Computer Crime Research Center

img11.jpg

How to avoid Internet fraud

Date: May 06, 2004
Source: Computer Crime Research Center
By: Lyudmila Goroshko

Now Internet fraud amounts hundreds of intricate and dangerous cases, new appropriate laws, methods and techniques are actively developed. But it is difficult to find, to preserve and to examine fragile digital evidence that is affected by damage and deletion at different levels. Collecting this data, specialists create so-called "control track" for criminal prosecution. They look for information that may be encoded or concealed in graphical files, empty hard disk space and even in occasionally deleted data of operative memory. Setting fake ("honeypot") computers is one of the popular tricks that destroy computers of hackers at the same time when they gorge the bait (use their own methods against hackers).

The brightest example of such approach is Honeynet project. A Honeynet is a type of honeypot. Specifically, it is a high-interaction honeypot designed to capture extensive information on threats. High-interaction means a Honeynet provides real systems, applications, and services for attackers to interact with (as opposed to low-interaction honeypots such as Honeyd, which provide emulated services and operating systems). It is through this extensive interaction we gain information on threats, both external and internal to an organization. What makes a Honeynet different from most honeypots is that it is an entire network of systems. Instead of a single computer, a Honeynet is a network of systems desinged for attackers to interact with. These victim systems (honeypots within the Honeynet) can be any type of system, service, or information you want to provide. If you want to create Oracle databases on Solaris servers, not a problem. If you want to create a e-commerce site using IIS webserver on Windows 2003, not a problem. You can run everything from VAX systems to Cisco routers. Its is this flexibility that gives Honeynets their true power.

The Honeynet Project's Forensic Challenge was launched on January 15, 2001. Dave Dittrich, co-ordinator of the Forensic Challenge, offered all participants to briefly examine one of the Honeynet systems to learn what happens during interaction with it.

The Forensic Challenge was an effort to allow incident handlers around the world to all look at the same data -- an image reproduction of the same compromised system -- and to see who could dig the most out of that system and communicate what they've found in a concise manner. This was a nonscientific study of tools, techniques, and procedures applied to postcompromise incident handling. The challenge was to have fun, to solve a common real world problem, and for everyone to learn from the process.

Each of the 13 submitters suggested his own (slightly different from the other's) way, and almost each noticed aspects not noticed by the others. However, despite all these men were experienced and skilful specialists in security and administration of computer systems, only three of them succeeded in finding a source of hacker attack.


Add comment  Email to a Friend

Discussion is closed - view comments archieve
2005-09-02 08:31:28 - Very nice Pesho
Total 1 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo