Re: Books for how not to get caught

perhaps the best book on this subject i can think of is "That's No Worm!" by Fishy McHallibut. In it, McHallibut gives a greatly-detailed analysis (complete with many graphics and photos) of how to make accurate on the spot identifications of spinner lures, surface flies, bait scents, and other techniques used by professional anglers in their attempts to catch fish. I've read that McHallibut's work is the most popular addition to the curriculum of fish schools by a margin of three to one... but that was written on the dust cover and you can't always trust them.

Still and all, i feel that if exposed to "That's No Worm!" at a young age, most fish can grow up to be shrewd and cautious and will have their best chance of avoiding being caught... by a rod and reel, at least. If you're asking on behalf of individuals who live in commerical waters, i don't know where to point you. All the books i've read on allegedly avoiding trawling nets were worthless and contained no real concrete advice short of "just swim deeper"... yeah, thanks pal. Like we haven't already thought of that one.

Re: Books for how not to get caught

Aside from deviant's excellent suggestion, I would make one observation: Books about "not getting caught" seem to be exclusively written by people who have been given extended vacations at taxpayers' expense, all while wearing fashionable orange jumpsuits.

Logic would then dictate that these books would best be used in the context of "how not to get caught; up to a certain point" and "If you try something stupid, you will fuck up eventually. You're not quite as smart as you think you are, the authorities are smarter than you think they are, and they play for keeps."

Re: Books for how not to get caught

Good point...I'll be teaching how not to be cavalier on the keyboard up until that threshold. In other words, giving the students a situation where there may be an IDS or gerneral system logger which may infect what they can and cant do. The next step would be to determine ways around these security procedures but not break that threshold. I believe we're on the same page when we speak of this, I'm just looking for more precisive reading material to show these students.

Understand?


Good suggestion Deviant, I appreciate it.

Re: Books for how not to get caught

Understood. Many of the books along the lines of "How I Hacked the Pentagon/NASA/NSA.CIA, etc" or the like seem to be long on anecdote and short on detail.

My suggestion would be to approach from the other end. Books such as "Know Your Enemy" by the Honeynet Project or Richard Bejtlich's "The Tao of Network Security Monitoring" are good looks at the nuts and bolts of network security monitoring.

Re: Books for how not to get caught

There is a genuine problem with such a published document existing; if it did exist, the expiration date would be very short.

As soon as it is published, Law Enforcement can identify more evidence and behavior, and include a check for any evidence created as a result of following the published procedures.

Consider what you see in the AntiVirus world. Malware is published, eventually some computer is infected, the infected machine is examined, a copy is quarantined, the copy is examined, understood, and a new fingerprint (checksum, or behavioral pattern) is included in the next generation of virus definitions.

The same thing is possible in Law Enforcement and Forensics.

If what you want is a "0-day exploit" against the system, you'll almost certainly have to make your own, and even if you do, there is no guarantee that, "one of the good guys," hasn't thought about it too, and included a check for it with gathering evidence. Consider this: if you did create such a method, and you were a, "bad guy," would you publish it? What if you were a "good guy"? Would you publish it? I would expect that such a collection of exploits would be as closely guarded as magicians' secrets, copy-protection disabling techniques used by "warez crackers", or criminals that usually, "get away with it."

Effectively, laws are open source. Countries can copy laws from each other, and states often do this with propositions. There are weaknesses in how laws are written, and very good, bad? -- skilled lawyers are able to "hack the system," and find ways to exploit thie legal system.

I've written here before that even lawers can be hackers in the conventional sense of the word. However, it appears they can also be Hackers in the media-popularized definition, too.

Re: Books for how not to get caught

Not a bad idea, teaching the students to recognize their enemies prior to attack in order to grasp a good understanding of what they are capable of would be a much prosperous approach then to teach then a million and 1 methods of 'how not be identified' on a target system.

Now I'm off browsing a collection of white papers looking for decent material...