Security in plain language: What is network criminology?

If the recent hack of SolarWinds and its network management tool taught us one thing, it’s that anyone can become a victim of cyberattacks. In fact, 2020 was the year when the largest number of cyber attacks were organized against British companies, and compared to 2019, about 20% more companies faced cyber security threats. Ransomware attacks experienced an 80% growth in the third quarter of 2020, and web application attacks increased by 800% in the first half of the same year.

Although the Covid-19 pandemic and the need for employees to work remotely has obviously played a prominent role in increasing the number of such incidents, such risks are normal and businesses must do their best to prevent irreversible incidents. and also use compensation for damages. But instead of just investing in security tools and hoping nothing bad happens, Alex Stamos, a SolarWinds security consultant and former chief security officer at Facebook, suggests businesses come to terms with the inescapable fact that they might get hacked.

In his recent speech, which took place early last month, he suggested that businesses should think about strategies for detecting, monitoring and responding to cyber attacks and have tools for each stage of the chain of cyber dealing with hackers. What he proposes is essentially what is known as “network criminology,” which focuses on identifying the reasons for a security breach and using that knowledge to better protect against future attacks. Network criminology can also mean building a more successful response strategy to the potential effects of hacking.

Although no company wants to have the same experience as SolarWinds in terms of cyberattacks, we can certainly learn from the experience of this American company by taking a look at network criminology.

What is network criminology?

Basically, network criminology is considered a subset of digital criminology, which is itself a subset of criminology. In this science, experts and judicial officials look at technology and data that may contain evidence of a crime or evidence of a criminal involved in the story, compare statements and documents provided by defendants to prove their innocence. are examined.

Network criminology, unsurprisingly, means examining and analyzing all traffic sent to a network that may have been involved in the implementation of a cybercrime, such as the widespread release of malware that steals user information or a cyberattack with Using common techniques.

Legal authorities use network forensics to analyze network traffic data extracted from a network suspected of being used by criminals or a cyber attack. For example, analysts look for data that points to human interactions, file manipulations, and the use of specific keywords. Using network forensics, law enforcement can monitor communications and build a complete timeline of events leading up to the hack based on events logged by network monitoring systems.

Outside of criminal cases, network forensics is commonly used to analyze network events to identify the source of hacking attacks and security-related incidents. This process can include collecting information about unusual events and network artifacts, as well as uncovering incidents that have occurred with unauthorized access to the network.

Network criminology is usually done by two methods. The first method is called “Catch it as You Can”, which involves recording all network traffic for analysis, and is a very long process that requires a lot of storage space.

The second technique is called “stop, look and listen”, which involves analyzing every data packet that flows through the network, and then collecting those data that look suspicious and are worth as much analysis as possible. This approach also requires a lot of power, but unlike the previous method, it does not require much storage space.

Unlike digital forensics, network forensics is much more difficult because data is sometimes transmitted over the network and then lost. In computer criminology, data is usually stored on a disk or a solid state memory to make it easier to access.

It should be noted that privacy and data protection laws prohibit active monitoring and analysis of network traffic without necessary permits. Therefore, if you want to use network criminology tools, you must coordinate with the legal authorities in advance.