Gov't Cyber-sleuths Focusing on Linux, iPod, Xbox
By Paul F. Roberts
January 12, 2006   
http://www.eweek.com/article2/0,1759,1910371,00.asp

Cyber-security and computer experts from the government and law enforcement
are increasingly concerned with malicious code that runs on Linux and Apple
Computer Inc.'s Mac OS X operating systems and threats posed by devices such
as iPods and Xboxes.

Intensive courses on the Mac OS X and Linux operating systems, as well as
iPods, were just a few of the offerings at a recent cyber-security
conference sponsored by the U.S. Department of Defense. Network
administrators and cyber-investigators say they are increasingly being
called on to investigate compromises of non-Windows operating systems and to
analyze portable devices such as iPods, according to interviews with
attendees by eWEEK.

The annual Cyber Crime Conference draws top cyber-security talent from the
U.S. military, federal agencies, and federal, state and local law
enforcement to hone their skills and learn about emerging cyber-security
threats.

Two, two-day courses at this year's conference taught attendees techniques
for forensic analysis of Mac OS X and the open-source Linux operating
system.

PointerAn eBay hacker is indicted. Click here to read more.

John Sawyer, an IT security engineer who works for the University of
Florida, took the OS X course and said it was very useful. His employer
recently purchased a Mac for the IT department so that staff could become
familiar with the platform, Sawyer said.

IT staffers at the university are increasingly finding malicious software,
such as remote control "bot" programs running on Mac OS X, though most have
had much experience analyzing the operating system for security breaches,
said Jordan Wiens, a network security engineer also at University of
Florida.

Federal, state and local law enforcement are taking a harder look at
platforms such as Mac OS X and Linux because those platforms are being used
more widely, said Tyler Cohen, an instructor with the DOD's DCITP
(Department Computer Investigations Training Program).

Innocuous devices such as the iPod Shuffle, a small, portable version of the
massively popular MP3 player from Apple, are also an underappreciated
threat, said Cohen, who led a session called "Hacking with iPods and
Forensic Analysis" at the conference.

eWEEK.com Special Report: Cyber-Crime

In that class, Cohen showed attendees how Shuffles and other iPods could be
outfitted with a bootable distribution of the Linux operating system and
stripped-down version of the Metasploit Framework hacking tool and then used
to break in to protected computers.

The MP3 players can be connected directly to computers and then used to copy
and store gigabytes' worth of files and other sensitive documents from those
systems, Cohen told eWEEK.

IPods, as well as USB storage devices, can be connected and removed without
leaving a record of their actions or a footprint on the machine. That poses
a challenge for computer forensic investigators who are looking into the
theft of data or trying to find the origin of an attack, Cohen said.

Microsoft's Xbox gaming devices pose a similar problem to investigators,
said Sig Murphy an investigator in the DOD's Computer Forensic Laboratory.

Murphy has been called on to analyze four Xboxes in the last year for
investigations in DCFL's Major Crimes and Safety division, and the devices
are turning up in more and more investigations, Murphy told eWEEK.

PointerFor advice on how to secure your network and applications, as well as
the latest security news, visit Ziff Davis Internet's Security IT Hub.

Some of the Xbox cases involved solicitation of a minor, in which pedophiles
used Microsoft's online gaming and chat features to meet and try to befriend
minors.

Unmodified Xboxes can be difficult to obtain information from because they
have locked hard drives that require a unique password to read. Unlocking
those drives has gotten easier, due to a thriving Xbox "modding"
underground. Once unlocked, unmodified or "stock" Xboxes keep few records or
logs of online activities, making forensic analysis of the devices
challenging, Murphy said.

Modified Xboxes can be outfitted with Linux or other operating systems and
used for anything a traditional laptop or desktop computer can, including
launching attacks or storing child pornography, Murphy said.

While gaming platforms are often overlooked by police, agents at the DOD and
FBI are being told to seize Xboxes as part of their information gathering,
Murphy said.

However, state and local law enforcement may not be aware that the devices
could store information useful to a criminal investigation, he said.

Murphy and others said that they believe alternative computing platforms
will come to play a bigger role in cyber-crimes and criminal investigations
in the years to come. Devices such as the PlayStation Portable, which has a
large hard drive and wireless capability, will become more common and more
capable of carrying out or being targeted in online attacks, Murphy said.

Governments, as well as enterprises, worried about losing sensitive data
need to institute tough policies that bar devices such as iPods from their
networks. However, technology to enforce those policies, often referred to
as endpoint security tools, is still not widely used, she acknowledged. 



You are a subscribed member of the infowarrior list. Visit 
www.infowarrior.org for list information or to unsubscribe. This message 
may be redistributed freely in its entirety. Any and all copyrights 
appearing in list messages are maintained by their respective owners.

Reply via email to