Archive | Information Security

Investigating Internet Crimes

Written by experts on the frontlines, Investigating Internet Crimes provides seasoned and new investigators with the background and tools they need to investigate crime occurring in the online world. This invaluable guide provides step-by-step instructions for investigating Internet crimes, including locating, interpreting, understanding, collecting, and documenting online electronic evidence to benefit investigations.

investigating_internet_crimesThis year I served as technical editor for this excellent book by Todd Shipley and Art Bowker. Cybercrime is the fastest growing area of crime as more criminals seek to exploit the speed, convenience and anonymity that the Internet provides to commit a diverse range of criminal activities. Today’s online crime includes attacks against computer data and systems, identity theft, distribution of child pornography, penetration of online financial services, using social networks to commit crimes, and the deployment of viruses, botnets, and email scams such as phishing. Symantec’s 2012 Norton Cybercrime Report stated that the world spent an estimated $110 billion to combat cybercrime, an average of nearly $200 per victim.

Law enforcement agencies and corporate security officers around the world with the responsibility for enforcing, investigating and prosecuting cybercrime are overwhelmed, not only by the sheer number of crimes being committed but by a lack of adequate training material. This book provides that fundamental knowledge, including how to properly collect and document online evidence, trace IP addresses, and work undercover.

  • Provides step-by-step instructions on how to investigate crimes online
  • Covers how new software tools can assist in online investigations
  • Discusses how to track down, interpret, and understand online electronic evidence to benefit investigations
  • Details guidelines for collecting and documenting online evidence that can be presented in court

FUD is the Bastion of the Weak and the Shameless

Or, A FUD-Flapping Flack and her SCADA-Fear! Mongering

Were I less gracious, I would list the name and PR agency and customer. Sadly, I am gracious. I hate that I am gracious, especially since several people I know received this same papff from this flack. But seriously. This kind of stuff just has to stop. Next time? I swear, I’m naming names.

An open response to two recent emails from incompetent publicists:

On 10/02/2012 16:17, Marge wrote:

> Hi Nick,
> I see you are planning on attending RSA in San Francisco and I wanted to see
> if you have some time for a quick briefing during the show.

> The media have recently reported that hacker collective Anonymous posted
> what appears to be login details for Israeli SCADA industrial-control
> systems; including instructions on how to hack into nuclear power plants and
> water facilities.
> I wanted to give you the opportunity to meet with a [redacted] executive to
> discuss how critical infrastructures are utilizing SCADA software to control
> and automate machinery. [redacted] is uniquely suited to provide insights
> into how some of the largest oil & gas companies and nuclear facilities
> worldwide are protecting mission critical systems from cyber attacks.
> If you would like to speak with a [redacted] executive, please me know and I
> will be happy to set up a time.
> Best,
> Marge

> [redacted] PR Team


Hiya, Marge,

Let me get this straight: you state that a hacker collective posted what purported to be login details for Israeli SCADA systems and therefore I should learn about [redacted]?

Wayta attempt to capitalize on Anonymous, Marge!

Your measured, weasel-like wordsmithing indicates that you understand fully that no such incident actually occurred, and that you are intentionally misleading me, hoping that I read that, “media have recently reported” as proof that this happened.

Which means that you are trying to trick me into visiting your client.

Does your client understand the Fear, Uncertainty and Doubt you are spreading like so much fertilizer? Do they understand that you are baldly exploiting a totally false episode which did not result in the dissemination of any SCADA credentials, so that your client might sell SCADA security equipment?

What, there weren’t enough actual or possible recent SCADA hacking episodes to capture your imagination?

Marge. Bubaleh.

Shame on you.


So I sent that back to her, and the next morning I get a reply from her boss:


On 13/02/2012 10:52, Betty betty@flack.comwrote:

Hi Nick

It unfortunate that this made it’s way out the door on Friday. We appreciate your candor in pointing out our error.

We are pointing to the fact that this type of cyber terror is possible. It is never our mission to “fear monger” and we reported what was all over the internet in short order. We were not the original source for this story, and it is certainly our mission to make sure we fact check whenever possible, unfortunately, this went out before we had a chance to double check the new updates on this story.

We have noted this, corrected our records and removed your name from our database of bloggers.

Again, please accept our apologies for upsetting your Saturday morning.




Well, Betty, “it unfortunate” indeed. Your reply acts as if this was a mere fact-checking error, made in the heat of sending out a breaking story – STOP THE PRESSES! – if only you’d had TIME to tear through this with a red pen as you ordinarily do, why none of this would have happened!

The krypt3ia piece ran on 20 January. Marge’s balderdashtardly missive went out 10 Feburary.

Let’s look at Betty’s explanation once more, hey?

…and its certainly our mission to make sure we fact check whenever possible, unfortunately, this went out before we had a chance to double check the new updates on this story.

I’m glad she likes to check facts whenever possible. Even if she can’t keep her “its”es straight.

Marge, yours was the worst kind of fear-mongering. Where understanding actual attacks against SCADA systems is so important, you’re using that fictional example – in which lazy, non-fact-checking journalists re-spewed rubbish and were later humiliated for doing so – as the pretext to try and get me to meet with you?

Lady, I write a security blog and run a company that deals in response to actual security incidents. Our clients are serious people with serious issues to solve, and no time whatsoever for bullshit.

Did you hope I was some kind of uninformed, lazy, press-release-consuming, video-news-release running hack journalist who would just suck that crap down and spew it out on the other side?

Shame on you.

As a matter of fact, starting right now, I am going to do what I can to call you out for exactly what you are: the worst kind of uninformed, unctuous, disingenuous, FUD-spewing, fear-mongering, press-release-writing hack of a flack. You, Marge, are what gives security PR people a terrible name. You are what make customers afraid to listen to vendors, afraid that their consultants are lying to them, afraid that they must triple-check any statement made by someone outside their organization. This causes delays in responding to actual security incidents, which allows attackers more time to do damage, while the attacked spend cycle after cycle trying to understand from which side they’re being screwed worse, the attackers or the consultants and professionals there to help.

There are scores, if not hundreds, of public relations professionals in the world of security products who have the integrity to leverage the actual product to demonstrate how it can stand on its merits; who believe as I do:

FUD is the bastion of the weak and the shameless.

Shame on you.