Computer Forensics: Computer Crime Scene Investigation (With CD-ROM) (Networking Series)

The principal actors in any cyberterrorist attack on a corporation, and the levels on which the attack may be made have already been discussed. This part of the chapter deals with surviving offensive ruinous information warfare by looking at the mechanics of attack and defense.

The United States General Accounting Office (GAO) has produced a report on information security and computer attacks at the Department of Defense. It identifies the following means of attack:

• Installation of a malicious code in an electronic mail message sent over a network machine—as the sendmail program scans the message for its address, you will execute the attacker’s code. Sendmail operates at the systems root level and, therefore, has all privileges to alter passwords or grant access privileges to an attacker.

• Password cracking and theft is much easier with powerful computer-searching programs that can match numbers or alphanumeric passwords to a program in a limited amount of time. The success depends on the power of the attacking computer.

• Packet Sniffing: An attacker inserts a software program at a remote network or host computer that monitors information packets sent through the system and reconstructs the first 125 keystrokes in the connection. The first 125 keystrokes would normally include a password and any log-on and user identification. This could enable the attacker to obtain the password of a legitimate user and gain access to the system.

• Attackers who have gained access to a system can damage it from within, steal information, and deny service to authorized users.

• Trojan Horses: An independent program that when called by an authorized user performs a useful function but also performs unauthorized functions, which may usurp the user’s privileges.

• Logic Bomb: An unauthorized code that creates havoc when a particular event occurs (for example, the dismissal of an employee).

It is becoming increasingly impossible for “low knowledge” attackers to use relatively cheap, “high-sophistication” attack tools to gain access to what was, historically, a relatively impregnable system. The addition to this ready availability of high-technology attack tools of an increasingly networked global economy, and the integration of corporations within that networked global economy, expedientially increases the risk of attack and the ability of any attacker to cause damage.

Surviving a Misbehaving Enemy

Article 99 of the Uniform Code of Military Justice defines misbehavior in the face of the enemy as any person who, before or in the presence of the enemy:

1. Runs away

2. Shamefully abandons, surrenders, or delivers up any command, unit, place, or military property that it is his or her duty to defend

3. Through disobedience, neglect, or intentional misconduct endangers the safety of any such command, unit, place, or military property

4. Casts away his arms or ammunition

5. Is guilty of cowardly conduct

6. Quits his place of duty to plunder or pillage

7. Causes false alarms in any command, unit, or place under control of the armed forces

8. Willfully fails to do his utmost to encounter, engage, capture, or destroy any enemy troops, combatants, vessels, aircraft, or other thing, which it is his or her duty to encounter, engage, capture, or destroy

9. Does not affect all practical relief and assistance to any troops, combatants, vessels, or aircraft of the armed forces belonging to the United States or their allies when engaged in battle

10. Shall be punished by death or such punishment, as a court-martial shall direct

Now, you’re wondering what this has to do with network security, information warfare, or yourself—because you are not at war. Let me assure you that it does apply to network security, information warfare, and to you—and you most certainly are at war.

Every day, someone from a subculture other than your own is waging a battle against you and your systems. As network professionals, you are the propagators of your own doom. You are guilty of misbehavior in front of the enemy by not admitting your own fallibility, by not passing critical information to your own team, and from your sheer arrogance in thinking that you can’t be bested by some punk kid.

Remember; misbehavior in the face of the enemy. True, it is not life or death and hacked systems aren’t really your enemy, but the concept is the same. In neglecting to raise the alarm and warn the others, you are guilty of this cowardly act. Open communication is your enemy’s greatest advantage and your greatest weakness.