80 likes | 173 Views
How computer forensics works? Could Hackers devastate the U.S Economy What is the year 2038 problem?. Computer and Internet Security. By Nancy L Camacho. How computer forensics works?.
E N D
How computer forensics works? Could Hackers devastate the U.S Economy What is the year 2038 problem? Computer and Internet Security By Nancy L Camacho
How computer forensics works? • When the company Enron declared bankruptcy in December 2001, hundreds of employees were left jobless while some executives seemed to benefit from the company's collapse. The United States Congress decided to investigate after hearing allegations of corporate misconduct. Much of Congress' investigation relied on computer files as evidence. A specialized detective force began to search through hundreds of Enron employee computers using computer forensics. • The purpose of computer forensics techniques is to search, preserve and analyze information on computer systems to find potential evidence for a trial. Many of the techniques detectives use in crime scene investigations have digital counterparts, but there are also some unique aspects to computer investigations. • For example, just opening a computer file changes the file -- the computer records the time and date it was accessed on the file itself. If detectives seize a computer and then start opening files, there's no way to tell for sure that they didn't change anything. Lawyers can contest the validity of the evidence when the case goes to court. • Some people say that using digital information as evidence is a bad idea. If it's easy to change computer data, how can it be used as reliable evidence? Many countries allow computer evidence in trials, but that could change if digital evidence proves untrustworthy in future cases.
How computer forensics work continued • Computers are getting more powerful, so the field of computer forensics must constantly evolve. In the early days of computers, it was possible for a single detective to sort through files because storage capacity was so low. Today, with hard drives capable of holding gigabytes and even terabytes of data, that's a daunting task. Detectives must discover new ways to search for evidence without dedicating too many resources to the process.
Could hackers devastate the U.S. Economy? • In the latest "Die Hard" movie, "Live Free or Die Hard," Bruce Willis reprises his role as Detective John McClane. This time, he fights against a shadowy criminal group that's using Internet attacks to devastate America's infrastructure. McClane must stop the gang and rescue his kidnapped daughter in the process. That plot description got us wondering: Is it really possible for a group of hackers to cause economic or physical devastation in the United States? • Cyber security is becoming an important issue. Many media organizations and government officials rank it just as grave a threat as terrorist attacks, nuclear proliferation and global warming. With so many commercial, government and private systems connected to the Internet, the concern seems warranted.
Could Hackers devastate the U.S. Economy? • To add to the concern, consider that today's hackers are more organized and powerful than ever. Many work in groups, and networks of black-market sites exist where hackers exchange stolen information and illicit programs. Credit-card data is sold in bulk by "carders" and phishing scams are a growing concern. Malware -- viruses, Trojan horse programs and worms -- generates more money than the entire computer security industry, according to some experts. Hackers are also distributed all over the world, many in countries like Romania that have lots of Internet connectivity and loose enforcement of laws. • Recently, the British government released evidence that foreign intelligence agencies, possibly in China, Korea and some former Soviet states, were hacking computers in the United Kingdom. "Economic espionage" was believed to be one reason behind the attacks [Source: Computer Weekly]. Economic espionage involves attempting to undermine the economic activity of other countries, sometimes by passing on stolen industry and trade secrets to friendly or state-owned companies. Key employees, those who have access to sensitive information or government secrets, can be targeted through virus-laden e-mails, infected CD-ROMS or memory sticks, or by hacking their computers. • To respond to these threats, the European Union, G8 and many other organizations have set up cybercrime task forces. In the United States, some local law enforcement organizations have electronic crime units and the FBI shares information with these units through its InfraGard program. • Great Britain thinks it's facing a threat, but should the United States be concerned? Recent events in Estonia may actually shed some light on the situation.
What is the year 2038 problem? • The Year 2000 problem is understood by most people these days because of the large amount of media attention it received. • Most programs written in the C programming language are relatively immune to the Y2K problem, but suffer instead from the Year 2038 problem. This problem arises because most C programs use a library of routines called the standard time library. This library establishes a standard 4-byte format for the storage of time values, and also provides a number of functions for converting, displaying and calculating time values. • The standard 4-byte format assumes that the beginning of time is January 1, 1970, at 12:00:00 a.m. This value is 0. Any time/date value is expressed as the number of seconds following that zero value. So the value 919642718 is 919,642,718 seconds past 12:00:00 a.m. on January 1, 1970, which is Sunday, February 21, 1999, at 16:18:38 Pacific time (U.S.). This is a convenient format because if you subtract any two values, what you get is a number of seconds that is the time difference between them. Then you can use other functions in the library to determine how many minutes/hours/days/months/years have passed between the two times. • If you have read How Bits and Bytes Work, you know that a signed 4-byte integer has a maximum value of 2,147,483,647, and this is where the Year 2038 problem comes from. The maximum value of time before it rolls over to a negative (and invalid) value is 2,147,483,647, which translates into January 19, 2038. On this date, any C programs that use the standard time library will start to have problems with date calculations.
What is the year 2038 problem? • If you have read How Bits and Bytes Work, you know that a signed 4-byte integer has a maximum value of 2,147,483,647, and this is where the Year 2038 problem comes from. The maximum value of time before it rolls over to a negative (and invalid) value is 2,147,483,647, which translates into January 19, 2038. On this date, any C programs that use the standard time library will start to have problems with date calculations. • This problem is somewhat easier to fix than the Y2K problem on mainframes, fortunately. Well-written programs can simply be recompiled with a new version of the library that uses, for example, 8-byte values for the storage format. This is possible because the library encapsulates the whole time activity with its own time types and functions (unlike most mainframe programs, which did not standardize their date formats or calculations). So the Year 2038 problem should not be nearly as hard to fix as the Y2K problem was.
To respond to these threats, the European Union, G8 and many other organizations have set up cybercrime task forces. In the United States, some local law enforcement organizations have electronic crime units and the FBI shares information with these units through its InfraGard program. • Great Britain thinks it's facing a threat, but should the United States be concerned? Recent events in Estonia may actually shed some light on the situation.