See your link here

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.

Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

Cybersleuthing solves the case

Deborah Radcliff Today’s Top Stories

or Other Security Stories

January 14, 2002 (Computerworld) -- Businesses with intellectual property and online customers to protect are increasingly calling on cyberforensics investigators to get to the bottom of cases of employee wrongdoing and electronic crimes. "People are calling us when they find malicious software installed on their servers, when they're leaking sensitive information, when they suspect employee harassment—even in cybersquatting cases," says Ed Skoudis, vice president of ethical hacking at Predictive Systems Inc., a technology services firm in New York.

Forensic techniques vary depending on the type of investigation. For example, some investigative firms, like Brandon Internet Services, simply track and trace over the Internet and sort through other publicly available electronic records. Large businesses use cyberinvestigators to set up alarms and traps to watch and catch intruders and criminals within their networks.

To show a cross-section of different types of cyberinvestigations and the tools used to conduct them, Computerworld profiles three ways that organizations have dealt with crime—and sometimes criminals—in their midst.

The Case of the Freaky Accounts

• How techniques of Internet and database investigations thwarted two prolific Russian "carders" (credit card thieves):

There were too many Hudsens and Stivensons opening accounts with PayPal Inc., an online payment processing company in Palo Alto, Calif. John Kothanek, PayPal's lead fraud investigator (and a former military intelligence officer), discovered 10 names opening batches of 40 or more accounts that were being used to buy high-value computer goods in auctions on eBay.com. So PayPal froze the funds used to pay for the eBay goods (all to be shipped to an address in Russia) and started an investigation.

Credit: Amanda Duffy

Then, one of PayPal's merchants reported that it had been redirected to a mock site called PayPaI. Kothanek's team set up sniffer software, which catches packet traffic, at the mock site. The software showed that operators of the mock site were using it to capture PayPal user log-ins and passwords. Investigators also used the sniffer to log the perpetrators' own IP address, which they then used to search against PayPal's database. It turned out that all of the accounts under scrutiny were opened by the same IP address.

Using two freeware network-discovery tools, TraceRoute (www.tracert.com) and Sam Spade (www.samspade.org), PayPal found a connection between the fake PayPal server address and the shipping address in Russia to which the accounts were trying to send goods. Meanwhile, calls were pouring in from credit card companies disputing the charges made from the suspect PayPal accounts. The perpetrators had racked up more than $100,000 in fraudulent charges using stolen credit cards—and PayPal was fully liable to repay them.

"Carders typically buy high-value goods like computers and jewelry so they can resell them," says Ken Miller, PayPal's fraud control director.

Continued...
1 | 2 | 3 | NEXT

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"Need help sorting through the hype of cloud computing? Here's some IDC research on the benefits, barriers -- and what..." Read more...

Read more Security posts or See all Blogs

	Update: AMD spins off manufacturing to cut costs, raise funds
	IBM launches Bluehouse, a Facebook for business
	iPhone grabs top smart phone spot
	More top stories...

	Microsoft's (un)secret weapon for winning the BI battle
	Microsoft scales out SQL Server 2008, wants to 'democratize BI'
	Oracle tries to step up on high-end databases

Health hazards for IT workers -- how that desk job wears your body down

Too much junk food, too little exercise and a 24/7 tether to technology? Your body ain't happy, friend. Let us count the pains.

NASA robot sends back evidence it's snowing on Mars

Instruments on the surface of Mars have detected falling snow that is likely evaporating before it reaches the planet.

Wall Street's collapse may be computer science's gain

One positive development stemming from the collapse of Wall Street may be a boost in interest in computer science and IT careers among students who were previously interested in financial services jobs.

Installing Linux apps: A few good tips

Getting new software installed on Linux doesn't have to be hard, but it can differ depending on what you're installing.

Windows Vista A to Z

Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.

IT Careers 2010

Four years from now, the IT field will be a vastly different place. Will you be ready?

All Zones
Application Performance Zone
Business Continuity Zone
The File Data Management Zone
Security Management Zone
The SAS Zone
Business Intelligence and Analytics Zone
Windows Protection Zone
The Enterprise Search Zone
Software as a Service Zone

See your link here

From Laggard to Leader: Transforming the Data Center

From Laggard to Leader: Transforming the Data Center
Register for this complimentary webcast today!

Go to the webcast

Computerworld Executive Bulletin: Building a Robust Antivirus Defense

Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs.
(Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more.

