By Paul F. Roberts
January 12, 2006
Cyber-security and computer experts from the government and law
enforcement are increasingly concerned with malicious code that runs
on Linux and Apple Computer Inc.'s Mac OS X operating systems and
threats posed by devices such as iPods and Xboxes.
Intensive courses on the Mac OS X and Linux operating systems, as well
as iPods, were just a few of the offerings at a recent cyber-security
conference sponsored by the U.S. Department of Defense. Network
administrators and cyber-investigators say they are increasingly being
called on to investigate compromises of non-Windows operating systems
and to analyze portable devices such as iPods, according to interviews
with attendees by eWEEK.
The annual Cyber Crime Conference draws top cyber-security talent from
the U.S. military, federal agencies, and federal, state and local law
enforcement to hone their skills and learn about emerging
Two, two-day courses at this year's conference taught attendees
techniques for forensic analysis of Mac OS X and the open-source Linux
John Sawyer, an IT security engineer who works for the University of
Florida, took the OS X course and said it was very useful. His
employer recently purchased a Mac for the IT department so that staff
could become familiar with the platform, Sawyer said.
IT staffers at the university are increasingly finding malicious
software, such as remote control "bot" programs running on Mac OS X,
though most have had much experience analyzing the operating system
for security breaches, said Jordan Wiens, a network security engineer
also at University of Florida.
Federal, state and local law enforcement are taking a harder look at
platforms such as Mac OS X and Linux because those platforms are being
used more widely, said Tyler Cohen, an instructor with the DOD's DCITP
(Department Computer Investigations Training Program).
Innocuous devices such as the iPod Shuffle, a small, portable version
of the massively popular MP3 player from Apple, are also an
underappreciated threat, said Cohen, who led a session called "Hacking
with iPods and Forensic Analysis" at the conference.
In that class, Cohen showed attendees how Shuffles and other iPods
could be outfitted with a bootable distribution of the Linux operating
system and stripped-down version of the Metasploit Framework hacking
tool and then used to break in to protected computers.
The MP3 players can be connected directly to computers and then used
to copy and store gigabytes' worth of files and other sensitive
documents from those systems, Cohen told eWEEK.
IPods, as well as USB storage devices, can be connected and removed
without leaving a record of their actions or a footprint on the
machine. That poses a challenge for computer forensic investigators
who are looking into the theft of data or trying to find the origin of
an attack, Cohen said.
Microsoft's Xbox gaming devices pose a similar problem to
investigators, said Sig Murphy an investigator in the DOD's Computer
Murphy has been called on to analyze four Xboxes in the last year for
investigations in DCFL's Major Crimes and Safety division, and the
devices are turning up in more and more investigations, Murphy told
Some of the Xbox cases involved solicitation of a minor, in which
pedophiles used Microsoft's online gaming and chat features to meet
and try to befriend minors.
Unmodified Xboxes can be difficult to obtain information from because
they have locked hard drives that require a unique password to read.
Unlocking those drives has gotten easier, due to a thriving Xbox
"modding" underground. Once unlocked, unmodified or "stock" Xboxes
keep few records or logs of online activities, making forensic
analysis of the devices challenging, Murphy said.
Modified Xboxes can be outfitted with Linux or other operating systems
and used for anything a traditional laptop or desktop computer can,
including launching attacks or storing child pornography, Murphy said.
While gaming platforms are often overlooked by police, agents at the
DOD and FBI are being told to seize Xboxes as part of their
information gathering, Murphy said.
However, state and local law enforcement may not be aware that the
devices could store information useful to a criminal investigation, he
Murphy and others said that they believe alternative computing
platforms will come to play a bigger role in cyber-crimes and criminal
investigations in the years to come. Devices such as the PlayStation
Portable, which has a large hard drive and wireless capability, will
become more common and more capable of carrying out or being targeted
in online attacks, Murphy said.
Governments, as well as enterprises, worried about losing sensitive
data need to institute tough policies that bar devices such as iPods
from their networks. However, technology to enforce those policies,
often referred to as endpoint security tools, is still not widely
used, she acknowledged.
InfoSec News v2.0 - Coming Soon!