Friday, December 13, 2024

Author: Insiders Top High-Tech Crime Threat

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

IT and security administrators are fighting every day to keep hackers at

bay. But what happens when the hackers win?

A new book, High-Tech Crimes Revealed, takes a look at what

happens when the bad guys win. Stolen identities, viruses unleashed into

the wild, industrial sabotage… Steven Branigan touches on the crimes

and the criminals behind them in his first book.

Branigan, the president of CyanLine LLC., a high-tech security

consultancy based in New Jersey, is a founding member of the N.Y.

Electronic Crimes Task Force and formerly was a senior manager with Bell

Labs Computing and Network Research.

In a one-on-one interview with eSecurityPlanet, Branigan

discusses separating hype from actual crimes, the insider threat and the

need for better high-tech forensics.

Q: Security and IT administrators worry about hackers and intruders

every day. How could a book detailing break-ins help them?

I wanted to help people become more aware of what can happen when

someone gets into a system. It’s very important to know about this so

they can separate the reality from the hype. It’s not as bad as everyone

says and it’s not nothing. It’s somewhere in between. Remember all the

hype around the millennium issue? When nothing happened, it looked like

hype. Sometimes the talk of cyber terrorism is a bit larger than life.

Some things are overstated.

Q: Then what should administrators be worrying about?

It’s the more traditional crimes that are really affecting people.

Identity theft is one of the biggest problems.

Q: Are you seeing different types of crimes? How are they

evolving?

I’m seeing more insider crimes. I think companies are starting to become

more aware that most employees are good, but if you have one person

trying to get to payroll data or trying to get to contracts, then

there’s a big problem. Some people try to get themselves hired so they

can hack that company. I have a story in the book of one person who was

interested in getting into a telephone network, but it was too hard to

get to from the outside. So he got himself hired… He stole information

and manipulated phone numbers… He really wanted to play around.
Q: Were there warning signs the company’s executives could have

looked for?

He came across with a resume for the time that looked too good to be

true and he was willing to take a pay rate lower than anyone else. He

was motivated to get the job for the benefits that were in his mind…

We trust the insiders more than anyone else and they have less

restrictions. The firewalls keep outsiders out but they’re not used to

sectioning off pieces of the company.


Q: Did you find that the infiltrated companies had good security or

were they lax? Where did security break down?

The companies were always surprised. They couldn’t believe this person

could do this. He was a part of their family. How could he do this?…
I found that most had done reasonable jobs at security, but they had

underestimated the lengths that a rogue employee would go to. They

dismissed warning signs. Something was unusual but they thought he must

be working on something… or they thought it wasn’t their place to ask.

People don’t want to be seen as tattle tales.

Q: You talk in your book about some basic rules that administrators

should adopt. What’s your top rule?

I think the rules are based on how to investigate the cases. Imagine

that a problem you’re looking at might be more than carelessness or a

broken system. Maybe the system is running slowly because a hacker is

using it. Don’t just jump in there and mess up evidence. Methodically

look at the system and make sure you’ve kept a good written record of

the anomalies. That’s the type of thinking that people need. Go a little

bit slower. Take notes.

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles