Cybercrime, Case Study Example

What problem was identified?

Several major credit card issuers and credit card associations became aware of increasing cases of fraud.  These cases of fraud were seen over a three to four month period.  By using ways of observing patterns and various types of fraud, common points were discovered.  Company A was identified as the source of fraud (Sartin, 2004).

Steps taken to solve the problem

Discovery was the first step taken to solve the problem.  An extensive discovery process was performed by the forensics team prior to visiting the site of the company.  The forensics team, because of its extensive preparation, was ready to start working on the problem immediately without delay once it arrived at the company’s site (Sartin, 2004).

Determining what data was compromised or stolen was the next step in solving Company A’s security problem (Sartin, 2004).  After analyzing the fraud patterns, the forensics team discovered that the fraud occurred because of duplicated credit cards.  These credit cards were used in “card-present transactions.”  In other words, account numbers were reproduced on duplicate cards, and used to illegally purchase goods and services (Sartin, 2004).  The criminal perpetrated this crime in person.

Investigators needed to determine the “lay of the land” in order to understand where on Company A’s network the information that was duplicated was located.  The forensics team had to study diagrams of the company’s computer network to determine where it was most vulnerable to attacks from a hacker (Sartin, 2004).  The forensics team discovered that Company A was not secure enough to prevent an outside attack.

FBI assistance was the next step in solving Company A’s problem.  The private party forensics team knew that the FBI had to be called in in order to assume law enforcement activities because a crime had been committed (Sartin, 2004).  It is appropriate for private firms to contact law enforcement so that evidence can be properly recovered from the scene.

Tracing the hacker’s footprints was the next process in solving company A’s problem.  The forensics team and the FBI worked together and looked at audit logs and files in order to find the hacker’s attack signature and footprint (Sartin, 2004).  They were looking for evidence that could provide them with the information that they needed to determine how the hacker was able to breach the company’s computer network, and what the hacker did once he or she had access to the network (Sartin, 2004).

Live prey is the name of the next step in solving company A’s problem (Sartin, 2004).  Tracing the steps of the hacker involved looking at time stamps and dates when the hacker penetrated the computer network.  The breach obviously needed to be repaired.  Therefore, the forensics team had to “sew up the breaches.”  Then the forensics team had to “set the trap” for the hacker (Sartin, 2004). Finally, the hacker was “hooked” when he walked into the trap

Various stages as the investigation progressed and strategies employed

As the investigation progressed, the first concern was in catching the perpetrator (Sartin, 2004).  Other concerns will be discussed in the following section of this paper.  During the setting the trap stage, the forensics team used Ether Peek in order to monitor traffic in and out of servers (Sartin, 2004).  The main purpose of this was to monitor the hacker and any data that he or she was sending.  This program is known as a “packet sniffer” because it sniffs out data.  In addition to this function, the packet sniffer is able to obtain firsthand evidence of any attempts to remove files (Sartin, 2004).

The forensics team, in order to fool the hacker, loaded the files on the servers with dummy credit card information (Sartin, 2004).  This would make the hacker think that he or she had not been noticed.  The forensics team then used Tripwire, software that is configured to set off a security alarm if the integrity of the files is breached (Sartin, 2004).  This would indicate to the forensics team the time that the intrusion occurred, and would help catch the hacker in the act.

Identifying and catching the criminal

Identifying and catching the criminal was not the only purpose of the investigation, Company A’s computer network had to be secured in order to prevent future attacks (Sartin, 2004).  Additionally, Visa and MasterCard sets forth very specific guidelines for protecting cardholder information, and levies heavy fines on companies that do not meet these guidelines.  The forensics team had to educate Company A about the rules set out by MasterCard and Visa so that the company could work toward compliance, and prevent a major financial loss in the form of large fines (Sartin, 2004).

Type of cybercrime involved in this article

The type of cybercrime committed in this article was “card present transactions.”  This is where credit card information is duplicated on unauthorized credit cards, and the criminal physically uses the fake credit cards to purchase goods illegally (Sartin, 2004).

Characteristics of the offender

The identified offender fits the characteristics of this type of cybercrime because he is a college aged male.  Most perpetrators of the sort of crime, mentioned in this article, fall into this category, and are called “cyber-punks.” (Bednarz, 2004).

Works Cited

Bednarz, A. (2004, November 29). Profiling cybercriminals: A promising but immature science. Retrieved from Network World: http://www.networkworld.com/supp/2004/cybercrime/112904profile.html

Sartin, B. (2004, September). Tracking the Cybercrime Trail. Security Management, 95-100.