Cybersleuthing solves the case

Computerworld - Businesses with intellectual property and online customers to protect are increasingly calling on cyberforensics investigators to get to the bottom of cases of employee wrongdoing and electronic crimes. "People are calling us when they find malicious software installed on their servers, when they're leaking sensitive information, when they suspect employee harassment—even in cybersquatting cases," says Ed Skoudis, vice president of ethical hacking at Predictive Systems Inc., a technology services firm in New York.

Forensic techniques vary depending on the type of investigation. For example, some investigative firms, like Brandon Internet Services, simply track and trace over the Internet and sort through other publicly available electronic records. Large businesses use cyberinvestigators to set up alarms and traps to watch and catch intruders and criminals within their networks.

To show a cross-section of different types of cyberinvestigations and the tools used to conduct them, Computerworld profiles three ways that organizations have dealt with crime—and sometimes criminals—in their midst.

The Case of the Freaky Accounts

• How techniques of Internet and database investigations thwarted two prolific Russian "carders" (credit card thieves):

There were too many Hudsens and Stivensons opening accounts with PayPal Inc., an online payment processing company in Palo Alto, Calif. John Kothanek, PayPal's lead fraud investigator (and a former military intelligence officer), discovered 10 names opening batches of 40 or more accounts that were being used to buy high-value computer goods in auctions on eBay.com. So PayPal froze the funds used to pay for the eBay goods (all to be shipped to an address in Russia) and started an investigation.

Credit: Amanda Duffy

Using two freeware network-discovery tools, TraceRoute (www.tracert.com) and Sam Spade (www.samspade.org), PayPal found a connection between the fake PayPal server address and the shipping address in Russia to which the accounts were trying to send goods. Meanwhile, calls were pouring in from credit card companies disputing the charges made from the suspect PayPal accounts. The perpetrators had racked up more than $100,000 in fraudulent charges using stolen credit cards—and PayPal was fully liable to repay them.