Preface
Todays Internet is riddled with spammers, con artists, and identity thieves. Everywhere you turn are web sites selling fake Viagra, touting get-rich-quick schemes, or trying to trick you out of your credit card number.
You and I may see through all the scams, but plenty of people do not. More than a nuisance, these are real crimes that target the vulnerable members of society such as the elderly and the navepeople like your parents and grandparents.
Conventional wisdom says that you can never track down the people behind the scams, and that the Internet is so large and so unregulated that it is easy for someone to hide their identity. But thats not true. In every spam message, phishing email, or web page, there are all sorts of clues that reveal something about the author. The Internet address of a server and the layout of files on a web site are the online equivalents of a fingerprint on a door handle or a tire track in the mud.
None of these details, by themselves, tell you a great deal. But when viewed as a whole, and, especially, when compared between cases, clear patterns and connections become apparent. As in real criminal investigations, the unlikeliest piece of evidence can turn out to be the most important.
Internet Forensics shows you how to find the clues left behind at an Internet crime scene. You will learn how to uncover information that lies hidden in every email message, web page, and web server on the Internet. You will gain an understanding of how the Internet functionswhat really goes on when you request a web page, for example. You will see how the bad guys take advantage of these protocols and the lengths that they go to in order to hide their tracks.
My own interest in this field has been motivated by several factors. First is the daily frustration of dealing with spam, viruses, and all sorts of scams. With it is the growing unease that our Internet is being taken away from us by these abusers and that, unless we band together and do something about it, the problem is going to get much worse. Collectively, by making it more difficult for them to operate in secrecy, we can push back against the bad guys and take back the network.
In looking into this sort of scam, you are forced to learn more about the way the Internet and its core protocols function. You see where their shortcomings lie and you start to think of ways they could be made better. It is a great way to learn a lot about Internet technologies without having to become an expert in the details of any one of them.
Last, but not least, is the fun to be had from playing amateur detective and solving Internet mysteries. At every stage of the game you are challenged to uncover information hidden in email message headers or web transactions. What appear to be minor details can become significant when combined with clues revealed by another technique. A passing observation in one study may link it into a much larger network of scams.
Murder mysteries and forensics crime dramas in books and on television are popular for a good reason. People like the challenge of finding clues, putting them together, and solving the puzzle. I think this is particularly true among those of us in the software development community. Alongside the more noble motivations, I hope that you will enjoy the challenge of Internet forensics in its own right.
Who This Book Is For
I have written this book with two types of reader in mind. The first are those of you with a professional interest in computer security. The traditional focus of this field has been on preventing attacks on private machines and networks from people and viruses, and using computer forensics to reveal their activities.
But todays threats require that we go beyond this localized, internal focus and look outward to the Internet. Some of the viruses we see are used to set up email relay servers that are used by international spam operations. Computers are attacked, hijacked, and used to host fake bank web sites that are used for identity theft. Those of you who are computer security professionals will learn the core techniques you need in order to address this evolving type of threat.
The larger, less defined, audience consists of software developers and systems administrators who take a broad interest in the Internet and how it works. Many of us feel a deep frustration with the epidemics of spam, phishing, and viruses and want to fight back against it in some way. The book will show you how the bad guys are able to abuse the technology of the Internet. It will show you how to uncover information about their operations and, in doing so, make their lives a lot more difficult.
To get the most out of this book, it helps to have a working knowledge of Unix and some experience with Perl. But that is not an absolute requirement. If you can use a web browser and an email client, then you can follow along with most of the material in the book. You already have the most important thing you need: an inquisitive mind.
I have tried to avoid complex software as far as possible. Most of the tools come standard with recent versions of Linux and those that dont are easily downloaded and installed. I have included Perl scripts throughout the book where these can help automate common tasks or help display information more concisely, and I have made a conscious effort to keep these scripts short and simple. My hope is that they are easy to understand and can serve as starting points for your own scripts.
Contents of This Book
The book is organized around the core technologies of the Internetemail, web sites, servers, and browsers. Chapters describe how these are used and abused and show you how information hidden in each of them can be uncovered. Short examples illustrate all the major techniques that are discussed. Two in-depth examples in show how they are used in concert in real-world case studies.
Dealing with Internet fraud and abuse is not merely a technical matter and so throughout the book, I discuss the ethical and legal issues that arise in this field of work.
The contents of specific chapters are as follows:
,
IntroductionAn overview of spam, phishing, and the other threats to todays Internet.
,
Names and NumbersTools and techniques to retrieve information about Internet addresses and domain names.
,
EmailThe structure of email messages, how spammers forge message headers, and what you can uncover in spite of their efforts to hide.
,
ObfuscationA review of the many ways that con artists conceal their identities and how you can see through their disguises.
,
Web SitesDissecting the operation of Internet scams by studying the pages and directories that make up a web site.
,
Web ServersWays to uncover information about web servers and their operation by looking at the headers records of standard web transactions.
,
Web BrowsersWhat you reveal about yourself every time you visit a web site and some ways in which you can protect your personal information.
,
File Contents