Book: How to Follow the Clues at an Internet Crime Scene

19 Dec 05:30

It's a hotbed of fraud, spammers, and identity theft, but, undaunted, we spend more and more of our time (and money) on the Internet. Few of us consider the "threats" it proffers to be more than a nuisance, forgetting that there's real criminal intent behind them targeting some of the most vulnerable members of our society. We overlook the content in spam messages because we already know them to be scams. But, while we would never click on a link in an email to update our password and social security number for a bank account, many people do.

As Robert Jones points out in his book "Internet Forensics" (O'Reilly), we continue to get spam because there are people making money doing it. Conventional wisdom says that you can't track these people down because the Internet is so large and it's so easy to hide one's identity. But Jones says otherwise, and shows readers how to follow the clues the bad guys leave behind.

"Internet fraud is at an all time high and showing no signs of slowing down," says Jones. And the statistics on these threats are amazing. "MessageLabs, a company that provides email security services, reported that spam accounted for 73 of all email traffic in 2004 and that phishing scams, that try to con people our of their bank account information, increased from 250,000 in the first half of 2004 to 4,500,000 by the end of the year--an 18-fold increase!"

There are several factors behind this seemingly unstoppable growth: Internet scams don't cost much to set up, the potential audience is huge, and the chance of being caught is low. Even if a scammer is caught, the likelihood of being prosecuted is minimal. But the main motivation, as Jones repeatedly points out, is that people can and do make money with these schemes.

Out of curiosity, Jones began looking into various scams that arrived in his inbox. Being fairly adept at using Unix commands, he started to apply these to find out where certain web sites were located and was surprised at how much information could be uncovered using a few basic techniques. Anyone can do this, he says you don't need to work for the FBI or an ISP. "There was no single resource that described how to use these tools for forensics, but clearly a great deal of interest on the web about Internet fraud. So, I decided to organize these tools and techniques and present them to a wider audience in the form of the book."

"Internet Forensics" presents that tools that the community of Internet users and developers can use to tackle the problem. "Law enforcement is making progress, but the scale of the problem is too large for them," observes Jones. "If we, as a community, can make it harder for the bad guys to operate, they'll be forced to either give up or become much more sophisticated in their tactics."

Jones uses the analogy of a Neighborhood Watch: people in a neighborhood walk their dogs, chat with each other, and generally keep an eye out for anything that looks unusual. They're not organized in any way, but the simple fact that they're out there is a serious disincentive to dodgy characters looking to cause trouble. "The same thing can happen on the Internet with a bunch of regular people keeping an eye out for trouble. Collectively, we can make it more difficult for scammers to do business," says Jones. "I call it a Network Neighborhood Watch."

Over and above these noble goals, "Internet Forensics" is a whole lot of fun. "At every step you need to use your ingenuity to figure out how a scam is being set up and, especially, to look for patterns across multiple scams that act as signatures for the same individuals or groups responsible for the scams," says Jones. "People like solving puzzles like this. You get to play the armchair detective."

"Internet Forensics" is a practical and accessible guide to this fascinating field. Learn how the bad guys try to cover their tracks and the tricks we can use to see through their disguises. The book is packed with real-world examples explained in detail that show how much you can find out with ingenuity and a little work - and have fun doing it.

Related links: (Open in a new window.)
www.oreilly.com/catalog/internetforensics/index.html

Taken from Information Security Bulletin.