Home > Articles > Security > Network Security

High-Tech Crimes Revealed: An Interview with Stephen Branigan

Stephen Branigan, one of the founders of the New York City task force on cybercrime and author of High-Tech Crimes Revealed: Cyberwar Stories from the Digital Front, talks to Seth Fogie about hacker motivations and how to solve cyber crimes.
Like this article? We recommend

Seth: Who are your real-life influencers? Fictional influencers? (With regard to this book's subject, that is.)

Steven: Real life influencers:

  • Police: Sergeants J. Cheney and Richard "Fox" Foster taught me all the real-life lessons of patrolling the streets that the academy hadn't.

  • Network security: My friends Bill Cheswick, Matt Blaze, Steve Bellovin, Avi Rubin, and Hal Burch have helped shaped my views on how to conduct secure networking and secure computing.

  • Legal: Scott Charney and Martha Stansel-Gamm have each led the Computer Crime and Intellectual Property Section of the Department of Justice, and they always seem to know how to balance the competing forces of protecting the innocent and convicting the guilty.

Seth: If you can give us a name and brief summary, who was the most talented hacker you ever caught and what did he/she/they do?

Steven: I'm generally uncomfortable with giving the names of the hackers caught, as I would be hesitant to provide the names of anyone I arrested. It's better for the subjects, should they wish, to provide that information.

With that said, I believe that one of the best was the "hot-ice" character detailed in Chapter 2 of my book. Technically very competent, and able to maneuver across country boundaries very well. The character "Bob" from Chapter 6 was possibly the brightest hacker I ever met.

Seth: Do you attend any hacker conferences? What's your opinion about their focus and content? Have you ever been tagged in "Spot the Fed"?

Steven: Actually, I haven't been to a single hacker conference. I guess it's because I would expect to be handed a "Fed" T-shirt at the door as I walked in!

Seth: There's a lot of discussion in this book about the motivators of a hacker, and most of it is right on! I myself would fall into the curious category. :) However, IMHO, these are the same motivators that drive almost everything and everyone.... What motivated you to write this book?

Steven: Motivations for me? Here goes:

  • I think that computer crimes are very misunderstood. This book explains who does them, why they do them, and what the impacts can be.

  • Further, I know that as people become more aware of what computer crimes are, they will be able to make better decisions about how to protect their networks.

Seth: Throughout the book, chance seems to play a paramount role in finding and catching talented hackers. What's your experience with the reality of this unnerving concept? What chance do we have if we never see them coming?

Steven: An over-used clich applies here: It's better to be lucky than good. I believe that there's an element of luck in catching criminals. And that really is a frightening concept.

The good news is that criminals always take a chance when they commit a crime. We can use that in our favor. That's why I'm a big fan of improved logging and surveillance. Audit trails are an incredible resource for trying to catch a hacker after you discover the problem.

Seth: The book discusses how to handle a break-in and the significant damage that can be done by not following proper protocol. However, in many of your cases, you have prior evidence of hacker activity. What's the proper protocol for addressing a computer that may or may not be a hacker tool-for example, troubleshooting a malfunctioning computer and finding 3GB of warez and four rootkits causing the problem?

Steven: I would suggest that in a couple of the cases, it wasn't that there was initial evidence of hacker activity. For example, in Chapter 3, our friend Wesley's hacking was discovered because he hadn't paid his rent.

Let me say that it was the methodical investigations that ultimately led to us uncovering the hacker activities in Chapters 1 and 3.

My best advice is to walk that fine line between trust and suspicion when investigating computer malfunctions. Maybe it's nothing, or maybe it's the work of a hacker...

Seth: While it would be nice for everyone to get fair play with the FBI when a hack occurs, they're limited on time and resources, and not everything requires FBI-level attention. Based on your experience, what kind of support/interest can a SOHO user expect from the authorities (local police, FBI, state police, and so on)?

Steven: I agree that not everything needs FBI-level attention! That's a very important point. Law enforcement really, really wants to do the right thing. I have been very fortunate to have worked with many cops around the world who work hard to protect their citizens.

Many state and local police agencies are getting much better at handling computer crime issues. They're very interested in dealing with these issues, and the issues they deal with directly translate into the training they'll receive in the future!

My best advice, should you find yourself in a position where you need [law enforcement assistance], is to be sure to take the time to explain how the crime has affected you personally.

Seth: I grew up in a cop's family, and I know a little of how being a cop changes your perspective on life. I can see some of this perspective in your book, and it's a refreshing reading experience, especially since most other books are written by "hackers." What's your take on these other books?

Steven: I spent a lot of time reading publications such as 2600, phrack, and the like. To be honest, I have never really been sure what the justification is for hacking into telephone systems, cellular systems, banks, and so on.

Whether it's invasion of privacy, theft of services, or even fraud, computer crimes usually result in real victims. I think that is often missed with the anonymity that computers and the Internet provide.

Seth: This book addresses the options available to a company after a system compromise. What's your personal recommendation to companies facing that catch-22 situation where they learn their server is host to hacker activity, but they can't shut it down until the end of the day or even week?

