1. What should the Connecticut Company have done to prevent the computer intrusion described in this case? What should it have done to detect this computer intrusion?
2. What security controls should be implemented by any organization to prevent, detect, and recover from a computer intrusion?
3. Why would someone want to use a forged e-mail address? Explain how this worked to the intruder's advantage in this case.
4. Numerous entries similar to the following were found in BoatingCT.com's Web logs. What does this entry mean?
spider-we084.proxy.aol.com - - [23/Apr/2001:02:04:14 -0400] "GET /cgi-
bin/Web_store/web_store.cgi?keywords=803103&frames=yes&store=yes HTTP/1.0" 200
2164 "https://www.boatingct.com/" "Mozilla/4.0 (compatible; MSIE 5.5; AOL 6.0; Windows
98; Win 9x 4.90)"
5. What was the importance of having court orders immediately issued to Hotmail.com and Time Warner Cable?
6. When the FBI New Haven field office requested the log files from the University of Akron, none were available. Do you think it is typical for universities not to retain log files? What is the impact of this on the security of university computing environments?
7. The FBI New Haven CART field examiners imaged the hard drive and worked off of that. They did not use the original drive or the original evidence. Why?
8. When the Web logs from BoatingCT.com were analyzed, the CART field examiner discovered that intruders from around the world had gained unauthorized access to the company's daily order file. The company was informed of this, but the CART field examiner's focus remained on identifying the sender of the suspicious e-mails to BoatingCT.com's customers, the reason given for the FBI's involvement in this case. What other reasons might the FBI have had for not pursuing these other intruders?
9. The computer intruder described in this case was a U.S. citizen who resided in Ohio. What would the FBI have done if he were a non-U.S. citizen who resided in a foreign country?
10. What types of Internet-related crimes should be reported to the FBI? At what point should a computer crime be reported to law enforcement?