Several months ago, the largest heist of customer information ever, known as the TJX Breach, was announced. It was later revealed TJX companies (such as Bob’s Stores, HomeGoods, Marshalls, T.J. Maxx and A.J. Wright) lost 45.7 million credit cards to hackers. Although multiple arrests were eventually made for fraud, investigators admitted the breach likely occurred quite some time ago; the hackers remained hidden from detection through a clever and thorough application of anti-forensic software.
Digital Forensics is the information age’s equivalent of detective sleuthing. Much as the best criminals left no trace of a crime through such actions as wiping down fingerprints, today’s hackers are covering their tracks equally well. The practice can largely be traced to the ubiquitous hacking toolkits so prevalent on the Internet. Investigators once likened the ability to thoroughly remove digital evidence as the mark of a skilled criminal. Now, as commodity rootkits buy both time and access for a hacker, even the unskilled are able to use tools to hide and obfuscate their actions. Evidence removal kits are so complete that many hackers no longer hide their deed, opting instead to blatantly own a host quickly knowing forensics would have no evidence to trace the hack. Researcher Bryan Sartin of Cybertrust comments, "[Hackers] use FTP and they don’t care if it logs the transfer, because they know I have no idea who they are or how they got there."
Similarly tagged OmniNerd content: