one-on-one interview with eSecurityPlanet, Branigan
discusses separating hype from actual crimes, the insider threat and the
need for better high-tech forensics.
Q: Security and IT administrators worry about hackers and intruders
every day. How could a book detailing break-ins help them?
I wanted to help people become more aware of what can happen when
someone gets into a system. It’s very important to know about this so
they can separate the reality from the hype. It’s not as bad as everyone
says and it’s not nothing. It’s somewhere in between. Remember all the
hype around the millennium issue? When nothing happened, it looked like
hype. Sometimes the talk of cyber terrorism is a bit larger than life.
Some things are overstated.
Q: Then what should administrators be worrying about?
It’s the more traditional crimes that are really affecting people.
Identity theft is one of the biggest problems.
Q: Are you seeing different types of crimes? How are they
I’m seeing more insider crimes. I think companies are starting to become
more aware that most employees are good, but if you have one person
trying to get to payroll data or trying to get to contracts, then
there’s a big problem. Some people try to get themselves hired so they
can hack that company. I have a story in the book of one person who was
interested in getting into a telephone network, but it was too hard to
get to from the outside. So he got himself hired… He stole information
and manipulated phone numbers… He really wanted to play around.
Q: Were there warning signs the company’s executives could have
He came across with a resume for the time that looked too good to be
true and he was willing to take a pay rate lower than anyone else. He
was motivated to get the job for the benefits that were in his mind…
We trust the insiders more than anyone else and they have less
restrictions. The firewalls keep outsiders out but they’re not used to
sectioning off pieces of the company.
Q: Did you find that the infiltrated companies had good security or
were they lax? Where did security break down?
The companies were always surprised. They couldn’t believe this person
could do this. He was a part of their family. How could he do this?…
I found that most had done reasonable jobs at security, but they had
underestimated the lengths that a rogue employee would go to. They
dismissed warning signs. Something was unusual but they thought he must
be working on something… or they thought it wasn’t their place to ask.
People don’t want to be seen as tattle tales.
Q: You talk in your book about some basic rules that administrators
should adopt. What’s your top rule?
I think the rules are based on how to investigate the cases. Imagine
that a problem you’re looking at might be more than carelessness or a
broken system. Maybe the system is running slowly because a hacker is
using it. Don’t just jump in there and mess up evidence. Methodically
look at the system and make sure you’ve kept a good written record of
the anomalies. That’s the type of thinking that people need. Go a little
bit slower. Take notes.