[...]... said to date back to the early 1800s when a gentleman by the name of Joseph Jacquard developed an automated means of weaving for the textile industry.This automation solution was, in fact, the forerunner to the computer punch card Several employees at the facility were afraid that they were about to lose their jobs.Therefore they sabotaged the technology Interestingly, we may then say that the first... enforcement stings operate by paying for the information and when the criminal goes to collect the money, that’s when they arrest them However, as with most crimes, there is no idealistic method that always works for law enforcement or for that matter, always works for the criminals Criminals sometimes use compromised systems belonging to legitimate businesses, but whose owners don’t realize that they are hosting... Investigation Association (HTCIA), Network and Systems Professionals Association (NaSPA), Association of Certified Fraud Examiners (ACFE), Anti Terrorism Accreditation Board (ATAB), and ASIS International® He is also a Secure Member and Sector Chief for Information Technology at The FBI’s InfraGard® and a Member and Director of Education at the International Information Systems Forensics Association (IISFA)... addition, the criminals operate anonymously and can turn their operations on and off rapidly Some simply cash out, which means that they sell the information— over IRC for example In many cases they sell the same information over and over again.They may even scam an organization—such as a money transfer business—into being their intermediary And they may have mules—individuals with fake Ids—pick up the money... studies in the book are true Only slight changes have been made to keep the identities of the individuals and organizations anonymous The content is based either on my direct involvement in the incident or on my involvement with the organizations after the fact In some cases I was able to have conversations with the actual insiders Each case discusses the insider, the organization, the attack, and the countermeasures... policy is simply to notify the individual who did the posting and tell him that Yahoo has been served It then tells him that from the date of that notification, there will be fifteen days to file a motion against the subpoena, and if it is not filed within that time, Yahoo will turn over the information the subpoena calls for Hackers It’s important to add a quick disclaimer in regard to the term hacker Without... Worms, Flash Threats, and Targeted Attacks.These newer threats do more damage and are more costly to the victims than their predecessors were Blended Threats use multiple paths to propagate; paths such as e-mail, file sharing, and the web Most take days or even months to spread.That was true until Code Red and Nimda were released, and then the industry saw attacks propagating in just hours.These events... for organizations that didn’t have the appropriate patches or countermeasures in place The vulnerability in Microsoft IIS that Code Red exploited was discovered on June 18th 2001 Within the following forty-eight hours, Microsoft had a patch available for download, and the Computer Emergency Response Team (CERT) Coordination Center at Carnegie Mellon University released an advisory As soon as the patch... person For example, in 2005, an anonymous posting to a Yahoo message board disclosed proprietary information that belonged to another organization .The organization filed a John Doe suit and subpoenaed Yahoo In reference to the case, Dallas attorney Michael Linz, who had handled a John Doe lawsuit for the American Civil Liberties Union, stated that Yahoo wasn’t responsible for postings, and that it was... ■ Lack empathy ■ May be imitating and modeling those whom they respect Rogers further states that people usually don’t engage in reprehensible conduct unless they have justified it to themselves Making yourself think that what you’re doing is okay puts your conscience at ease Blaming the victim or circumstances may also do this Many of his interviews with convicted hackers demonstrated that the hackers . defining the threats and knowing how to spot them in the business processes. Enemy at the Water Cooler is a must read for CIOs and security officers everywhere, but it is also part of the literature. organizations, the general public and the media, consequently most security resources are focused to counter them. Enemy at the Water Cooler focuses on the often-overlooked area of information. Director of Education at the International Information Systems Forensics Association (IISFA). Dave was the technical editor for Chapter 16 of Enemy at the Water Cooler. 424_Wtr_Clr_FM.qxd 7/28/06