A quick excerpt from a CIO article. Without details, it is tough to separate fantasy (or simply blind speculation) from reality, but I think this story may just ring true. The article is focused on how difficult forensics is becoming as criminals employ more antiforensics tactics. Personally, I don’t think it has gotten any worse to track down criminals over the wires, there is just more money involved these days. (On-disk forensics notwithstanding.) (Update:I see more discussion here from keydet89!)
A clear illustration of this fact comes from the field investigations manager for a major credit services company. Sometime last year, he noticed a clutch of fraudulent purchases on cards that all traced back to the same aquarium. He learned quite a bit through forensics. He learned, for example, that an aquarium employee had downloaded an audio
file while eating a sandwich on her lunch break. He learned that when she played the song, a rootkit hidden inside the song installed itself on her computer. That rootkit allowed the hacker who’d planted it to establish a secure tunnel so he could work undetected and “get root”—administrator’s access to the aquarium network.
Sounds like a successful investigation. But the investigator was underwhelmed by the results. Why? Because he hadn’t caught the perpetrator and he knew he never would. What’s worse, that lunch break with the sandwich and the song download had occurred some time before he got there. In fact, the hacker had captured every card transaction at the aquarium for two years.
As a side rant, I really hate how a not-large article turns into 10 page “turns” on news sites these days. I mean, come on, everyone can see through this little “click more to serve more ads” scheme. It actually conditions me to look for the Print icon to view the printable version that, amazingly, has no ads and displays on one page.