Computerworld - Late one night, a lone, armed figure breaks into an unmanned lobby. A voice overhead tells him to stop and await his arrest. Seeing no one, the spy darts toward the elevator. Thirty miles away, a security guard fires an encrypted command over the Internet. A second later, the lobby explodes in a spray of bullets. There's a war brewing in cyberspace. Make that a Netwar, so dubbed in Countering the New Terrorism, a book published last year by The RAND Corp., a Santa Monica, Calif.-based nonprofit research group formed during World War II.
It'll be a long time before remote-controlled robots fight battles to keep intruders out of office buildings (though unconfirmed reports circulated among security newsgroups in September did claim that a company in Thailand has invented a gun-toting robot directed through a remote-controlled camera).
But many players, including the government, RAND and Winn Schwartau, a security analyst in Seminole, Fla., say this information war is already upon us. And in his Internet survival book, Cybershock, Schwartau claims that some private corporations are already launching military-style counterattacks to protect their interests.
 | | | Know Your Culprit Criminal suits are tough to prosecute, so your evidence must be legally bullet-proof, both factually and procedurally, says Ira Winkler, president of Internet Security Advisors Group, who has assisted law enforcement during computer crime investigations. It's much better to gather your own evidence for a civil suit, he adds, because then it's much easier to prosecute. Whether using commercial tools or other techniques to trap and track an attacker, the important thing is to provide evidence that couldn't have been tampered with. Winkler suggests the following: 1. When you detect an attack, dump all logs to read-only tape so you can prove that the data hasn't been tampered with. 2. Use a line analyzer that records the attacker's session keystrokes in a read-only format to provide evidence of what the attacker was trying to do inside your network. 3. Don't threaten the attacker; instead, alert the police. You don't want to escalate a hacking war. 4. Don't hack back. "If you do anything that can be perceived as intrusion or denial-of-service and you contact the police, you've just made it really easy for the police to arrest you," says Winkler. If you do report the crime to the police, be prepared to show law enforcement that the cost of the crime meets the investigative threshold, which varies, depending on the law enforcement agency involved, says Richard Power, an editor at the Computer Security Institute. "It's got to look like you lost some money," he says. |
| |||
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
