Forensics Journal - Stevenson University 2014 | Page 60
FORENSICS JOURNAL
Will the Future of Digital Forensics and Law
Enforcement Investigation Strategies need to
Adapt to Malicious Hardware Devices?
Westcott Hyde
ing community, the DIY hobbyist electronics community has grown
exponentially. This growth is due to low cost and easy consumer
accessibility to programmable microcontrollers. The electronics DIY
industry expansion was recently featured by the financial publication - “Entrepreneur Magazine.” One of the more popular online
DIY embedded system retailers, Adafruit Industries, founded by
Limor Fried, was featured as 2012’s entrepreneur of the year (Wang).
“Last year New York City-based Adafruit did a booming $10 million
trade in sales of DIY open-source electronic hardware kits, so-called
because project designs are free and publicly accessible, and customers are encouraged to modify or “hack” the final product” (Wang).
Retailers such as RadioShack recognize the market potential of these
devices and have expanded their inventories to cater to the electronic
DIY hobbyist community. An unanticipated growth occurred within
criminal enterprises which capitalized on quick and easy access to
these powerful microcontroller devices. The Arduino and Raspberry
Pi open source microcontroller devices have dominated this niche
market but they are not the only (nor the most powerful) feature-rich
devices commercially available. The Arduino in particular, is highly
successful because of its open source support, diverse capabilities, generous learning curve, cheap entry fee, and massive online attention.
INTRODUCTION
As digital computing technology continues to rapidly evolve and
become more affordable and accessible to the public, law enforcement and digital forensic investigators will be increasingly challenged
to identify and respond to electronic devices leveraged for criminal
activities. An emerging technology that will test digital forensic skills
and resources involves adaption of embedded microcontroller systems
for criminal use. Embedded microcontrollers enhance functionality
of refrigerators, microwaves and automobile control systems but have
recently emerged as deployable criminal tools. Once the exclusive
domain of electrical engineers, embedded microcontrollers have been
adapted and adopted by hackers and criminals at a disturbing rate.
“Malicious hardware” previously described technological devices
designed to perform targeted covert missions. Today the definition
includes small embedded microcontroller systems that can be rapidly
prototyped, quickly programmed and discretely deployed in order to
execute a spectrum of nefarious targeted missions. In a counter intuitive sense, the complexity and availability of these devices has become
inversely proportional to their sophistication and criminal capability.
Digital forensic investigations deal almost exclusively with conventional computing devices such as cell phones, laptops, tablets and
personal computers. While extracting evidence from these digital
systems can certainly be challenging for the forensic investigator, data
storage mediums and evidence extraction techniques for these devices
are generally well understood. With embedded malicious hardware,
classic digital forensic methodology is inadequate.
THE EVOLUTION OF MALICIOUS HARDWARE
Only within the last five years have law enforcement agencies discovered miniature circuit based devices performing high tech criminal
tasks. In Northern England, 2008, “European law-enforcement
officials uncovered a highly sophisticated credit-card fraud ring that
funnels account data to Pakistan from hundreds of grocery-store card
machines” (Gorman). Uncovered in this sophisticated operation was
a professionally designed piece of malicious embedded hardware that
mated perfectly with the internal circuitry and was small enough to
fit inside the plastic swipe ‘patron checkout’ terminal without any
case modification. The malicious circuitry was designed to record
information from the magnetic stripe on the back of credit cards,
store the information and transmit the siphoned credit card records
to a criminal faction allegedly operating in Pakistan (Gorman). This
international case of malicious embedded hardware was an omen in
the then nascent world of criminalized malicious technology.
WHAT IS MALICIOUS HARDWARE?
Malicious hardware consists of some form of complex integrated
circuit based system where either the embedded microprocessor or
the actual device circuitry is constructed to execute instructions or
perform functions in an unexpected and nefarious way. Leveraged for
their autonomous functionality, low power consumption, compact
circuit density and powerful digital processing, hardware systems can
be transformed into dangerous and potent criminal devices. Embedded systems (sometimes referred to as programmable microcontrollers) are an amalgamation of conventional computer technology
and dedicated functionality; a footprint that defies common sense.
These devices rely on minimal constituent resources: power, memory
and external user interfaces such as the common keyboard or mouse.
The result is a compact device with negligible reliance on external
control or interaction from a human user, which is an ideal conduit
for a criminal requiring a low or virtually non-existent profile while
committing a crime.
Devices like those discovered in Northern England (and other parts
of Europe) are also present in the United States. Malicious hardware
was discovered in gas pumps in Alachua County, Florida. In 2005,
Lt. Stephen Maynard explained, “Our device is not the traditional
skimmer but rather a Bluetooth enabled equivalent of a thumb drive
programmed to capture the data \