Computer Crime Research Center


High-Tech Crimes Revealed: An Interview with Stephen Branigan

Date: October 28, 2004
By: By Steven Branigan, Seth Fogie

Stephen Branigan, one of the founders of the New York City task force on cybercrime and author of High-Tech Crimes Revealed: Cyberwar Stories from the Digital Front, talks to Seth Fogie about hacker motivations and how to solve cyber crimes.

Seth: Who are your real-life influencers? Fictional influencers? (With regard to this book's subject, that is.)

Steven: Real life influencers:

* Police: Sergeants J. Cheney and Richard "Fox" Foster taught me all the real-life lessons of patrolling the streets that the academy hadn't.
* Network security: My friends Bill Cheswick, Matt Blaze, Steve Bellovin, Avi Rubin, and Hal Burch have helped shaped my views on how to conduct secure networking and secure computing.
* Legal: Scott Charney and Martha Stansel-Gamm have each led the Computer Crime and Intellectual Property Section of the Department of Justice, and they always seem to know how to balance the competing forces of protecting the innocent and convicting the guilty.

Seth: If you can give us a name and brief summary, who was the most talented hacker you ever caught and what did he/she/they do?

Steven: I'm generally uncomfortable with giving the names of the hackers caught, as I would be hesitant to provide the names of anyone I arrested. It's better for the subjects, should they wish, to provide that information.

With that said, I believe that one of the best was the "hot-ice" character detailed in Chapter 2 of my book. Technically very competent, and able to maneuver across country boundaries very well. The character "Bob" from Chapter 6 was possibly the brightest hacker I ever met.

Seth: Do you attend any hacker conferences? What's your opinion about their focus and content? Have you ever been tagged in "Spot the Fed"?

Steven: Actually, I haven't been to a single hacker conference. I guess it's because I would expect to be handed a "Fed" T-shirt at the door as I walked in!

Seth: There's a lot of discussion in this book about the motivators of a hacker, and most of it is right on! I myself would fall into the curious category. :) However, IMHO, these are the same motivators that drive almost everything and everyone.... What motivated you to write this book?

Steven: Motivations for me? Here goes:

* I think that computer crimes are very misunderstood. This book explains who does them, why they do them, and what the impacts can be.
* Further, I know that as people become more aware of what computer crimes are, they will be able to make better decisions about how to protect their networks.

Seth: Throughout the book, chance seems to play a paramount role in finding and catching talented hackers. What's your experience with the reality of this unnerving concept? What chance do we have if we never see them coming?

Steven: An over-used clich applies here: It's better to be lucky than good. I believe that there's an element of luck in catching criminals. And that really is a frightening concept.

The good news is that criminals always take a chance when they commit a crime. We can use that in our favor. That's why I'm a big fan of improved logging and surveillance. Audit trails are an incredible resource for trying to catch a hacker after you discover the problem.

Seth: The book discusses how to handle a break-in and the significant damage that can be done by not following proper protocol. However, in many of your cases, you have prior evidence of hacker activity. What's the proper protocol for addressing a computer that may or may not be a hacker tool-for example, troubleshooting a malfunctioning computer and finding 3GB of warez and four rootkits causing the problem?

Steven: I would suggest that in a couple of the cases, it wasn't that there was initial evidence of hacker activity. For example, in Chapter 3, our friend Wesley's hacking was discovered because he hadn't paid his rent.

Let me say that it was the methodical investigations that ultimately led to us uncovering the hacker activities in Chapters 1 and 3.

My best advice is to walk that fine line between trust and suspicion when investigating computer malfunctions. Maybe it's nothing, or maybe it's the work of a hacker...

Seth: While it would be nice for everyone to get fair play with the FBI when a hack occurs, they're limited on time and resources, and not everything requires FBI-level attention. Based on your experience, what kind of support/interest can a SOHO user expect from the authorities (local police, FBI, state police, and so on)?

Steven: I agree that not everything needs FBI-level attention! That's a very important point. Law enforcement really, really wants to do the right thing. I have been very fortunate to have worked with many cops around the world who work hard to protect their citizens.

Many state and local police agencies are getting much better at handling computer crime issues. They're very interested in dealing with these issues, and the issues they deal with directly translate into the training they'll receive in the future!

My best advice, should you find yourself in a position where you need [law enforcement assistance], is to be sure to take the time to explain how the crime has affected you personally.

Seth: I grew up in a cop's family, and I know a little of how being a cop changes your perspective on life. I can see some of this perspective in your book, and it's a refreshing reading experience, especially since most other books are written by "hackers." What's your take on these other books?

Steven: I spent a lot of time reading publications such as 2600, phrack, and the like. To be honest, I have never really been sure what the justification is for hacking into telephone systems, cellular systems, banks, and so on.

Whether it's invasion of privacy, theft of services, or even fraud, computer crimes usually result in real victims. I think that is often missed with the anonymity that computers and the Internet provide.

Seth: This book addresses the options available to a company after a system compromise. What's your personal recommendation to companies facing that catch-22 situation where they learn their server is host to hacker activity, but they can't shut it down until the end of the day or even week?

Steven: Hmm... No matter which option you choose, at some point the other option will have seemed better! It's a tough call that needs to be made by the business leaders with expert consultation from their technical people, because either option is a business-impacting operation. Usually it depends on the severity of the suspected attack and the ability to investigate while continuing operations. Those are the most relevant factors.

Seth: One of the first pages in the book outlines your work experience based on your attire. I noticed that you served time as a cop (pun intended). How has this helped and hindered your computer security experience?

Steven: Served time indeed!

* Helpful: Law enforcement encourages you to document your activities, and that's very helpful for computer security.

It taught me to follow up on even the smallest of suspicious items. I remember very well the story from my academy days of a police officer who broke a large cocaine ring just by stopping a car with an expired inspection sticker. That one stop led to the discovery that the driver's license was revoked. That led to finding there was a warrant for his arrest. And that led to the subject giving up information...

It taught me that even when you may think someone has done something wrong, always treat all people equally until you have proof.

* Harmful: I get suspicious very easily, perhaps too easily.

Seth: On the subject of careers, what advice can you give to people who find computer security an attractive field? Is there a fast path to getting a job as a forensics specialist with a police department?

Steven: Free advice (and remember, money back if you are not delighted!):

I will limit this to legitimate jobs with the police, and exclude the attractive career of confidential informants.

Law enforcement is looking for reliable, trustworthy people with excellent technical skills. Look into a computer security or forensic problem and help solve it. Present your results at a conference. That will help to get you noticed.

Seth: On the same subject, you [wondered] why anyone would write a program like NetStumbler. Why do you think NetStumbler was written?

Steven: I have no idea why it was written and given away for free! While I imagine that curiosity and conquering the technical challenge inspired the initial writing, I'm not sure why the authors didn't release it as a commercial product.

Seth: What are your interests outside your industry?

Steven: Sports. In particular, soccer (which I play often), baseball, and football. I find that I'm always learning from playing or watching team sports.

Seth: Have you ever...

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2004-11-04 14:58:30 - I currently attend school for Criminal... Kimberly
Total 1 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo