Graphic of a lock encircled by data strands

Hunting down big data hackers

Sabotage or espionage: if hackers invade, companies need evidence that can be used in a court of law in case of a claim for damages.

Safeguarding evidence and limiting damages

Theft, manipulation, or handling of data: the number of attacks on PC, laptop, tablet etc. is growing. Computer criminality is by its very nature a gray area of criminality. For fear over their reputation, for example, companies often do not report hacks. In many cases, however, victims are unaware that they are the target of a cyberattack. Luckily though, the hackers are not always successful. But what should we do if they do cause damage?

Hunting down big data cybercriminals

Young man sits concentrated in front of computer screen and taps keyboard

Whether it's networks like Tor or the public internet – as the first step in fighting criminals, fast, highly-available hardware resources which are sufficient to meet the regulatory requirements are essential. The State Office of Criminal Investigation in Düsseldorf is therefore equipped with a cybercrime system that is evaluating an ever-growing volume of data at once. The faster the data stream is distributed in the system, the faster data of any format can be analyzed and evaluated with a higher hit rate. The result: faster access to the alleged criminals. To do this, T-Systems has implemented an innovative and modern high-speed storage solution in conjunction with Dell that fulfills all requirements of the North-Rhine Westphalia police in terms of security, performance, and administrability.

The new overall system is 540 times faster than the previous installation. At the start of the work day, the data from the last 24 hours are complete. The system fully conforms to basic BSI protection. A significant module of HiPoS – hybrid integrative platform of police special networks – is a Big data Enhanced Analytics SysTem (B.E.A.S.T), a fast, highly secure, and capable cybercrime forensics and analysis system. The new evaluation process using B.E.A.S.T. enables queries to a database comprising six billion data records in approximately one to three seconds. This speed enables the forensic methods of the experienced agents to now lead to results every second where previously weeks or months were required.

We look forward to your project!

We are happy to provide you with the right experts and to answer your questions about planning, implementation, and maintenance for your digitalization plans. Get in touch!

Encryption of data against quantum computer hacking

The future looks bleak: by using the skilled exploitation of quantum mechanics phenomena, a quantum computer would break many established encryption methods in a short period of time, which would take today's conventional computers billions of years to calculate. Transmitting passwords and other sensitive data on the internet could become a high security risk. Security researchers are therefore searching for an antidote to the risk posed by quantum computers. According to scientists, companies should switch to new encryption methods of post-quantum cryptography. After all, today's data traffic is possibly already at risk. Hackers could intercept and store sensitive information in an encrypted form so that they can later crack it using a quantum computer in ten years – or sooner.

Cryptography experts recommend choosing a key length of 256 bit for symmetrical algorithms such as AES (Advanced Encryption Standard). Asymmetrical cryptography, such as RSA and processes on elliptical curves, must be replaced with new processes that are secure against attacks by quantum computers. To crack these would in turn require correspondingly large quantum computers to be developed. However, companies could in the future also implement hybrid processes, in other words combining a current encryption method with a new post-quantum algorithm. Telecommunications companies are testing both post-quantum algorithms and new cryptoalgorithms which are themselves based on quantum mechanics phenomena.

Incident handlers identify and limit the extent of the damage

A young man is concentrating on working at a laptop in a research facility

If hackers are successful, a rushed response can be counterproductive. Tracks are covered. The cyberattacker could inadvertently infiltrate deeper into the IT systems. Therefore, keep calm if you detect an attack and bring in an incident handler at an early stage before traces of the attacker are unintentionally obscured. A digital forensics expert secures the scene of the crime and looks between bits and bytes for valuable clues as to the sequence of events. A false step can cause disastrous consequences and further escalate the damage. 

But IT forensics also investigate cases when IT administrators notice that the IT systems are behaving differently than normal. For example, if the bookkeeper stumbles across transfers for which there are no invoices. Or the managing director is surprised that his company has for some time been underbid for each tender offer. Or if the competition brings an innovation to market which is strikingly similar to the company's own inventions.

The tasks of the incident handler are to identify and limit the level of damage, to locate the perpetrators and their motives, and to analyze their approach. The gateways are then locked and countermeasures are introduced. What is crucial is that an IT forensics expert comes up with provable facts that can be used in a court of law. Otherwise, the judiciary will reject the digital proof in a later case. Or you run into problems if you want to claim for the resulting damages with your insurance company.

The T-Systems incident response team

When it comes to an attack, every minute counts and correct handling is essential for success. Many companies do not have sufficient resources to handle cyber security incidents effectively themselves.

Our T-Systems incident response team is there for you around the clock. We analyze the situation, rectify the damage and get your systems back to normal operation. Due to specializing in cyber attacks, and our many years of experience in the field of IT security, we have the necessary tools and experts to guarantee your IT security.

(video in german)

Safeguarding evidence, minimizing data loss

The process of an IT forensic analysis is standardized and methodologically always follows the same standards. This is the only way to ensure evidence that can be used in a court of law. First of all, data carriers, memory images, and log data is secured. The evidence must not be allowed to be changed or even destroyed. For this reason, everything is documented and photographed to safeguard the evidence. For example, what the environment looks like or where each cable is plugged into the laptop may become important later. The most important thing at the start is to create a reliable basis for further investigations.

Where did the initial infection happen? How did the virus spread in the company network? Where did it come from? Did it come from inside or outside? Who is among the victims and what is the extent of the damage? An IT forensics expert works closely with the affected company – they need access to log files, hard drives, laptops, mobile phones, network data and plans, or emails with headers. To do this, the forensics expert collects statements from those affected to paint themselves a picture. Cooperation based on trust is important. They then create a fully forensic copy of the hard drive or secure the laptop.

Identify IT forensic experts

A cyber attack is usually only noticed when damage has already occurred. A specialized investigator who recognizes such attacks at an early stage can help. An IT forensic expert protects companies from cyber attacks, advises on precautions and helps if a hacker has struck.

(video in german)

The emergency plan as crisis preparation

Having an emergency plan increases the probability of employees correctly reacting in exceptional circumstances.

  1. Advice is given at the start. A penetration test detects weak points in the IT infrastructure. Behaving like an intruder, shaking every IT security gate, and checking to see if they really are properly locked. Typical threat scenarios can be played out with the forensics expert and the question "Could I protect my company against this kind of attack?" can be answered.
  2. One hundred percent protection against a cyberattack does not exist. This is why every company needs an emergency plan. It is not just about responding in the right way – it also increases the chances of you coming across weak points in advance so that you can remedy them in a timely manner.
  3. Humans are creatures of habit. The best emergency plan will not save you if you do not regularly practice with your employees how to respond in the event of a cyberattack.

Searching for Digital Trace Evidence

Man sits in thinker pose in front of laptop in an open-plan office

The perpetrators may be sitting in North Korea, Russia, or in a neighboring office. They don't leave behind pools of blood or rifled-through cupboards. But digital forensics experts like Dr. Alexander Schinner, Security Consultant at Deutsche Telekom, know how to find valuable clues to the sequence of events between bits and bytes.

An interview with the IT forensics expert Wassermann – the Sherlock Holmes of IT.

Digital ecosystem

Future-proofing a company requires four building blocks: connectivity, cloud and infrastructure, security, and digitalization. IT-forensics safeguards evidence after a cyber attack and prevent its further spread.

To our strategy