Graphic of a lock encircled by data strands

Hunting down big data hackers

Sabotage or espionage: if hackers penetrate, companies need proof that can be used in a court of law in case of a claim for damages

Safeguarding proof and limiting damage

Theft, manipulation, or handling of data: the number of attacks on PC, laptop, tablet etc. is growing. Computer criminality is by its very nature a gray area of criminality. For fear over their reputation, for example, companies often do not report hacks. In many cases, however, victims are unaware that they are the target of a cyberattack. Luckily, though, the hackers are not always successful. But what should we do it they do cause damage?

Hunting down big data cybercriminals

Young man sits concentrated in front of computer screen and taps keyboard

Whether it's networks like Tor or the world wide web – as the first step in fighting criminals, fast, highly-available hardware resources which are sufficient to meet the regulatory requirements are essential. The State Office of Criminal Investigation in Düsseldorf is therefore equipped with a cybercrime system which is evaluating an ever growing volume of data at once. The faster the data stream is distributed in the system, the faster data of any format can be analyzed and evaluated with a higher hit rate. The result: faster access to the alleged criminals. To do this, T-Systems has implemented an innovative and modern high-speed storage solution in conjunction with Dell which fulfills all requirements of the North-Rhine Westphalia police in terms of security, performance, and administrability.

The new overall system is 540 times faster than the previous installation. At the start of the work day, the data from the last 24 hours are complete. The system fully conforms to basic BSI protection. A significant module of HiPoS – hybrid integrative platform of police special networks – is a Big data Enhanced Analytics SysTem (B.E.A.S.T), a fast, highly secure, and capable cybercrime forensics and analysis system. The new evaluation process using B.E.A.S.T. enables queries to a database comprising six billion data records in approximately one to three seconds. This speed enables the forensic methods of the experienced agents to now lead to results every second where previously weeks or months were required.

Let’s get in touch

We are happy to provide you with the right experts and to answer your questions – by phone or email.

Encryption of data against quantum computer hacking

The future looks bleak: by using the skilled exploitation of quantum mechanics phenomena, a quantum computer would break many established encryption methods in a short period of time, which would take today's conventional computers billions of years to calculate. Transmitting passwords and other sensitive data on the internet could become a high security risk. Security researchers are therefore searching for an antidote to the risk posed by quantum computers. According to scientists, companies should switch to new encryption methods of post-quantum cryptography. After all, today's data traffic is possibly already at risk. Hackers could intercept and store sensitive information in an encrypted form so that they can later crack it using a quantum computer in ten years – or sooner.

Cryptography experts recommend choosing a key length of 256 bit for symmetrical algorithms such as AES (Advanced Encryption Standard). Asymmetrical cryptography, such as RSA and processes on elliptical curves, must be replaced with new processes that are secure against attacks by quantum computers. To crack these would in turn require correspondingly large quantum computers to be developed. However, companies could in future also implement hybrid processes, in other words combining a current encryption method with a new post-quantum algorithm. The telecommunications companies are testing both post-quantum algorithms and new cryptoalgorithms which are themselves based on quantum mechanics phenomena.

Incident handlers identify and limit the extent of the damage

A young man is concentrating on working at a laptop in a research facility

If hackers are successful, a rushed response can be counterproductive. Tracks are covered. The cyberattacker could inadvertently infiltrate deeper into the IT systems. Therefore, keep calm if you detect an attack and bring in an incident handler at an early stage before traces of the attacker are unintentionally obscured. A digital forensics expert secures the scene of the crime and looks between bits and bytes for valuable clues as to the sequence of events. A false step can cause disastrous consequences and further escalate the damage. 

But IT forensics also investigate cases when IT administrators notice that the IT systems are behaving differently than normal. For example, if the bookkeeper stumbles across transfers for which there are no invoices. Or the managing director is surprised that his company has for some time been underbid for each tender offer. Or if the competition brings an innovation to market which is strikingly similar to the company's own inventions.

The tasks of the incident handler are to identify and limit the level of damage, to locate the perpetrators and their motives, and to analyze their approach. The gateways are then locked and countermeasures are introduced. What is crucial is that an IT forensics expert comes up with provable facts that can be used in a court of law. Otherwise, the judiciary will reject the digital proof in a later case. Or you will come across problems when you would like to claim for the resulting damages with your insurance company.

The T-Systems incident response team

When it comes to an attack, every minute counts and correct handling is essential for success. Many companies do not have sufficient resources to handle cyber security incidents effectively themselves.

Our T-Systems incident response team is there for you around the clock. We analyze the situation, rectify the damage and get your systems back into normal operation. Due to specializing in cyber attacks, and our many years of experience in the field of IT security, we have the necessary tools and experts to guarantee your IT security.

(video in german)

Safeguarding evidence, minimizing data loss

The process of an IT forensic analysis is standardized and methodologically always follows the same standards. Only in this way can evidence that can be used in a court of law be guaranteed. First of all, data carriers, memory images, and log data is secured. The evidence must not be allowed to be changed or even destroyed. For this reason, everything is documented and photographed to safeguard the evidence. For example, what the environment looks like or where each cable is plugged into the laptop may become important later. The most important thing at the start is to create a reliable basis for further investigations. 

Where did the initial infection happen? How did the virus spread in the company network? Where did it come from? Did it come from inside or outside? Who is among the victims and what is the extent of the damage? An IT forensics expert works closely with the affected company – they need access to log files, hard drives, laptops, mobile phones, network data and plans, or emails with headers. To do this, the forensics expert collects statements from those affected to paint themselves a picture. Trusting cooperation is important. They then create a fully forensic copy of the hard drive or secure the laptop.

(video in german)

The emergency plan as crisis preparation

Having an emergency plan increases the probability of employees correctly reacting in exceptional circumstances.

  1. Advice is given at the start. A penetration test detects weak points in the IT infrastructure. Behaving like an intruder, shaking every IT security gate, and checking to see if they really are properly locked. Typical threat scenarios can be played out with the forensics expert and the question "Could I protect my company against this kind of attack?" can be answered.
  2. One hundred percent protection against a cyberattack does not exist. This is why every company needs an emergency plan. It is not just about behaving in the right way – it also increases the chances of you coming across weak points in advance so that you can remedy them in a timely manner.
  3. Humans are creatures of habit. The best emergency plan will not save you if you do not regularly practice with your employees how to behave in the event of a cyberattack.

Looking for digital traces

Man sits in thinker pose in front of laptop in an open-plan office

The perpetrators may be sitting in North Korea, Russia, or in a neighboring office. They don't leave behind pools of blood or rifled-through cupboards. But digital forensics experts like Dr. Alexander Schinner, Security Consultant at Deutsche Telekom, know how to find valuable clues to the sequence of events between bits and bytes.

An interview with the IT forensics expert Wassermann – the Sherlock Holmes of IT.

Digital ecosystem

Future-proofing a company requires four building blocks: connectivity, cloud and IT-infrastructure, security, and digitalization. The IT-forensics safeguard after a cyber attack evidence and prevent the further spreading.

Zu unserer Strategie