Computer Weekly "CW 360º", © 2001 ComputerWeekly.com Ltd
Forensics 'dust' for cyberprints
Security: David Brown reports on advances in forensic science that can catch hackers by their behaviour
Tuesday, April 17 2001 - Experts in forensic computing believe that
businesses can help to identify the "signature" techniques of hackers, by
monitoring how they behave inside networks, and which tools they use, increasing
the chances of prosecution. Some IT managers are also considering sharing
the information with other companies, so that security systems can be adapted
to defend against specific individuals.
Martin Baldock, forensic technology director at KPMG Forensic Accounting, said: "We have been approached by a lot of clients who are interested in finding out more about the signature identification and about sharing information. "The initial reaction of many companies experiencing a security breach is to immediately fix the problem and get systems back in action. In doing so companies may be destroying valuable evidence, making it impossible to recover assets or pursue legal action."
At present, 83% of companies do not pursue legal action after discovering a breach, with almost three-quarters admitting that their greatest concern was the risk of damaging their reputations. According to Baldock, the main security problem faced by companies was trying to integrate their legacy systems with outward-facing Web systems, while maintaining security levels. To resolve this, IT departments are increasingly turning to data warehousing to ensure that data can be controlled and changes can be traced.
Concern about the level of hacking has been highlighted in a new KPMG survey
that shows businesses in the UK are victims of the highest level of e-commerce
security fraud in Europe. Security breaches have been discovered in 14% of
companies over the past year. Security architecture expert DK Matai, managing
director of mi2g software, said the problem with identifying hackers'
"fingerprints" is that they can always change the programs and tools they
are running and the order in which they are used. "A
real hacker usually uses several different manual methods to hack into a system.
Hackers seldom blindly use the same procedure," he