Steven: Hmm... No matter which option you choose, at some point the other option will have seemed better! It's a tough call that needs to be made by the business leaders with expert consultation from their technical people, because either option is a business-impacting operation. Usually it depends on the severity of the suspected attack and the ability to investigate while continuing operations. Those are the most relevant factors.

Seth: One of the first pages in the book outlines your work experience based on your attire. I noticed that you served time as a cop (pun intended). How has this helped and hindered your computer security experience?

Steven: Served time indeed!

  • Helpful: Law enforcement encourages you to document your activities, and that's very helpful for computer security.

    It taught me to follow up on even the smallest of suspicious items. I remember very well the story from my academy days of a police officer who broke a large cocaine ring just by stopping a car with an expired inspection sticker. That one stop led to the discovery that the driver's license was revoked. That led to finding there was a warrant for his arrest. And that led to the subject giving up information...

    It taught me that even when you may think someone has done something wrong, always treat all people equally until you have proof.

  • Harmful: I get suspicious very easily, perhaps too easily.

Seth: On the subject of careers, what advice can you give to people who find computer security an attractive field? Is there a fast path to getting a job as a forensics specialist with a police department?

Steven: Free advice (and remember, money back if you are not delighted!):

I will limit this to legitimate jobs with the police, and exclude the attractive career of confidential informants.

Law enforcement is looking for reliable, trustworthy people with excellent technical skills. Look into a computer security or forensic problem and help solve it. Present your results at a conference. That will help to get you noticed.

Seth: On the same subject, you [wondered] why anyone would write a program like NetStumbler. Why do you think NetStumbler was written?

Steven: I have no idea why it was written and given away for free! While I imagine that curiosity and conquering the technical challenge inspired the initial writing, I'm not sure why the authors didn't release it as a commercial product.

Seth: What are your interests outside your industry?

Steven: Sports. In particular, soccer (which I play often), baseball, and football. I find that I'm always learning from playing or watching team sports.

Seth: Have you ever downloaded an "illegal" MP3?

Steven: I have tried napster/aimster and gnutella. I discovered that it was incredibly easy to find and download MP3s. They certainly proved a serious threat to the music industry. I downloaded "The Cars-Door to Door" (from a CD that I had already purchased). The quality of the download was not very good. The version I ripped from my CD was better.

Ultimately, it's important that artists have the chance to be rewarded for their work. That's why downloading copyrighted MP3s is wrong, and is a problem for the industry. And that's why I'm pleased to see that iTunes, Musicmatch, Wal-mart, Amazon.com, and others are now selling MP3 singles over the Internet. I think that most people want to do the right thing and pay for a song, and now they have the opportunity to do so. I think that this will be the most effective strategy to get the majority of the people to stop illegal copying of music.

Seth: The book discusses some of the difficulties authorities face as a result of boundaries. How is globalization changing this situation? Are things getting easier for the good guys when trying to track down and stop the bad guys? Or is globalization not affecting this arena?

Steven: Globalization and the Internet are inseparable. I am cautiously optimistic about the progress that has been made over the past few years with multinational organizations such as the G-8, North Atlantic Treaty Organization (N.A.T.O.), and the Organization of American States (OAS). They're working very hard at making transnational computer crime investigations easier for law enforcement.

Seth: Government and big business are repeated targets for the hackers in the book. Are they easier targets, and are they aware of the threats of a hacker attack? How are they dealing with it?

Steven: I don't think it's that they're easier targets. I think that both government and big business are attractive targets because they're perceived to have interesting information. They're also better able to detect attacks than home users are. Not many home users track the number of times hackers are attacking them. But I do! Just a quick look at my August 2004 stats reveals that this one system was attacked 154 times in one month!

The best I've seen are dealing with the threats by:

  • Improving awareness among their people

  • Improving the technology that they use to secure their networks

  • Re-architecting their infrastructure to limit the damage from a single hacker attack

Seth: What's your normal workday like? Do you spend a lot of time traveling?

Steven: There's no such thing as a normal workday for me! I'm devoting my efforts to growing CyanLine, my new company which is focused on "untethered" security.

Seth: What are some of your favorite security books?

Steven:

  • Firewalls and Internet Security: Repelling the Wily Hacker by William Cheswick, Steven M. Bellovin, and Aviel D. Rubin (Addison-Wesley, 2003, ISBN 020163466X)

  • Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage by Cliff Stoll (Pocket, 2000)

  • Masters of Deception: The Gang That Ruled Cyberspace by Michelle Slatalla and Joshua Quittner (Perennial, 1996)

Seth: Do you ever work with "Whitehat" hackers? What do you think of this practice (hacking with the intention of bringing security holes to light, without the intention to cause harm)?

Steven: I am a little uncomfortable with the term Whitehat hacker. I love the computer security research community that has proven their ability to discover weaknesses and bring them to light in a way that doesn't cause harm. They're successful because they're self-policing and they use peer review. Without these controls in place, it's hard to ensure that you're truly not causing harm

.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020