Computer Weekly "CW 360º", © 2001 ComputerWeekly.com Ltd

Forensics 'dust' for cyberprints

Security: David Brown reports on advances in forensic science that can catch hackers by their behaviour

Tuesday, April 17 2001 - Experts in forensic computing believe that businesses can help to identify the "signature" techniques of hackers, by monitoring how they behave inside networks, and which tools they use, increasing the chances of prosecution. Some IT managers are also considering sharing the information with other companies, so that security systems can be adapted to defend against specific individuals.

Martin Baldock, forensic technology director at KPMG Forensic Accounting, said: "We have been approached by a lot of clients who are interested in finding out more about the signature identification and about sharing information. "The initial reaction of many companies experiencing a security breach is to immediately fix the problem and get systems back in action. In doing so companies may be destroying valuable evidence, making it impossible to recover assets or pursue legal action."

At present, 83% of companies do not pursue legal action after discovering a breach, with almost three-quarters admitting that their greatest concern was the risk of damaging their reputations. According to Baldock, the main security problem faced by companies was trying to integrate their legacy systems with outward-facing Web systems, while maintaining security levels. To resolve this, IT departments are increasingly turning to data warehousing to ensure that data can be controlled and changes can be traced.

Concern about the level of hacking has been highlighted in a new KPMG survey that shows businesses in the UK are victims of the highest level of e-commerce security fraud in Europe. Security breaches have been discovered in 14% of companies over the past year. Security architecture expert DK Matai, managing director of mi2g software, said the problem with identifying hackers' "fingerprints" is that they can always change the programs and tools they are running and the order in which they are used. "A real hacker usually uses several different manual methods to hack into a system. Hackers seldom blindly use the same procedure," he said.

Renowned worldwide for the ATCA Briefings. Subscribe now.
Home - Profile - Values - People - Careers - Partners - Contact Us
D2 Banking - Bespoke Security Architecture - Digital Risk Management - Tools

Intelligence Briefings - Brochures - Case Studies -
SIPS Methodology FAQ (pdf)
Keynote Speeches - Articles - News Feeds - Glossary (pdf)
Terms and Conditions - Privacy Policy