Theft, manipulation, or handling of data: the number of attacks on PC, laptop, tablet etc. is growing. Computer criminality is by its very nature a gray area of criminality. For fear over their reputation, for example, companies often do not report hacks. In many cases, however, victims are unaware that they are the target of a cyberattack. Luckily though, the hackers are not always successful. But what should we do if they do cause damage?
Whether it's networks like Tor or the public internet – as the first step in fighting criminals, fast, highly-available hardware resources which are sufficient to meet the regulatory requirements are essential. The State Office of Criminal Investigation in Düsseldorf is therefore equipped with a cybercrime system that is evaluating an ever-growing volume of data at once. The faster the data stream is distributed in the system, the faster data of any format can be analyzed and evaluated with a higher hit rate. The result: faster access to the alleged criminals. To do this, T-Systems has implemented an innovative and modern high-speed storage solution in conjunction with Dell that fulfills all requirements of the North-Rhine Westphalia police in terms of security, performance, and administrability.
The new overall system is 540 times faster than the previous installation. At the start of the work day, the data from the last 24 hours are complete. The system fully conforms to basic BSI protection. A significant module of HiPoS – hybrid integrative platform of police special networks – is a Big data Enhanced Analytics SysTem (B.E.A.S.T), a fast, highly secure, and capable cybercrime forensics and analysis system. The new evaluation process using B.E.A.S.T. enables queries to a database comprising six billion data records in approximately one to three seconds. This speed enables the forensic methods of the experienced agents to now lead to results every second where previously weeks or months were required.
If hackers are successful, a rushed response can be counterproductive. Tracks are covered. The cyberattacker could inadvertently infiltrate deeper into the IT systems. Therefore, keep calm if you detect an attack and bring in an incident handler at an early stage before traces of the attacker are unintentionally obscured. A digital forensics expert secures the scene of the crime and looks between bits and bytes for valuable clues as to the sequence of events. A false step can cause disastrous consequences and further escalate the damage.
But IT forensics also investigate cases when IT administrators notice that the IT systems are behaving differently than normal. For example, if the bookkeeper stumbles across transfers for which there are no invoices. Or the managing director is surprised that his company has for some time been underbid for each tender offer. Or if the competition brings an innovation to market which is strikingly similar to the company's own inventions.
The tasks of the incident handler are to identify and limit the level of damage, to locate the perpetrators and their motives, and to analyze their approach. The gateways are then locked and countermeasures are introduced. What is crucial is that an IT forensics expert comes up with provable facts that can be used in a court of law. Otherwise, the judiciary will reject the digital proof in a later case. Or you run into problems if you want to claim for the resulting damages with your insurance company.
The perpetrators may be sitting in North Korea, Russia, or in a neighboring office. They don't leave behind pools of blood or rifled-through cupboards. But digital forensics experts like Dr. Alexander Schinner, Security Consultant at Deutsche Telekom, know how to find valuable clues to the sequence of events between bits and bytes.