Intensive courses on the Mac OS X and Linux operating systems, as well as iPods, were just a few of the offerings at a recent cyber-security conference sponsored by the U.S. Department of Defense. Network administrators and cyber-investigators say they are increasingly being called on to investigate compromises of non-Windows operating systems and to analyze portable devices such as iPods, according to interviews with attendees by eWEEK.
The annual Cyber Crime Conference draws top cyber-security talent from the U.S. military, federal agencies, and federal, state and local law enforcement to hone their skills and learn about emerging cyber-security threats.
Two, two-day courses at this years conference taught attendees techniques for forensic analysis of Mac OS X and the open-source Linux operating system.
John Sawyer, an IT security engineer who works for the University of Florida, took the OS X course and said it was very useful. His employer recently purchased a Mac for the IT department so that staff could become familiar with the platform, Sawyer said.
IT staffers at the university are increasingly finding malicious software, such as remote control "bot" programs running on Mac OS X, though most have had much experience analyzing the operating system for security breaches, said Jordan Wiens, a network security engineer also at University of Florida.
Federal, state and local law enforcement are taking a harder look at platforms such as Mac OS X and Linux because those platforms are being used more widely, said Tyler Cohen, an instructor with the DODs DCITP (Department Computer Investigations Training Program).
Innocuous devices such as the iPod Shuffle, a small, portable version of the massively popular MP3 player from Apple, are also an underappreciated threat, said Cohen, who led a session called "Hacking with iPods and Forensic Analysis" at the conference.
In that class, Cohen showed attendees how Shuffles and other iPods could be outfitted with a bootable distribution of the Linux operating system and stripped-down version of the Metasploit Framework hacking tool and then used to break in to protected computers.
The MP3 players can be connected directly to computers and then used to copy and store gigabytes worth of files and other sensitive documents from those systems, Cohen told eWEEK.
IPods, as well as USB storage devices, can be connected and removed without leaving a record of their actions or a footprint on the machine. That poses a challenge for computer forensic investigators who are looking into the theft of data or trying to find the origin of an attack, Cohen said.
Microsofts Xbox gaming devices pose a similar problem to investigators, said Sig Murphy an investigator in the DODs Computer Forensic Laboratory.
Murphy has been called on to analyze four Xboxes in the last year for investigations in DCFLs Major Crimes and Safety division, and the devices are turning up in more and more investigations, Murphy told eWEEK.
Some of the Xbox cases involved solicitation of a minor, in which pedophiles used Microsofts online gaming and chat features to meet and try to befriend minors.
Unmodified Xboxes can be difficult to obtain information from because they have locked hard drives that require a unique password to read. Unlocking those drives has gotten easier, due to a thriving Xbox "modding" underground. Once unlocked, unmodified or "stock" Xboxes keep few records or logs of online activities, making forensic analysis of the devices challenging, Murphy said.
Modified Xboxes can be outfitted with Linux or other operating systems and used for anything a traditional laptop or desktop computer can, including launching attacks or storing child pornography, Murphy said.
While gaming platforms are often overlooked by police, agents at the DOD and FBI are being told to seize Xboxes as part of their information gathering, Murphy said.
However, state and local law enforcement may not be aware that the devices could store information useful to a criminal investigation, he said.
Murphy and others said that they believe alternative computing platforms will come to play a bigger role in cyber-crimes and criminal investigations in the years to come. Devices such as the PlayStation Portable, which has a large hard drive and wireless capability, will become more common and more capable of carrying out or being targeted in online attacks, Murphy said.
Governments, as well as enterprises, worried about losing sensitive data need to institute tough policies that bar devices such as iPods from their networks. However, technology to enforce those policies, often referred to as endpoint security tools, is still not widely used, she acknowledged.