High-Tech Crimes Revealed

Cyberwar Stories from the Digital Front

Steven Branigan

ISBN: 0-321-21873-6

Addison-Wesley, Copyright 2005

I found this book just after Christmas (Dec 2005) and grabbed it hoping for a decent read about computer crimes and sociology, backed by real world experience and first hand tales from the 'digital front'. Instead, I got the worst collection of naive and inexperienced crap I have read in a long time. After paying money for this book, I feel as if I have fallen victim to a lame phishing scam. It is important to note that this book is copyright 2005, and says the first printing was in August 2004. It puts the entire book into perspective and quickly makes you question the author's credentials. In fact, if this book wasn't written in the mid to late 90's, shelved for almost ten years, and eventually printed, then Branigan should never claim any affiliation with the computer security industry/community.

Chapter 1 starts out covering "An Attack on the Telephone Network" by giving us the oldest, most sanitized and high level story you can imagine. The information presented, the wording and the terminology suggests the incident happened in 1995. Hoping for a slow start and a sharp curve for subsequent chapters, I keep reading. Chapter 2 covers "An Attack on an ISP" with another story from the author, supposedly based on 'first hand' experience in the case. Following the attacker between machines and trying to use this story as a way to teach us about high tech crimes is weak. The story makes it sound as if Branigan is completely new to the net and related technology. The writing is that of a rookie journalist given his first story not about a pig manure farm. The story is dumbed down and sanitized beyond belief, passing for sample crimes used in computer security classes ten years ago.

Chapter 3 brings on a new story called "If He Had Just Paid the Rent". After the first two chapters, I was completely discouraged and this chapter didn't help one bit. Yet another story from around 1995, and one that I think is more fiction than fact. According to Branigan, in 1996 police officers couldn't tell the difference between a TV and a computer monitor, and actually thought they were "evidence of a crime". If they didn't know that a Sun monitor was, how would they know the computers were "potentially evidence of a crime"? Why were a couple networked computers "out of place" to the cops in this story? In fact, how would these cops even know that two computers with wires between them was or was not suspect? At the beginning of the story, the computers were described as "state of the art sun SPARC stations". By the end of the story (five years later), Branigan tries to tell us that "none of the agents remembered how to operate such an ancient computer". The holes in his story are as numerous as his reference to Sendmail being the favorite attack of hackers. If you think I am exaggerating this, you can read the entire chapter online for yourself.

Chapter 4 continues the misery with "Inside a Hacker Sting Operation..." The best quote of this chapter is when he mentions NetStumbler and adds a footnote: "NetStumbler is freeware. Why people write these things, nobody knows..." Nobody?! Branigan has supposedly been around for ten years, professes to have a clue about hackers and how they operate, consults for law enforcement, and says something so ridiculous? The core of this chapter revolves around the story of the Celco51 BBS, set up by federal agents to monitor cellular hacking at the time. Yes, another story from 1995 that is heavily sanitized and written from someone that doesn't appear to have been involved in the operation. Branigan specifically says "[Susan] did not want to put the government in a potentially embarrassing position of knowingly facilitating the transmission of hacking tools" and "Fortunately, none of the hackers noticed that the tools were broken before the sting operation ended." Branigan either wasn't involved, is covering for some of the activity that really occurred, or not competent enough to factually say this. Celco51 offered working hacking tools and working ESN/MIN pairs.

Chapter 5 covers the hot topic of "Identity Theft", and is the first chapter that didn't make my stomach turn. A high level look at identity theft, some basic statistics on crime related to it, general observations and solutions for the end user.

Chapter 6 moves to the sociology of hackers, "Let's Ask the Hackers..." Most of the chapter revolves around Branigan's chat with a hacker he calls 'Bob' and seems to have the utmost respect for (technically). Bob used his own session hijacking software ("a very difficult piece of software to write correctly)", and "had some of the earliest working copies of a buffer overflow attack that I had encountered". This immediately calls the entire story into question since we've all seen a working overflow (ab)used in the Morris Worm (1988). Between 1988 and 1996, dozens more overflows had been discovered, exploit code written and eventually distributed. For Branigan's hacker in this story to have some of the earliest working copies of overflow code, the events would have taken place well before 1995, or Branigan wasn't reading anything from the security community at the time.

