Instances of credit card fraud had been detected, on-going for a number of months, and suspected as resulting from a security breach occurring through the production network environment at one specific company specializing in electronic payment software used primarily in the retail and service sectors. However, it was determined after an in-depth analysis that the fraud had occurred through duplication of legitimate credit card numbers and then used to make purchases in-person, typically terms “card-present transactions.” The legitimate numbers were culled from data stored on the magnetic stripes located on the back of each credit card, a practice that had been eliminated by credit card issuers throughout the industry for reasons of security.
After identifying the source of the breach, the team in charge of the investigation purged the company’s data related to cardholder information. Second, several servers were taken offline and replaced with systems containing both auditing and logging sequences preventing future, unauthorized attempts at gaining access while also allowing for a means to identify when such activity occurs. Related hard drives, systems logs, firewall and routers were then sent to the lead investigative company’s labs for further analysis and preservation of evidence. Both proprietary and open source tools were used to identify latent traces of the breach’s timeline, also utilized to address whether other systems had been involved. After the various stages of the investigation had been completed, the lead investigators conducted a follow-up by providing the company with a list of recommendations to prevent future breaches, as follows: conducting intermittent vulnerability scanning either in-house or through a third-party expert; the addition of an internal IT security team with essential responsibilities managed through outsourcing to an IT security firm, and; establish procedures to eliminate credit card data when it is no longer essential.
The first step of the investigation involved identifying the breach which has been described in great detail throughout the first section. Second, after system vulnerabilities were identified the investigating firm contacted the Federal Bureau of Investigation (FBI) for assistance in assembling the evidence. Discussions ensued over specifics which were then preceded by the collection of data on-site. Interviews of employees were conducted in order to glean information related to the breach. Next, the likeliest points of access were identified and exposures were located in files that had not been installed by systems administrators, identified as keystroke loggers and a software application named HackerDefender.
Footprints from the hacker were then identified through a review of systems files and audit logs, and to determine how the breach occurred and the actions of the hacker once gaining access. It was then determined that the hacker had accessed the system a day prior to the start of the investigation. The breach was then closed (details of this are provided in the first section). Investigators then set a trap by utilizing a packet sniffer, which allowed investigators to monitor the activities of the hacker; loading the hacked servers to be loaded with dummy credit card data, and; installing Tripwire, software used to monitor file integrity and used as an alarm as soon as the hacker breached the system. Shortly after, the hacker was identified and relevant law-enforcement agencies were contacted for purposes of apprehension and, in this case, extradition.
It is also important to note that the entities involved in the investigation had different goals and objectives. The main responsibility of the private-sector company was to identify the extent of the breach and to address it. While the goals of law-enforcement, in this case primarily the FBI, was in addressing the criminal activity and evidence collection ultimately used when prosecuting the crime. While those involved in this specific case may seem to be at cross purposes, the information collected by the private-sector company would typically be used during the criminal investigation.
The two crimes committed in this case were criminal computer hacking, typically referred as “black hat” offenses, and credit card fraud. While the text author notes that a number of intruders gained access to the system after its initial breach he only mentions the apprehension of the original hacker. This individual was reportedly living somewhere in Eastern Europe and was a college-aged male. It would be difficult to characterize whether this person meets a certain criteria for committing this type of crime beyond the fact that he had the skills and technology in which to do so. To date there remains no typical profile of hackers which would describe the so-called “black hat” beyond the fact that many of the crimes perpetrated by such persons have the intent to steal data for purposes of financial gain (Chiesa, Ducci & Ciappi, 2009). Without any other information to even provide assumptions it could only be stated that a college-aged individual living somewhere in Eastern Europe would be evidence that hacking is prevalent throughout the world, which is certainly the case when considering that it is achieved using no more than a notebook and internet connection.
However, deferring to those with more expertise in the field of computer hacking, it is discovered that there has been a rise in female hackers which would tend to dilute information regarding any typical, gender-related aspects to such criminal activity (Chiesa, Ducci & Ciappi, 2009). Many hackers come from deprived upbringings, which may or may not be the case when considering this specific hacker is located in an Eastern European country experiencing a great degree of economic hardships. The dearth of information regarding the hacker in this specific example makes it impossible to make such characterizations. Had there been a great degree of information concerning this perpetrator then a range of forensic information most certainly could have been developed related, for example, the individual’s personality, psychology, social and financial life, education and training (Chiesa, Ducci & Ciappi, 2009).