Are the “good guys” and the “bad guys” really that different?

16 02 2012

Thinking about what to write today, my question to myself was “What do I know the least about?”  Looking at the course topics, it’s digital forensics.  Sure, we all know that it exists – watch any major crime show (Abby and McGee in NCIS?), but it’s not a topic in the textbook?  Digital forensics, in my short experience is a black box nobody really wants to talk about, think about, or do.  It appears to be a healthy field with I started looking into it, but maybe silence and “invisibility” is the most effective defense?

History of the Industry

Evidently the practice of digital forensics began in the mid-1980s (0) when  PCs were just becoming more popular, therefore crimes involving computers were also becoming more common.  The problem was, there weren’t folks trained in computer forensics in the law enforcement field.  That’s like pitting a high school football team against NFL players and expecting a good result. (1)

There is currently a case in the news, where a Colorado woman has been ordered to decrypt her hard drive for the prosecution (in order to incriminate her).  Part of me hopes this case goes to the Supreme Court where I hope they’ll rule in favor of the 5th Amendment.  At the same time, why can’t the prosecution find someone to decrypt the hard drive?  Is the encryption that good?  Are the investigators that incompetent? (2) (3)

History of Hacking

Hacking began in the 1960s at the very advent of computers – mainframes – at MIT.  Early hacking was evidently more about practical jokes than malicious intent. (4)  I found a thorough, interesting article online, so no sense repeating it all in this site:  http://www.neatorama.com/2006/08/28/a-short-history-of-hacking/.

Are they really any different?

I’m not sure they are. At the end of the day, hackers and investigators have access to the same tools, knowledge and targets.  This is where I would like to know more, so if anybody out there in the class has more knowledge about this than I do – please throw it out there!

Why are the “good guys” so far behind!?

Opponents are always trying to get inside each others “OODA loop” (Observe Orient Decide, and Act).  The idea is to act before the other guys does.  Create a more effective bomb before the opponent creates a more effective armor.  Create a more effective lock before the opponent comes up with a way to break it.  Plug up the back doors in your operating system before the opponent finds them and breaks in.  However, the “good guys” have two disadvantages that I see. 

First, the good guys are by and large less experienced and more restricted on time.  Hacking started in the 60s, digital forensics started in the 80s.  That’s an extra 20 years of “institutional” (funny word to use with reference to hackers) knowledge.  Furthermore, a fourteen year old kid has the time, mental focus, and mental agility to create new methods (which obviously can be used by the bad guys, too) (5) while adults are too busy trying to keep heads above water between work, taking care of a family, paying the bills,feeding the kids, trying to get masters degrees in MSIT, and whatever else it is adults get caught up in.  And who, by and large, is doing the attacking?  While I couldn’t find firm numbers online, I’m willing to bet that the average age for those in digital forensics as a good bit older than the age of those devoted to hacking. 

Second, the bad guys don’t have the follow any rules while the good guys do.  Looking at any kind of theft, digital or otherwise, I believe that if they really want it, they’re going to get it.  No lock is unbreakable and no encryption is foolproof. If you’re looking to steal something, there are no rules.  No one says you have to go through the front door.  No one says you have to break the encryption.  However, just like in our foreign theaters, the good guys must follow rules of engagement.  The good guys can’t shoot innocent civilians, so the bad guys can get away with more by dressing like innocent civilians, or women, or sending children in to do their dirty work.  The good guys can’t search without a warrant.  The good guys have to worry about things like chain of custody and preserving evidence. (6)  The good guys are automatically constantly on the defensive, waiting for the bad guys to attack.  Being constantly on the defensive means the good guys are constantly one step behind.  Tactically, that’s a good way to die ( or fail at catching the bad guy, or get hacked). 

However, I would argue that it’s not necessarily a bad thing.  As a citizen, I don’t want an aggressive hacking police force getting in my Wheaties.  I realize my credit card information might get stolen, but my freedom is as important as my credit line.  I don’t want to live in a police state (any more than I do already, anyway).

By the way, don’t bank with Bank of America, and keep a close eye on your credit report w/ Experian (7, page 34).  And turn off your computer at night.  Just in case someone decides they want a look at your encrypted hard drive.

(0) http://pc-history.org/forensics.htm

(1) http://www.ncjrs.gov/App/abstractdb/AbstractDBDetails.aspx?id=175264.

(2) http://www.wired.com/threatlevel/2012/02/forgotten-password/

(3) http://news.cnet.com/8301-31921_3-57364330-281/judge-americans-can-be-forced-to-decrypt-their-laptops/

(4) http://www.bbc.co.uk/news/technology-13686141

(5) http://www.thenewstribe.com/2012/02/04/pakistans-babar-iqbal-sets-new-record-in-the-field-of-digital-forensic-science/

(6) http://www.govinfosecurity.com/articles.php?art_id=4488&pg=2

(7) http://www.digitalforensicsassociation.org/storage/The_Leaking_Vault_2011-Six_Years_of_Data_Breaches.pdf

(bonus) http://www.digitalforensicsassociation.org/

Advertisements