Book Review: High-Tech Crimes Revealed
By Alex Moskalyuk, Contributing Editor
Tuesday, 2 November 2004 08:30 EST
The title "High-Tech Crimes Revealed" might sound a little too catchy and perhaps attract the wrong crowd, hoping to find the recipes for success in the online crime world. But a former cop and currently a high-tech forensics researcher Steven Branigan actually managed to write a pretty interesting detective with elements of autobiography and computer security insight.
Authors: Steven Branigan
Publisher: Addison Wesley Professional
Available for download sample chapter 3 - "If He Had Just Paid the Rent."
About the author
Steven Branigan, formerly a senior manager at Bell Labs, spent six years in Bellcore developing, deploying, and managing software releases and four years at Bell Labs addressing network security issues. Internationally recognized as an expert in computer security, Branigan has testified before Congress, qualified as an expert witness for the government, and has been asked to speak to many varied audiences on network security issues. He was a founding member of the NYC Electronic Crimes Task Force. He is co-founder and VP of Engineering for Lumeta based in Somerset, NJ.
"Steve Branigan was there. He has worked more with law enforcement than anyone else I know (who isn't actually working for law enforcement.) He has entered houses of hackers a few moments after the door was knocked down. He has studied evidence, given advice, and offered testimony. He has had long technical discussions with hackers. He, and a lot of people like him, has helped bring the high-tech good guys up to speed. This book is a report from the front lines of Internet security. In fact, this is a report from behind the enemy lines", writes Bill Cheswick from Lumeta Corporation in foreword to "High-Tech Crimes Revealed".
The book actually reads like that - a report from the sheriff's office telling the reader how the high-tech crimes are solved, how the criminals are traced, why certain crimes take years to solve and why other ones don't get solved at all. The author provides a unique perspective on solving the crimes committed by corporate employees as part of the investigations launched by corporations. While Branigan has a very cool job, he is down-to-earth in most of his investigations and his book has practical piece of advice for many engaged in forensics and computer security. He provides advice on researching the illegal activity within corporation, tracking changes on suspect's computer and cutting off unneeded attention from the corporate management, that seems to be thrilled as a 3-year-old about solving an actual crime and frequently interfering with quiet investigation.
He also explains the maxim that there are no crimes that are too small. Sometimes a thing as trivial as a rent payment missed might lead to the discovery of a whole chain of events. Sometimes the criminals escape never to be seen, but then a speeding ticket allows the police to re-initiate the case. Besides talking about actual crimes, Branigan discussed the impact of certain schemes. He doesn't philosophize, instead he concentrates on telling the reader who seemingly innocuous data collection can lead to a crime.
We all heard about identity theft, bank fraud, utility subscription fraud, phone phreaking, etc. but what do they entail? Why do Nigerian 419 scammers always want my check image and a scan of my passport? Why does a single ten-digit number can open many doors to a criminal if he knows the coveted Social Security Number for an individual? Branigan's goal is not to scare the reader away and bring up demands for psychiatrists around the United States. Rather, he discusses the matter from a practical standpoint, telling about the potential repercussions and ways to avoid certain traps.
I wish there was more book space dedicated to uprising fraud like phishing, Paypal frauds and other schemes employed by criminals to either transfer the money from stolen credit card through intermediaries or arrange a goods exchange via duped Internet users, who later find out they've been re-sending the goods bought with stolen credit cards and shipped to their addresses. But hey, this is autobiographical book written for personal experience, not an encyclopedia of fraud.
Overall, the book is an interesting read. If you enjoy the sample chapter, you will probably enjoy the entire book. It's a good read when you are tired of technical literature but still want something educational and interesting to read.
Microsoft launches new SSL VPN solution
02.02.07 Microsoft has announced the availability of Intelligent Application Gateway 2007, the company’s new security access solution that combines virtual private networking technology acquired from Whale Communication and Web application firewall.
MIMEDefang 2.59 for UNIX released
02.02.07 Roaring Penguin Software has announced the availability of MIMEDefang 2,59, the latest version of the company’s framework for filtering emails.
Ping of death comes to Solaris
31.01.07 Sun Microsystems has issued a security update intended for computers running Sun Solaris 10 operating system.
Software security vulnerabilities to grow
30.01.07 Security research company, Internet Security Systems, anticipates a continued rise in profit-motivated attacks, including an increased focus on the Web browser and image-based spam.
Webroot announces Vista-compatible Spy Sweeper
30.01.07 Webroot software announced the availability of Vista-compatible Spy Sweeper, the newest version of the company’s popular Internet security solution.
Rixler announces Office Multi Password Cracker
29.01.07 Rixler Software today announced the availability of Office Multi-document Password Cracker, the company’s new solution to remove passwords from multiple Office documents.
ScriptLogic announces Security Explorer 6.0
29.01.07 ScriptLogic today announced the availability of Security Explorer 6, the latest version of the company’s real-time manager of access controls and security on Windows file servers and workstations.