Chapter 7 promised to be disgusting given Branigan's previous comments showing disbelief that someone would actually write a program like NetStumbler. "Why Do Hackers Hack?" quickly starts out claiming "We do not know much about what makes a hacker do what he does." The only good sign in this chapter is the author finally moves out of the 90's, and references a few cases of computer crime in the early 00's. Chapter 8 is titled "Setting the Stage" and tries to give us a concise history of computing and how it lead up to where we are now. The chapter is essentially worthless when it comes to explaining high-tech crimes. This is the type of material that many authors have given up on explaining, expecting their readers to know it or read it elsewhere.

Chapter 9 ("High-Tech Crime"), 10 ("What Not to Do"), 11 ("How to Run a High-Tech Case") and 12 ("What We Have Learned") stay off the path started in Chapter 8. While each section is related to High-Tech crimes, they give no information to help "reveal" how it is carried out, or what is involved. It appears as if Branigan ran out of stories from the mid 90's and couldn't make up any new ones to hold our interest. The timeline on page 380 that lists some major computer crime incidents doesn't go past 2002, further proving this book was outdated years before it was published.

Overall, this book does a horrible job 'revealing' high-tech crimes. The stories don't come from the 'digital front', rather they come from fifth generation retellings originally based on a news article summing up a five year case. Branigan's grasp of who hackers are and why they do what they do is non-existent. Everything he writes suggests he was involved in computer security and/or law enforcement for a very brief time, and brought in as a consultant because of an old boy's network, not his technical expertise. His stories are devoid of any detail, even when they are clearly ten years old. Despite that, he still withholds details that would lend credibility and meaning, even when those same details have already been published in extensive detail. If you want a book that really goes into details and 'revealing' high-tech crime, check out _The Art of Intrusion_ by Mitnick & Simon.

- security curmudgeon

Other amusing quotes:

"The main set of backdoor programs for UNIX systems are collectively known as rootkit, and those for Windows-based systems are BackOrifice and Netbus." - page 118
"Not ceasing to amaze me, Bob had some of the earlier working copies of a buffer overflow attack that I had encountered. This type of method had been discussed for a while, but many people thought that it was too complicated to be functional." - page 175 (relating his conversation/investigation into a hacker he calls 'Bob')
"Why people write keygen software is not fully known, but it appears that the same things that motivate virus writers drive them." - page 215
"We cannot yet predict who will hack and how they will do it, but we can use the position of a potential hacker relative to his or her target to determine the most likely intent of any attack." - page 223
"This problem has improved over time, and sendmail is less insecure every day. (One day, sendmail might even become reasonably secure.)" - page 243
"The basic problem is a matter of trust, as sendmail believes the user will accurately reveal his identity in the message. The receiever of an email message has no way of ensuring that the sender is authentic, so we cannot and should not rely on the truthfulness of the sender of an email message." - page 243
"I was working with a financial institution on a network security project recently. Having reviewed their network security, I was very impressed, because they clearly took it very seriously. [..] During the discussion, one of the network security technicians was lamenting the issues involved in cleaning up from the Melissa Virus. I was surprised; having no idea how the virus could have gotten into their network unless the virus writer was on staff, I had to ask. It turns out that the network got infected, because onf of their employees had decided to use a non-standard email service that was against corporate policy." (Melissa appeared in March, 1999, yet Branigan says he 'recently' worked on a project where this came up?) - page 250
"Firewalls are not capable of looking at the contents of email messages and thus cannot screen out email viruses. A pity! Therefore, the most effective method today for screening email messages for viruses is at the email gateway, the point where email enters and leaves a company. A virus scanner is simply a pattern-matching program, looking for signs of a virus in the contents of each mail message." - page 253
"If you estimate that a criminal breaks into 100 computers on average, then there might be 54,000 hackers out there. Of course, let's hope that the actual number is much less than that! (Of course, we would need to not count a virus attack as a break-in for this number to be at all meaningful....)" - page 264
"Computer hacking is a direct attack on a specific computer or group of computers. For these attacks, the script-kiddie is the most common hacker. A "script-kiddie" is a hacker with very little skill that uses commonly-available hacking tools to disrupt publicly-available computers and networks. The script-kiddie will attempt to hack as many computer systems as possible -- without caring who the owner of the system is. For example, common script-kiddie tools such as probe and nmap quickly search for vulnerable computers on a network in a target area. Using these tools to search for vulnerable systems is similar to taking a water hose and randomly spraying -- whatever you hit gets wet, whatever you miss stays dry, and a ton of people notice." - page 273

main page ATTRITION feedback