In police work, sometimes the longest journeys end with the shortest trips. That's what happened to Brian Koref, who spent months at the Air Force Office of Special Investigations (OSI) tracking down a pair of Swedish hackers who invaded U.S. Air Force, U.S. Army, NASA and other military systems, helping themselves to password files and other sensitive data in the process.
Koref was scheduled to fly to Stockholm tomorrow, to testify against Charlie Malm and Joel Soederberg, both 24. But the trip was canceled when the two pleaded guilty to five counts of unauthorized intrusion into U.S. military systems.
Their trial for invasion of servers at WIRE Ltd., the British company through which they launched their U.S. attack, started last week, according to Matthew Richard, former director of WIRE.
The charges relating to the U.S. intrusions make up "a great case with a lot of robust evidence," said Koref, who's now in the Air Force Reserve. He works full time at business Internet service provider Conxion Corp. in Santa Clara, Calif.
The plea bargain was the culmination of months of electronic gumshoe work in which Koref backtracked the attackers through multiple servers within defense networks and beyond. He brought in the Swedish National Police and even participated in a raid and the interrogation of the suspects.
Analysts say detective skills like Koref's, which are often gained in military-security posts and law enforcement, are beginning to filter out to private-sector information technology operations, pulled by fears engendered by high-profile hacks like last month's incident at Wallingford, Conn.-based CD Universe.com, which found some of its customers' credit-card numbers posted on the Web. And last week, Yahoo Inc., Cable News Network, eBay Inc., Buy.com Inc. and ZD Inc.'s ZDNet were all hit with what appeared to be coordinated denial-of-service attacks from parties as yet unknown.
Koref now uses his detective skills to find out how and where attackers strike Conxion clients like Microsoft Corp., a prime target of crackers.
Other private-sector organizations are using the same techniques for liability purposes to identify the source of illegal software or pornography posted secretly on their sites.
A lot of the skills needed for tracking attackers grow out of military computer crime units, which have learned a lot since the early '90s, when the Kevin Mitnicks of the world tromped freely through their systems. In the past four years, each branch of the military has built computer crime labs that provide the technical support and analysis for computer-based investigations.
"We're seeing a 50% increase in these
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
