Cyber Forensics
Technology is a beautiful thing. It helps people accomplish everyday tasks with ease, it tells me when I need to wake up, and it can even purchase items that show up at your door a couple of days later. Technology is always evolving, it appears a new technological breakthrough happens often whether it be an electric car or a cryptocurrency such as bitcoin that can produce mass hysteria throughout the world. With all these advanced technologies, theft is becoming more and more common. If you look at what is currently going on with Facebook, your information is sometimes just one click away from a predator of some sort. So, we need Cyber Forensic specialists to help us track down these online bandits and help keep our information safe and hold those who we trust with our information accountable.
So, what is Cyber Forensics? Cyber forensics, or Computer forensics is defined as the practice of collecting, analyzing and reporting on digital data in a way that is legally admissible (Forensic Control). It can be used in detection and prevention of crime and in any dispute where evidence is stored digitally. With great power comes great responsibilities which is something computer scientists hear quite often. But with the knowledge of cyber forensics we have to use them for good and avoid doing things that may bring harm on other individuals. There are many uses of cyber forensics. These uses include: Fraud investigations, misuse of internet activities in the workplace, bankruptcy investigations, and agencies are even able to track persons of interest using their cell signals (Forensic Control).
Misuse of internet activities and tracking somebodies cell phone don’t necessarily take a great deal of skill to accomplish, however, fraud investigations and bankruptcy investigations require a certain type of skill that can be found in forensic accountants. Forensic accountants are one of many people brought into a cyber forensic situation. They are responsible for essentially finding money. Where did the money go? Where did the money come from? They follow four steps in any investigation: First they seize the computer or cellphone of interest, after they have gained control of the device they then image the machine and all the data that it contains, then they will analyze the evidence without altering any of said evidence and then finally they will report their findings to whoever had hired them in the first place (Dulin, Ward, and DeWald).
The most important thing in any type of computer investigation is to not tamper or meddle with the device. For a forensic accountant, or any type of cyber forensic detective for that matter, to accurately do his/her job, the person of interest must be the last person to use the device. This entails handling the device as little as possible prior to investigating it. If the computer is turned off, leave it off, if it is on, leave it on. Do not touch the device if able. Once the forensic specialist has access to the computer they will analyze the physical layer of the computer to determine whether or not they have infected hardware of any type. After they determine it is safe to proceed with the investigation, they will proceed to investigate the files on the computer. Some people may delete the files from their device but that will not matter to trained computer forensic investigators because they are able to recover deleted files, access password-protected or encrypted files and even rebuild a cleared search history. Any of those files may include a “smoking gun” that the investigator can use against the suspected culprit (Dulin, Ward, and DeWald). A big part of investigating a device is making sure that you write down every little step you make throughout the entire process just in case you run into any issues, you know where to backtrack and fix the issue you might run into. It also helps to document your steps because it is very easy for a defendant to claim a mishandling which would often discredit any cyber investigation (Dulin, Ward, and DeWald). The “play-by-play” helps avoid a mishandling mishap.
Fraud is defined as wrongful or criminal deception intended to result in financial or personal gain (Dictionary.com). Cyber fraud is most commonly found when hackers gain access to people’s information to use for their own personal gain. In 1988 a man with an online alias as Dark Dante, Kevin Poulson, hacked into a federal computer network and gained access to top secret files which obviously drew the attention of the FBI (Mental Floss). Once Kevin realized he was on the FBI’s radar he started going underground but unfortunately for Kevin, he did not go offline. While he was underground he and a couple of his buddies had hacked into Los Angeles area radio stations phone lines and claimed to be the winners of certain radio winnings. After all was said and done, Kevin had won himself a couple of porches, trips to Hawaii and over $20,000 in cash (Mental Floss). Kevin’s case was picked up by Unsolved Mysteries and when viewers were given the option to call a toll-free number to report any tips on the case, Kevin shut down the phone lines which once again drew the attention to the FBI. Kevin was finally caught by a supermarket employee who noticed him from the show. Kevin spent five years in federal prison and was released and not permitted to touch a computer for three years. Poulson didn’t end up being a total villain, he did use his skills for good later in his life. He was responsible for finding over seven hundred sex offenders who were using MySpace to find underage victims (Mental Floss). He is also a writer for Wired Magazine, writing mainly about computer security.
Albert Gonzalez, known as CumbaJohnny is another famous hacker who was the mastermind behind shadowcrew.com which was a black-market website used by hackers to sell peoples credit card numbers, passports, social security numbers, and any other type of digital data you could think of. Gonzalez was arrested in 2003 for credit card fraud (Mental Floss). He was on his way to prison but the FBI had a different idea for Gonzalez. The FBI approached him and asked him to help track down some of the hackers that used the black-market website. With his help the FBI was able to capture 28 hackers all across the world for selling somewhere around 1.7 million credit card numbers (Mental Floss). Because he helped the FBI, Gonzalez was immune to any charges against him and instead of going to prison, he was offered a job with the Secret Service where he taught them about cyber security and continued to catch hackers for the government.
