October 2009 Archives

Cyber Crime is a very lucrative and sophisticated business that, in true Internet fashion, spans the globe. It doesn't matter where a particular data breach occurs; its effects can be felt throughout the world.

The US-based supermarket chain, Hannaford Bros. Co., was recently hacked, compromising up to 4.2 million credit and debit cards, as revealed in a letter from Hannaford general counsel Emily Dickinson to Massachusetts Attorney General Martha Coakley and Gov. Deval Patrick's Office of Consumer Affairs and Business Regulation.

Even while Hannaford was being hacked, the company was found to be in compliance with security standards required by the Payment Card Industry, a coalition founded by credit card companies. Hannaford spokeswoman Carol Eleazer said the company didn't know how the malware got onto its 271 stores' servers.

If companies like Hannaford that are suffering from data breaches utilized a Network Forensic Appliance Tool (NFAT) on their networks, they would have the historical data as well as the means to analyze the problem. Configuring the NFAT to monitor and store all traffic coming from the critical ports (for example, the server ports connecting to the supermarket stores that routinely transfer the credit card information) can safeguard against these types of breaches. In identifying the weak link (the offending protocol, port, connection, or server) within the network, companies can not only act quickly to mitigate the problem, but also prevent similar attacks from happening in the future. An NFAT such as NetIntercept can get to the heart of the problem quickly and efficiently because it captures all traffic (no data is thrown away) and it captures the full packets, not just the packet headers (which could actually be hiding or spoofing the malware.)

Another troubling part of this story is the fact that this North American data breach was responsible for more than 1,800 cases of fraud with unauthorized charges coming from far away as Italy, Bulgaria, and Mexico. Credit card information was quickly and efficiently sold to recipients in several other countries. As critical as the Internet is to connect businesses to its customers, it also serves as a platform for worldwide, organized cyber crime.

Crackers have a very lucrative business; they are increasing in numbers and are getting sophisticated. Your security solution must also be sophisticated. Having a Network Forensic Analysis Tool (NFAT) such as NetIntercept allows you to combat and diagnose problems quickly and efficiently so that you can take control back of your network. Organizations that don't own an NFAT are much more likely to find out about security breaches through their customers, the government, or the press.

Security seems to be getting all the attention these days. How can it not, with recent headlines such as the data breach the University of Florida suffered that put 333,000 patient records at risk or the 33,000 Halifax Health patients that were notified that their personal information was at risk for identity fraud due to a system intrusion. The need to counteract and prevent such breaches with robust tools (such as NetIntercept) is a no-brainer.

But there are other uses for network monitoring and network forensics tools that have been gaining ground lately. One of those uses is for developers who want to see what their code is actually doing across the network by watching and viewing the traffic right down to the packet level. Another use for NetIntercept is in the operations area for the folks who need to manage and monitor their sometimes humungous networks.

I talked to one developer recently who was interested in using NetIntercept to increase his productivity of writing code for a computer gaming company. He wanted to monitor the UDP and TCP messages going back and forth between the client and the server, check to make sure his code was working properly and that the response he was getting is what he expected. He told me that the biggest value he saw in NetIntercept was that you can see the actual contents of the packets, not just the headers (as is the case for most tools in the market today.) Being able to view the traffic right down to the packet level gives you the actual data, including the contents of files. It also protects the data from being "spoofed" and will actually show you that it was spoofed in the first place!

One of our biggest customers is using NetIntercept to monitor their service level agreements. They are a large phone company that services many users while also employing outside services from many other sources. NetIntercept enables them to monitor all of these services that are interacting across their network and ultimately servicing their customers. It gives the operations folks peace of mind knowing they can quickly and accurately troubleshoot any problems on their network.

While NetIntercept is classified as a Network Forensics appliance, its usefulness to developers and network operations makes it just as valuable as it is to threatened security.

For most people, the word Hacker creates visions of an ingenious but immoral computer geek at the keyboard trying to steal your credit card information, identity, or bank account information. But the term "Hacker" was not originally intended to be associated with Internet crimes; rather, it was an endearing term to denote a subculture of like-minded people who cared about open-sourcing, sharing, and really understanding the ins and outs of the systems they worked on. The Hacker subculture is said to originate at MIT in the 1960's, but at the same time and all over the US these subcultures grew independently, such as at the University of California, Berkeley and Carnegie Melon University.  These groups of academics shared similar philosophies of a dislike of secrecy and standards, preferring freedom to "hack to learn" and open-sourcing.

RFC 1392 that contains the Internet Users' Glossary defines a hacker as "A person who delights in having an intimate understanding of the internal workings of a system, computers, and computer networks in particular."  The original academic Hackers of this nature tend to be focused around Unix and TCP/IP.

For a true Hacker, who loves and respects this technology, it is somewhat of an insult to be degraded in the media and through mass-hysteria in a negative light. While a true Hacker loves and respects technology and wants to use it to further the progression of the Internet and networking, the type of Hacker the media denotes is one that uses technology to "do harm" through theft (identity, monetary), viruses, and illegal network security break-ins. True Hackers call these low-lifes "Crackers" and it is the job of Network Forensic tools to crack down on those Crackers.

Crackers or Hackers, the term is a moot point for IT professionals who are tasked with protecting their company's network. While true Hackers are worthy to be hired on their merits of ingenious know-how into the inner workings of networks, Crackers, on the other hand, are suspect based on acts of infiltration, and worthy of investigation. What better tool for investigation but NI, Sandstorm's authoritative Network Forensics tool.

There is a comfort in knowing the engineers behind NI. If you stop to consider the people behind the technology, you may feel an extra sense of security that the architects behind NetIntercept are former MIT geeks who "get it." NetIntercept, the brain child of James Van Bokkelen, takes into account untold years of experience and networking knowledge.   With a high percentage of dollars going into R&D, the world gets a superior product - a comforting thought when you're in the hot seat because a Cracker got the better of you.