Computer Forensics: Computer Crime Scene Investigation (With CD-ROM) (Networking Series)

Attacks on information technology are unsettling and easy to carry out. The means are relatively inexpensive, easy to smuggle, virtually untraceable, and completely deniable. This, coupled with the fact that the civilian networks, which are most attractive to terrorists, are also the most vulnerable, makes infowar the perfect weapon in the terrorist arsenal of the future.

Currently, the security solutions lag far behind the potential threat. This situation is likely to continue until the threat becomes reality, forcing a reassessment of preventive measures. The basic concepts and principles that must be understood and can help realistically guide the process of moving forward in dealing with the surveillance tools for the information warfare of the future are as follows.

Conclusions Drawn from the Surveillance Tools for Information Warfare of the Future

• Fortunately, the U.S. military senior leadership is becoming involved in IW, and, in many cases, taking the lead on this perplexing issue. With this emphasis, they must carefully assess the vulnerabilities of the systems they employ.

• Systems proposals must be thoroughly evaluated and prioritized by highest value payoff. This needs to be accomplished through a more balanced investment strategy by the U.S. military that conquers our institutional prejudices that favor killer systems weapons.

• Offensive systems will be at risk if the U.S. military does not apply sufficient defensive considerations in this process.

• The electromagnetic spectrum will be their ‘Achilles heel’ if the U.S. military does not pay sufficient attention to protecting their use of the spectrum and, at the same time, recognize that they must take away the enemy’s ability to see themselves and to control his or her forces.

• Interdict opportunities exist for adversaries to intrude on U.S. military systems.

• Other nations have realized the value of offensive applications of the information warfare arsenal of the future; therefore, the U.S. military must attack. The issue from two directions, offensively and defensively, with almost equal accentuation.

• The information warfare arsenal of the future adds a fourth dimension of warfare to those of air, land, and sea. When the Soviets developed a nuclear program after World War II, the United States was caught by surprise. In this new dimension, the U.S. military must stay ahead.

• As with so many other design issues, taking the user’s experience into account suggests how to proceed with implementing cookies.

• If the data contains examples of only a single class, extra work may be involved as some popular types of data-mining methods may not be appropriate.

• Although automated understanding of natural language is not available, an increasing number of techniques can be used for exploiting text data.

• An important feature of bandwidth/packet management technology is its stealthy wireless internet security features that render complete invisibility and protection for end users from network hackers and other wireless users sharing the same access points.

An Agenda for Action in Preparation of Surveillance Tools for Information Warfare of the Future

It must be pointed out that although such IW preparation measures can provide a minimum level of protection against tampering, there is no such thing as 100% security. What is more, the solutions are sure to lag behind the potential threat until the threat becomes reality. At present the cost of protection is higher than the cost of attack, and until an attack on a major system actually happens, organizations are unlikely to take security measures as seriously as they could, or should.

The United States government needs to set an agenda for action that goes beyond the work already done in preparation for defending against the surveillance tools for information warfare of the future. Action steps should include, but not be limited to the following 11 areas:

1. Use electromagnetic devices. As a punitive weapon, electromagnetic devices are attractive for dealing with belligerent governments. Substantial economic, military, and political damage may be inflicted with a modest commitment of resources by their users, and without politically damaging loss of life.

2. Use cookies wisely and visitors will appreciate their value. Use them gratuitously and visitors will resent the intrusion. It’s up you to help keep cookies from being the most unpalatable junk food on the Web.

3. Short of getting rid of the ability to link to Web images from Word documents, there really is no solution to being able to track Word documents using Web bugs. Because this linking ability is a useful feature, the Privacy Foundation does not recommend its removal.

4. The Privacy Foundation does believe that the Web browser cookies should be disabled inside of Word documents. There appears to be very little need for cookies outside of a Web browser. In general, the Foundation believes that cookies should be disabled by default any time Internet Explorer is reused inside of other applications such as Word, Excel, or Outlook. Hopefully Microsoft will make this change in the next release of Internet Explorer.

5. Users concerned about being tracked can use a program such as ZoneAlarm (http://www.zonelabs.com) to warn about Web bugs in Word documents. ZoneAlarm monitors all software and warns if an unauthorized program is attempting to access the Internet. ZoneAlarm is designed to catch Trojan Horses and Spyware. However, because Word typically does not access the Internet, ZoneAlarms can also be used to catch “bugged” Word documents.

6. The data to be mined should have a direct connection to the goal task, and the new information should be directly applicable to the task situation.

7. Collect appropriate data. Think first about what kind of information is needed and how it will be used.

8. If the data already exist, understand their strengths and limitations as they relate to the task specification and the available data-mining techniques.

9. If necessary, consider alternative data sources.

10. It may be possible to augment the existing data with additional data.

11. If no additional data can be obtained, and the existing data is inadequate for the original task specification, consider altering the objectives.