Download this executive briefing

Intercept Spam & Viruses

Download this whitepaper to learn how to outsmart spam & viruses, compliments of MessageLabs.
(Source: MessageLabs) Register for a complimentary 30 day trial of MessageLabs' new managed Anti-virus and Anti-spam security solutions. MessageLabs guarantees complete protection against all known and unknown email threats. By providing 24 hour support, your business can increase productivity and decrease risk.Register now for a complimentary trial and receive a free datasheet.

Download this white paper

White Papers

Read up on the latest ideas and technologies from companies that sell hardware, software and services.

	Putting the Right Model in Place to Better Balance IT Supply and Business Demand
	Six Project Metrics Every CIO Should Know for Application Delivery Success
	Project Portfolio Management - Boost the value of IT

View more whitepapers

Go Green with Webroot® Perimeter Security SaaS!

Webroot Perimeter Security SaaS is a powerful alternative to obsolete on-premise hardware based security solutions. SaaS allows businesses to obtain flexible protection through an expert security provider, solving the problems caused by software, hardware and appliance solutions. Benefits include easier manageability, better protection and guaranteed performance –all at a lower cost. Register for your free copy of the "Why Security SaaS Makes Sense" whitepaper and Go Green with Webroot!
Download this white paper now!

Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day.

New baits

"Turning information into a Competitive Advantage"

Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage.

View this webcast now! more

See more Webcasts more

John Brandon: Google Chrome = Dead, Google Search = Hot
I think the browser has become almost inconsequential, a bright blip that has faded faster than my summer tan. ... [more]

Sponsored Links

SonicWALL: Can you catch the phish and spam? Try to spot common email scams.

Save up to 65% plus 2 FREE Gifts from Omaha Steaks.

The Spirit of Innovation: 100 IT Leaders Speak Out

Defy the laws of reporting - introducing Crystal Reports(R) 2008. Discover it now.

Rackspace: The True Value of a Hosting Provider

Download Windows Server 2008 Hyper-V

Disk Backup and EMC: Addressing Today's Business Problems

HP Color LaserJet CP4005n printer. Now $899. SHOP NOW

Simplify your data center with Juniper Networks. View webcast.

How-to video: Smart steps to efficient power management

Thompson Cigars: Fine Hand Rolled Cigars only $19.95 and includes Free Shipping:

WHITEPAPER: IT Users Discuss New Ways to Protect Enterprise Data

Empower your business with adaptive networks. Visit the IDG Building the Adaptive Network site, sponsored by ProCurve Networking by HP.

Join Tech OnTap: NetApp's monthly technical newsletter.

Intercept Spam & Viruses With MessageLabs

Leverage Your Cisco infrastructure for Superior Application Performance

Learn about the AMD Virtual Experience

"The Definitive Guide to Security Management" Chapter 1: Introduction to Security Management

Ingres Introduces a Breakthrough Proposition in the World of Database Technology

Microsoft Virtualization. Register for the launch event near you.

Save up to 40% with Nortel data networks

When Content is King: Content Delivery Networks (CDNs) & You

Instant server virtualization. Free download!

The Future is Fusion. Only from AMD. See our video to learn more.

2008 Internet Malware Trends Report

Enhancing security through Quantum Cryptography - find out more

HP LaserJet P4014n printer Starting at $699 after $100 IS.

Beyond consolidation: five reasons why you should start virtualizing

Renowned Engineering Institution Chooses AMD Processor-Based Servers

Kodak i600: Easy on your operators and your bottom line. Learn more about the i600 now.

Web Hosting UK - Cheap Windows Linux PHP MySQL ASP MSSQL Hosting in UK

Tape vs. Disk...Which Costs More? Read "Disk and Tape TCO Square off Again"

Get Extreme Storage for Extreme Business with HP.

Not All QSAs Are Created Equal: What You Should Know Before You Buy

The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

The AMD Virtual Experience Virtual Trade Show

Migrating from ERwin®toPowerDesigner® by Sybase

Introducing: Project Icebreaker

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map

CIO

Computerworld

CSO

DEMO

GamePro

Games.net

IDG Connect

IDG World Expo

Infoworld

The Industry Standard

ITworld

JavaWorld

LinuxWorld

MacUser

Macworld

Network World

PC World

Playlist

Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.

	Finance
	Security
	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10