A UK computer security consultant has revealed how he snared a hapless computer cracker who made blackmail threats to his company.
Rather than tracing him through the latest computer security technology, he used a rather simpler method -- the telephone callback facility.
Stephen Ward, who was a consultant with the UK security startup Intensiti at the time, says that the hacker tried to gain access to the company's computer systems last December. The intruder claimed to have damaging information about the company's security and threaten to release this if he was not paid a cash ransom. However, says Ward, the unlucky cracker made the fatal mistake of calling from his own home and forgetting to disable the callback facility.
"The idiot forgot to dial 141 before calling," he says. "I took his number down and passed it on to CCU (Computer Crime Unit) who did a fantastic job. The lad was charged for breaching, I believe, sections 1 and 3 of the Computer Misuses Act."
The 15-year-old cracker was then arrested at school and cautioned by police. Ward says that he had nevertheless succeeded in crashing email servers causing £20,000 worth of damage.
Experts from Information Risk Management (IRM), a UK computer security firm specialising in gathering forensic evidence for computer crime investigations, confirm that it is not always the most sophisticated techniques that catch a computer crook. "Occasionally the information you're after is just sitting there on the disk," says Richard Stagg, senior security architect with IRM. "It's not worth assuming that it's going to be difficult."
Stagg adds that in this case the hacker was unlikely to be a professional. "I don't think you would face an enormous danger from someone trying to extort money from their home phone."
Take me to Hackers
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.