21 January 2007
Philosophy meets the Shadows of Cyberspace: Three Tenets of Wisdom & The [Alleged] Digital Crime Scene
These are 3 guidelines I've come up with in my life so far - I call them my "Three Tenets of Wisdom:"
1.) "The more you learn, the less you know." --My grandfather's saying. [Originality not investigated - this may be a quote of a quote.] In his storyline, Fenny, at over 10,000 years old, does not claim to - nor does he (try to - he's not perfect) act like - he knows everything. Similarly, in real life, no human being has a prayer of ever learning everything there is to know. Eventually, one realizes that many things one learns, leads to an entire new field to learn about - it's a never-ending chain.
2.) If you want to know, don't be afraid to ask - or in this day and age, look it up. If you're curious about something, and you don't ask, you'll never know. Also, since there are so many resources available online, it's easy to find info on stuff you might not want to ask someone about personally.
(One caveat about using the Internet as a library, though - much of the information on it has had no authoritative review (after all, anyone can put something up - for example, this blog post'll "go live" as soon as I click "Publish Post!"); it is likely that a lot of it will have factual errors. A lot of these will be honest mistakes; some of them may very well be outright lies, omissions, or bias. Be sure to cross-reference several sites - and follow your instincts about the reputation of a source - if you want to be sure.)
3.) Know the limitations of your own knowledge and experience; bring in someone who knows more about something, if need be. A person may know a little bit about many of things, but no one can know a lot about everything. If a matter would be best handled by an specialist in a particular field - or even a subfield - don't make an ass out of yourself by thinking you're infallible on it. This is especially true when it comes to sensitive issues, or issues which could have serious consequences in the event of a SNAFU.
I ran into a situation recently where I applied this third tenet. A friend of mine [name withheld, since this may yet evolve into a legal issue] asked for my help cleaning out a computer of his (presumably meaning the removal of malware). Before I even got to it, though, he told me about two alleged (I hate these bowlderizations. Pfft!) identity theft/bank fraud incidents involving the machine: Supposedly, one family member had some fraudulent events happen to her; in addition, an in-law of his had about $10,000 drained from his bank account after he used a debit card to make a purchase via the computer in question (and this was the only account on which the in-law noticed suspicious activity).
These events - and also the fact that his mother shreds the household's sensitive [paper] documents before disposing of them (thereby greatly reducing the likelihood of what is often thought of to be the most prevalent identity theft method today - dumpster diving) - led me to believe that malware in that machine was a highly probable cause.
Given that the computer was basically - if my deduction was correct - a digital crime scene, I didn't want to touch it with a ten-mile-pole. One thing I learned while studying for my Security+ certification is that when crime is suspected, persons without special training should not try to intervene. I have neither the training nor the tools (software or hardware-based) to do this sort of thing in a manner which could stand up in a court of law; furthermore, simply by meddling around with it, I would likely destroy the chain of custody required for evidence.
Therefore, I recommended to him:
1.) Stop using the computer immediately; don't even touch it.
2.) Contact the police, and inquire as to what to do next.
(Losing use of the computer [i.e., if the police took it to a crime lab] would not be an undue hardship for him - he has several functional machines in his household.)
I don't know if he ever did - I got the impression (from his facial expressions and tone of voice) that the idea bothered him.
However, given that this could involve multiple felonies, I believed - and still do believe - this to be the best course of action. ¶ 1/21/2007 06:54:00 PM
These are 3 guidelines I've come up with in my life so far - I call them my "Three Tenets of Wisdom:"
1.) "The more you learn, the less you know." --My grandfather's saying. [Originality not investigated - this may be a quote of a quote.] In his storyline, Fenny, at over 10,000 years old, does not claim to - nor does he (try to - he's not perfect) act like - he knows everything. Similarly, in real life, no human being has a prayer of ever learning everything there is to know. Eventually, one realizes that many things one learns, leads to an entire new field to learn about - it's a never-ending chain.
2.) If you want to know, don't be afraid to ask - or in this day and age, look it up. If you're curious about something, and you don't ask, you'll never know. Also, since there are so many resources available online, it's easy to find info on stuff you might not want to ask someone about personally.
(One caveat about using the Internet as a library, though - much of the information on it has had no authoritative review (after all, anyone can put something up - for example, this blog post'll "go live" as soon as I click "Publish Post!"); it is likely that a lot of it will have factual errors. A lot of these will be honest mistakes; some of them may very well be outright lies, omissions, or bias. Be sure to cross-reference several sites - and follow your instincts about the reputation of a source - if you want to be sure.)
3.) Know the limitations of your own knowledge and experience; bring in someone who knows more about something, if need be. A person may know a little bit about many of things, but no one can know a lot about everything. If a matter would be best handled by an specialist in a particular field - or even a subfield - don't make an ass out of yourself by thinking you're infallible on it. This is especially true when it comes to sensitive issues, or issues which could have serious consequences in the event of a SNAFU.
I ran into a situation recently where I applied this third tenet. A friend of mine [name withheld, since this may yet evolve into a legal issue] asked for my help cleaning out a computer of his (presumably meaning the removal of malware). Before I even got to it, though, he told me about two alleged (I hate these bowlderizations. Pfft!) identity theft/bank fraud incidents involving the machine: Supposedly, one family member had some fraudulent events happen to her; in addition, an in-law of his had about $10,000 drained from his bank account after he used a debit card to make a purchase via the computer in question (and this was the only account on which the in-law noticed suspicious activity).
These events - and also the fact that his mother shreds the household's sensitive [paper] documents before disposing of them (thereby greatly reducing the likelihood of what is often thought of to be the most prevalent identity theft method today - dumpster diving) - led me to believe that malware in that machine was a highly probable cause.
Given that the computer was basically - if my deduction was correct - a digital crime scene, I didn't want to touch it with a ten-mile-pole. One thing I learned while studying for my Security+ certification is that when crime is suspected, persons without special training should not try to intervene. I have neither the training nor the tools (software or hardware-based) to do this sort of thing in a manner which could stand up in a court of law; furthermore, simply by meddling around with it, I would likely destroy the chain of custody required for evidence.
Therefore, I recommended to him:
1.) Stop using the computer immediately; don't even touch it.
2.) Contact the police, and inquire as to what to do next.
(Losing use of the computer [i.e., if the police took it to a crime lab] would not be an undue hardship for him - he has several functional machines in his household.)
I don't know if he ever did - I got the impression (from his facial expressions and tone of voice) that the idea bothered him.
However, given that this could involve multiple felonies, I believed - and still do believe - this to be the best course of action. ¶ 1/21/2007 06:54:00 PM