What the Secret Service and FBI did not expect is that once Gonzalez left the office for the day he joined forces with a hacker friend named Maksym Yastremski in Europe and continued moonlighting as a criminal in the evening hours (Mental Floss). Together along with a few other hackers, they were able get credit card numbers from the parking lots of major retail stores such as Target and TJMaxx using a powerful antenna that would find breachable wireless network signals. Once they breached the networks, they would install things called packet sniffers which is software that sit on servers undetected and grabs data, in this case, thousands of valid credit card numbers and then sends the information online to Maksym, who was living life in Turkey at the time. While that was going on, a couple of hackers also hacked into Heartland Payment Systems which is one of the largest credit card payment processing companies in the world. Between the two activities, Gonzalez was making bank and not shying away from spending the big bucks. This once again drew the attention of the FBI, but because Gonzalez had taught the government a lot of what they knew about cyber security, Gonzalez was easily able to cover up his activity in the operations. Gonzalez was caught by the FBI when Ukranian authorities seized Maksym’s laptop and found records of instant message conversations containing acquisitions of stolen credit cards send to Gonzalez. Gonzalez and his band of hackers were then sentenced to twenty years in prison once he pleaded guilty to his charges. Gonzalez will be imprisoned until 2030 (Mental Floss).
Jeanson James Ancheta was a high school dropout, however, he was not just your average dropout. Ancheta was able to create an army of PC’s as he established a botnet. Botnets are a large network of computers that have been infected with the same virus, making your computer a type of zombie computer because you don’t know that your computer is infected (Mental Floss). Ancheta discovered an online software that allowed him to forge such an army of computers that would continuously send him information such as credit card numbers. The fascinating thing about his achievement was that it wasn’t just the common folk he preyed upon, he had access to some of the U.S. Navy and Department of Defense computers. Ancheta made his money by renting his computer to hackers or spammers who would then gain their own information from the computers. Ancheta enjoyed his luxurious life until becoming the first person to be indicted in the FBI’s operation created to track down botnet hoarders. He was sentenced to 57 months in prison, was forced to give up all of the cash he accrued through his spree, paying a $15,000 fee for infecting a federally owned computer, and yes, the government took his BMW as well (Mental Floss).
When people have reached a point of debt that they deem unrepayable they will file for bankruptcy which gives the debtor a fresh start financially by relieving some or all of the debt that the debtor has. So how do banks determine whether or not to give the person filing for bankruptcy a fresh start? They hire forensic accountants to look through files and assets of the individual to determine whether or not they are actually incapable of coming back from the debt they have accumulated (FREQUENT QUESTIONS ABOUT PERSONAL BANKRUPTCY) It becomes fraud when the investigators determine that the people filing for bankruptcy aren’t actually bankrupt which often occurs when they fail to inform the bank of any assets that they may have that would be worth any money. The bank would view these assets as sellable and thus a place where money to pay off the debt could be found (FREQUENT QUESTIONS ABOUT PERSONAL BANKRUPTCY).
Tracking locations on cell phones can also fall under cyber forensics, government agencies use a variety of techniques to locate cell phones. One of the more common ways to track a phone is through the Wi-Fi signal that the phone generates on the network it is currently connected to (The Washington Post). It doesn’t take high tech government agencies to see who is on a network, all you need to know is the devices IP address and the networks address and you can locate a device down to a block radius.
Another technique to use to determine a location of a cell phone would be to track the GPS receivers built into the phones. Agencies are able to track the phones using the GPS satellites, this technique is also extremely accurate. Agencies are able to locate devices within a 100-meter radius or in some cases, even less than that (The Washington Post).
You could also track a device by triangulating its location from different cell towers. This technique is used mostly with emergency services (The Washington Post). The way this works is each tower within range of the device measures the distance from the tower that the phone is. For instance, a phone signal is 42 meters from tower A, 112 meters from tower B, 300 meters from Tower C, and 24 meters from tower D. This information normally would tell you nothing more than the fact that the device is closer to tower D than any of the other devices. But when a device is triangulated, it forms a type of three-dimensional chart which pinpoints to the exact position of the device.
As you can tell, Cyber Forensics is quite a broad topic. The topic leaks into the accounting realm of the world because of the link between hacking and finances, thus forensic accountants are a huge part of the modern day forensic teams. There are physical ways that people use forensic techniqueo see Forensics to lean heavily on their cyber experts as the technology industry expands as time goes on.
Questions:
1. What was Jeanson James Ancheta able to create that allowed him to develop an army of computers?
a. Botnet
2. What Cell phone tracking technique is most widely used in emergency services?
a. Triangulating from different cell towers
3. Which layer of the OSI model do Cyber Forensic Investigators begin their investigation with?
a. Physical
Works Cited