From: InfoSec News (alertsinfosecnews.org)
Date: Mon Jan 07 2008 - 01:22:50 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.mtv.com/movies/news/articles/1578986/story.jhtml

By Shawn Adler
Jan 4 2008

CULVER CITY, California -- If you're reading this article on a computer,
we know. If you've clicked to this site from an outside link, we know.
And if you leave here and go somewhere else, somewhere you're not
supposed to go, well, we don't know but someone does.

"Is a Web site completely untraceable? No. It goes through mirrors,
through proxy bounces, it goes international. To solve that it takes
time, but it's just a simple factor," former FBI special agent Ernest
Hilbert told MTV News. "The FBI has a whole division just to deal with
this. There are 65,000 doors and windows on a computer that can be
opened. You look inside of them, you own that box."

For eight years, Hilbert was one of 1,000 agents who focused on cyber
investigations and computer forensics. Now a director of security for
MySpace.com, Hilbert lent his years of expertise to director Gregory
Hoblit's new film "Untraceable," which centers on an FBI agent (Diane
Lane) who uses computer technology to track a serial killer through his
Web site.

Hoblit, who said he set out to make "Untraceable" a film that "didn't
play fast and loose with how sites are set up and how they are tracked
and traced," recently showed MTV News some scenes from the film during a
visit to an edit bay at Sony Studios. In the first scene, Lane types
furiously on three different computers to track a credit-card thief
using a backdoor Trojan horse to steal confidential numbers.

The fact that Lane uses three computers is not a stylistic choice,
insisted Hilbert, but an FBI necessity. "You can't get on the Internet
from your desktop computer. There's a reason for that. If your computer
is on the Internet, it can be hacked. So the FBI network is completely
separate," he revealed. "Then you'd have an Internet undercover computer
that runs on a blank IP that doesn't come back to the FBI. You can make
copies from there."

That modern criminals are flocking to the Internet to steal money should
come as no surprise to anyone who's ever had an e-mail address, Hilbert
said, but while he admits that a lot of cases do involve fraud or
organized crime, an increasing number also involve kidnapping,
pedophilia or terrorism.

That soon becomes Lane's problem as well. Each of the successive scenes
deals with her attempts to discover the identity behind Kill With Me, a
Web site with streaming video of an execution. The more people who visit
the site, the faster the victim dies. In the film, Lane's search is
complicated by the fact that the user continually switches IP addresses
in an effort to stop the FBI's search.

"There's been a number of sites I've gone after where people have done a
similar thing," Hilbert recalled. "These would all be things that the
FBI would eventually figure out and track back. [It would] probably take
upwards of a couple months, locking it down to each particular thing."

What's interesting to Hilbert, though, isn't that smart criminals are
using the Internet, it's that even the smartest still seem to have a
fundamental misunderstanding of how the Internet works.

"Computers are not like telephones. It's just that simple, that's what
people think. The novelty of computers is gone. More and more people are
learning it. But the old conception was just that simple," he said. "But
as much as you try to hide it, it's a machine. It's gonna come back to
whoever was really behind it. We can catch you. The pedophilia [sting]
is the only known undercover operation that the FBI is running, and they
still catch people doing it every single day."

And, like Lane in the first scene, the FBI catches you using the same
technology you're using to perpetrate the crime.

"We Google. If you're on MSN, we're on MSN. I spent two years as a
hacker online. They thought I was a money man, they brought me stolen
goods. They sold it to me via [instant messenger]," Hilbert said.
"Anything that the bad guys would use, we at the FBI would use."

Like Hilbert, Lane scans blogs, news servers and news groups to root out
crime. But is the film entirely accurate?

"It is fairly boring to watch all the steps that it really would take
[to catch a cyber criminal]," Hilbert smiled. "You really want to see
what that looks like? Join the FBI."

"Untraceable," which also stars Colin Hanks, opens January 25.

__________________________________________________________________
Visit InfoSec News
http://www.infosecnews.org/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]