ARC's 1st Law: As a "progressive" online discussion grows longer, the probability of a nefarious reference to Karl Rove approaches one

Thursday, December 14, 2006

Stealing the Network

The following is part of my "technology" expertise I guess. No politics involved. So for you people looking for Rovian conspiracies in how Tony Snow parts his hair, you won't find anything below. Go ahead and skip on down to Saint's excellent post on the Iraqi Surrender Group.

As some of you know, I'm a Network Security Analyst for a major computer services firm. As such, I read a lot of "security" books. I just finished a really good one, Stealing the Network: How to Own an Identity. It's part of a series of books, all with a rather unique perspective. Rather than detailing attack methods or tools, it takes real-life examples and applies them to a fictional storyline. Even if your not that technical, you can follow along and see how the nature of computer security works. If you think computer hacking is guessing peoples passwords by using their birthday, their dogs names, etc., this book would show you how wrong you are.

I bring all this up because in this latest edition is a section at the end that outlines the real issues with computer crime. And specifically with making the "big score". And getting away with it.

Specifically, the author outlines a scenario that was presented to a friend of his. As a security auditor his friend discovered a flaw in a rather important computer. This computer was responsible for transferring a large amount of money between itself and other banks via the EFTS (Electronic Funds Transfer system). Around 4 billion dollars.

As you can imagine, if that sort of amount of money went missing, it would draw a lot of attention. The thought experiment he outlines is how one would get away with the theft of such an amount of money. You'd have to leave the country, you'd have to leave your friends and family, you would never be able to trust anyone, and in the end, you'd probably never even be able to spend it, since any lavish lifestyle is likely to draw attention to yourself and result in incarceration. You'd have to be able to change identities many times, you'd have to arrange for drop accounts in various banks around the world. And you'd have a hard time spending any of it.

In any case, I recommend the book, even for "non-techies", although it does have a hefty price tag for a work of fiction.

Two other books I can recommend are from famed hacker Kevin Mitnick. The Art of Intrusion, and The Art of Deception, detail the skill that Kevin was famous for. Social Engineering.

Your Co-Conspirator,
ARC: Brian