Theft, manipulation, or handling of data: the number of attacks on PC, laptop, tablet etc. is growing. Computer criminality is by its very nature a grey area of criminality. For fear over their reputation, for example, companies often do not report attacks. In many cases, however, victims are unaware they are the target of a cyberattack. Luckily, the hackers are not always successful - But what should we do if they do cause damage?
Whether its networks like Tor or the public internet – as the first step in fighting criminals, fast, highly-available hardware resources sufficient to meet regulatory requirements are essential. The State Office of Criminal Investigation in Düsseldorf is equipped with a cybercrime system that is evaluating an ever-growing volume of data. The faster the data stream is distributed in the system, the faster data of any format can be analyzed and evaluated with a higher hit rate. The result: faster access to the alleged criminals. To do this T-Systems has implemented an innovative and modern high-speed storage solution in conjunction with Dell that fulfils all requirements of the North-Rhine Westphalia police in terms of security, performance, and administration.
The new system is 540 times faster than the previous installation. At the start of the work day, the data from the last 24 hours is complete. The system fully conforms to basic BSI protection. A significant module of HiPoS – hybrid integrative platform of police special networks – is a Big data Enhanced Analytics SysTem (B.E.A.S.T) – a fast, highly secure and capable cybercrime forensics and analysis system. The new evaluation process using B.E.A.S.T. enables queries to a database comprising six billion data records in approximately one to three seconds. This speed enables the forensic methods applied by experienced agents to now lead to results every second, where previously weeks or months were required.
If attackers are successful, a rushed response can be counterproductive. Tracks are covered. The attacker could inadvertently infiltrate deeper into the IT systems. Therefore, keep calm if you detect an attack and bring in an incident handler at an early stage before traces of the attacker are unintentionally obscured. A digital forensics expert secures the scene of the crime and looks between bits and bytes for valuable clues as to the sequence of events. A false step can cause disastrous consequences and further escalate the damage.
But IT forensics also investigate cases when IT administrators notice the IT systems are behaving differently to normal. For example, if the book keeper stumbles across transfers for which there are no invoices, or the managing director is surprised their company has for some time been underbid on every tender offer, or if a competitor brings an innovation to market which is strikingly similar to the company's own inventions.
The tasks of the incident handler are to identify and limit the level of damage, to locate the perpetrators and their motives, and to analyze their approach. The gateways are then locked and countermeasures are introduced. What is crucial is that an IT forensics expert comes up with provable facts that can be used in a court of law. Otherwise, the judiciary will reject the digital proof in a later case, or run into problems when claiming for the resulting damages with your insurance company.
The perpetrators may be sitting in North Korea, Russia, or in a neighboring office. They don't leave behind pools of blood or rifled-through cupboards. But digital forensics experts like Dr. Alexander Schinner, Security Consultant at Deutsche Telekom, know how to find valuable clues to the sequence of events between bits and bytes.
Future-proofing a company requires four building blocks: connectivity, cloud and infrastructure, security, and digitalization. IT-forensics safeguards evidence after a cyber-attack and prevent its further spread.