(This video chapter begins at 16:26 and ends at 18:19. Click on the blue dot at the 16:26 timestamp to play the video for this module.)

Defense Against Hackers

“The best defense is a good offense”. Rather than reacting to attacks once they’ve occurred, a wise strategy is to prepare proactive measures, so that if the time comes, you can completely bypass the attack, or lessen the blow of it.

Our focus quote for this module:

“Cyber-attacks are not what makes the cool war ‘cool.’ As a strategic matter, they do not differ fundamentally from older tools of espionage and sabotage.” – Noah Feldman

Cryptography

Cryptography is basically defined as a secret method of writing. This is done so that only authorized parties are able to interpret the message.

It is used in various industries, such as banking and health, to protect the privacy and security of companies and customers’/patients’ information.

Examples of encryption methods include:

• International Data Encryption Method (IDEA)
• Advanced Encryption Standard (AES)
• Data Encryption Standard (DES)

Digital Forensics

By many, computer systems have become a tool for committing various crimes. Because of this, law enforcement officials have decided to use this very tool to counteract the criminals’ use of computers to commit online and offline crimes. In essence, they have decided to “Fight fire with fire”.

In digital forensics, law enforcement collects and analyzes the data in such a way that it can be used in court against the perpetrator.

Examples of cases where digital forensics was used:

• BTK Killer: Dennis Rader was convicted of a string of serial killings that occurred over a period of sixteen years. Towards the end of this period, Rader sent letters to the police on a floppy disk. Metadata within the documents implicated an author named “Dennis” at “Christ Lutheran Church”; this evidence helped lead to Rader’s arrest.
• Joseph E. Duncan III: A spreadsheet recovered from Duncan’s computer contained evidence that showed him planning his crimes. Prosecutors used this to show premeditation and secure the death penalty.
• Sharon Lopatka: Hundreds of emails on Lopatka’s computer led investigators to her killer, Robert Glass.

Source: https://en.wikipedia.org/wiki/Computer_forensics

Intrusion Detection

Intrusion detection is a vital asset to a computer system. Intrusion detection systems (IDSs) inform the administrator or a security information and event management system of unauthorized programs or people on the network. There are a variety of IDSs to choose from.

When looking to invest in an IDS, there are several questions to ask yourself.

• What does our business need in an IDS?
• Will our network support the IDS system?
• Can we afford an IDS?
• What do we do if something goes wrong with the IDS?
• As our business grows, we can still use this IDS?

Some manufacturers of IDSs include:

• Dakota Alert, Inc.
• Juniper Networks
• Linear, LLC
• PureTech Systems, Inc.
• Telguard

Legal Recourse

The majority of computer hacking crimes are punishable under the Computer Fraud and Abuse Act (18 U.S.C. §1030). There may be additional penalties under state law.

Under this act, there are penalties for committing the following offenses involving computer:

• Obtaining National Security Information
• Accessing a Computer and Obtaining Information
• Trespassing in a Government Computer
• Accessing a Computer to Defraud & Obtain Value
• Intentionally Damaging by Knowing Transmission
• Recklessly Damaging by Intentional Access
• Negligently Causing Damage & Loss by Intentional Access
• Trafficking in Passwords
• Extortion Involving Computers

Penalties may include monetary and/or prison sentences. For example, an individual who is found guilty of a first offense of illegally obtaining national security information can serve up to 10 years in prison.

Practical Illustration

Frank and Joel are talking about the importance of doing their best to prevent hackers from getting to their system, and if by chance, they are able to break in, what can be done to bring them to justice. Frank says since their bank holds a lot of private information of their customers, they need to consider some type of encryption method so only their employees can interpret data. Joel says an intrusion detection system would also be a good idea so they can be notified of suspicious activity before it causes too much damage. They both agree researching how digital forensics works and legal recourse that can be taken against cyber criminals will be worth their while.