funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wired: Pentagon Searches for 'Digital DNA' to Identify Hackers

From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>
Date: Wed, 27 Jan 2010 10:32:39 -0800
Date sent:              Tue, 26 Jan 2010 16:15:42 -0500
From:                   Larry Seltzer <larry () larryseltzer com>


If you're experienced enough to recognize them, are you also able to
mimic them, perhaps throwing off an investigation?


Yes, of course.  "There's never a horse that couldn't be rode: there's never a rider 
that couldn't be throwed."  Thing is, there are all kinds of identifiers, and, at the 
very least, starting to learn this stuff (seriously, and not just playing around) 
means you weed out the low level script kiddies, and thus clear the way for proper 
investigation of those (relative) few who know what they are doing.  And even the 
top level people are not going to know all the different ways they are betraying 
themselves.

I'm not an expert on computer forensics (data recovery).  But I do know enough 
to be able to come into a court case and seriously muddy the waters, faced off 
against at least 95% of practicing computer forensics experts.  But those few who 
have concentrated on research would be able to make mincemeat out of me, and, 
were I stupid enough to try something illegal with a computer, would definitely be 
able to find traces of it.

People leave signatures in attacks.  People leave signatures in the text they write.  
People leave signatures in the code they write *and* the executables ultimately 
produced.  Lots and lots of signatures.  I wrote a book on it, and didn't even 
scratch the surface.  "Digital DNA" may be a stupid term to describe it, but there 
are both physiological and behavioral biometrics, and, even when you know them, 
the behavioral biometrics turn out to be remarkably hard to change.  And there are 
lots of behavioral biometrics you don't know about, believe me.

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
Without censorship, things can get terribly confused in the
public mind.                  -  General William Westmoreland, 1960s
victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/NoticeBored http://twitter.com/rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: