Print
Discuss
Send to friend
RSS feedsAs a child, Neil Barrett was captivated by computers. He learnt to hack at an early age but after tiring of the thrills of hijacking radio telescopes and other systems online, he moved on to what proved to be a more interesting area - hacking the hackers. He has detailed some of his activities in his latest book, Traces of Guilt.
This book is a guide to the mentality of the hacker, the methods used to find and catch them, and the rules for dealing with computer evidence and the police. It is also a pretty good potted history of the major computer crimes of the past eight years.
The book opens with an account of one of Barrett's first cases as a computer investigator in an online paedophilia case. It highlights just how muddled legal and police professionals used to be about computer crime. It serves as a counterpoint for the rest of the book.
Barrett, a regular IT Week columnist, establishes his own credentials early on and uses his own experience to delve into the mind of the hacker. Why do hackers continually try to break into the seemingly unbreakable and what methods can they use? As it turns out it is much like the mindset of a computer gamer, who knows there must be a way to win and so tries everything to do it.
In subsequent chapters Barrett details investigations that illustrate the types of crime that are enabled by computer technology. These offences range from those involving online pornography to hacking, internet blackmail and identity fraud.
There is a lot here to make the security-conscious IT manager think. In one case Barrett demonstrated his talents by hacking a firm's server in four days based on nothing more than a business card. His involvement in the investigation of the Gary Glitter internet paedophilia case also makes fascinating reading.
Running through all these examples are a few themes that could help IT managers combat computer crime.
The first concerns the collection of evidence - just as investigators try to preserve the evidence at murder scenes, IT managers must be careful to keep the evidence at scenes of computer crimes. But time and again Barrett details cases where investigations were hampered or even killed because evidence was mishandled. For those concerned about hacking on their networks this is essential information for a successful conviction.
Second, Barrett recommends looking not just at suspicious data, but at suspects' actions, to build a profile of their methodology. This can increase the chances of apprehending suspects, and may lead the investigator to new areas of research to build a better case. This kind of "personality mapping" is already in use and is a skill all security experts should learn.
If there is a criticism of this book it is that uneven editing has left it a little disjointed. Barrett is a compelling writer but poor indexing means those who are not prepared to sit down and read the whole book will miss important points.
Barrett finishes the book - rather abruptly as it turns out - with a warning. The advent of wireless communications opens up a new range of security problems; and many companies with perfect physical security are letting themselves down electronically. It is a point worth making, because not enough firms seem to be aware of the danger at present.
del.icio.us
Digg this
reddit!
